nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Submission: On April 05 via api (April 5th 2022, 6:58:33 pm UTC) from US — Scanned from DE

Summary HTTP 241 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 38 IPs in 8 countries across 31 domains to perform 241 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com. The Cisco Umbrella rank of the primary domain is 406603.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 29th 2022. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	2a00:1450:400... 2a00:1450:4001:827::2016	15169 (GOOGLE) (GOOGLE)
1	18.64.103.66 18.64.103.66	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:440e::6812:2fe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	3.211.16.130 3.211.16.130	14618 (AMAZON-AES) (AMAZON-AES)
1	2620:1ec:27::... 2620:1ec:27::cafe:1846	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	20.96.88.162 20.96.88.162	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1 2	104.18.17.65 104.18.17.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	104.19.135.78 104.19.135.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.19.132.78 104.19.132.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
21	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2600:9000:215... 2600:9000:2156:6200:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
3	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
17	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	35.156.192.121 35.156.192.121	16509 (AMAZON-02) (AMAZON-02)
7	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2 2	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	185.86.137.122 185.86.137.122	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:4405:fc16:ad1d:f00e	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
241	38

14 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:827::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play-lh.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.103.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-103-66.txl50.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::6812:2fe6 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 3.211.16.130 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-16-130.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1846 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.96.88.162 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

k.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.17.65 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

c.adskeeper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-img.adskeeper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.135.78 (None, )

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.132.78 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:6200:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.192.121 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-192-121.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.122 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.184 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:4405:fc16:ad1d:f00e (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.142 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	criteo.net static.criteo.net — Cisco Umbrella Rank: 631 pix.eu.criteo.net — Cisco Umbrella Rank: 7880 csm.eu.criteo.net — Cisco Umbrella Rank: 7886	159 KB
40	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125 b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com	167 KB
37	googleusercontent.com play-lh.googleusercontent.com — Cisco Umbrella Rank: 400	2 MB
21	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 131948 api.purpleads.io — Cisco Umbrella Rank: 109672	25 KB
19	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 cm.g.doubleclick.net — Cisco Umbrella Rank: 206	492 KB
14	nets4.com nets4.com — Cisco Umbrella Rank: 406603 img.nets4.com — Cisco Umbrella Rank: 575665	80 KB
11	google.com www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	27 KB
9	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14133 ads.eu.criteo.com — Cisco Umbrella Rank: 7887 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 10021	159 KB
8	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 229	234 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1230 k.clarity.ms — Cisco Umbrella Rank: 2080 c.clarity.ms — Cisco Umbrella Rank: 644	25 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	508 KB
3	mgid.com 1 redirects s-img.mgid.com — Cisco Umbrella Rank: 7239 c.mgid.com — Cisco Umbrella Rank: 5828	50 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	109 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1209 cloudflareinsights.com — Cisco Umbrella Rank: 1202	5 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 571	1 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 602	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	2 KB
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2899	207 B
2	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1381	1 KB
2	adskeeper.com 1 redirects c.adskeeper.com — Cisco Umbrella Rank: 15336 s-img.adskeeper.com — Cisco Umbrella Rank: 15924	7 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8069	914 B
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4110	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	20 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	937 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	577 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 370	1 KB
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 809	710 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1219	75 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 613	191 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 230	555 B
0	advertising.com Failed sync.adaptv.advertising.com Failed
241	31

	Domain	Requested by
37	play-lh.googleusercontent.com	nets4.com
21	static.criteo.net	ads.eu.criteo.com
20	api.purpleads.io	cdn.purpleads.io nets4.com
18	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com nets4.com e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
17	pix.eu.criteo.net	ads.eu.criteo.com
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net nets4.com tpc.googlesyndication.com e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com www.googletagservices.com
12	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net nets4.com
11	nets4.com	nets4.com
9	www.google.com	nets4.com www.gstatic.com www.google.com tpc.googlesyndication.com 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
8	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com ads.eu.criteo.com
7	cm.g.doubleclick.net	e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
5	csm.eu.criteo.net	ads.eu.criteo.com
5	www.gstatic.com	www.google.com
4	k.clarity.ms	www.clarity.ms k.clarity.ms
3	cat.nl.eu.criteo.com	ads.eu.criteo.com
3	www.googletagservices.com	0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
3	ads.eu.criteo.com	0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
3	rtb.fr.eu.criteo.com	nets4.com
3	img.nets4.com	nets4.com
2	c1.adform.net	2 redirects
2	ap.lijit.com	2 redirects
2	x.bidswitch.net	2 redirects
2	dclk-match.dotomi.com	e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
2	secure-gl.imrworldwide.com	ads.eu.criteo.com
2	e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	s-img.mgid.com	nets4.com
2	0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	cloudflareinsights.com	static.cloudflareinsights.com
2	c.clarity.ms	1 redirects
2	static.addtoany.com	nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	cdnjs.cloudflare.com
1	s0.2mdn.net	b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	um.simpli.fi	1 redirects
1	ssbsync.smartadserver.com	e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
1	pixel-sync.sitescout.com	e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
1	c.mgid.com	1 redirects
1	s-img.adskeeper.com	nets4.com
1	c.adskeeper.com	1 redirects
1	c.bing.com	1 redirects
1	www.clarity.ms	nets4.com
1	static.cloudflareinsights.com	nets4.com
1	cdn.purpleads.io	nets4.com
0	sync.adaptv.advertising.com Failed	e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
241	49

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
play.google.com
www.fgl.com
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-29` - `2023-03-29`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.purpleads.io Amazon	`2021-12-01` - `2022-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-13` - `2022-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-19` - `2022-06-18`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-15` - `2022-06-13`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 26 frames:

Primary Page: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Frame ID: 41D8BB0B442CA4A54ED6165327AD2AC6
Requests: 82 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: EA8CAC104DE33BA5F3B1E2808AC7BE60
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 1BAE1DA78CB95C763297F01838B8910B
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=qu3gvicvbmvn
Frame ID: 15A03C35E9252EA7A214602588C1481B
Requests: 4 HTTP requests in this frame

Frame: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 40B9460652964AD9C2035D215BBDE4AF
Requests: 1 HTTP requests in this frame

Frame: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3054BF99A84B70DD72C6FC4AEC0B8357
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: 8C62178E96F00AA2F3CE7A6F37A24578
Requests: 3 HTTP requests in this frame

Frame: https://s-img.adskeeper.com/g/3805528/328x328/82x0x328x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp?v=1649185105-lG6-Oab7dqAtkdkWwyMxwVneSoLxNlToP_JNdrIHyLo
Frame ID: BC161118730076E9A69EE4A170B20691
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 6BE1CF574C2FA438C1C45E713F34EE89
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C441A59BE96967190481DAF6CAD963C3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 90D9101163E04400180422237A451F85
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 325A6FF1A9982E649A0E478B299F2686
Requests: 6 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUQAH8NEK4CMYAAb_3A8ElEs9sfDXSPWsqA&u=%7CNWpTk8j1PEisx9lDouuXhTEymq6lX%2B4eaQ%2FnDxYJQ%2FA%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF3Tlrxo47hJn45Y6Vk_dXyp4_vqRnh1uotz8tALyg3xF48XsqI5FpgPnDTPoxN6xq5YKMOgl_1b1jkwufhx-x55taqOvSOlL8m1npR0WF5XlWmf9kSpEzdXx6DxgS8TrNup29EESrzCvRRz1qS1_4V-O9-W_x3MiYBo7JJ0Hy6eyazvUOFx7KBwwx36JNxP2nXHeBqdptGWMpW_opO2icW2ILBxUrU8hoJQfTuwZid7F5z0lrqY9Ybrs5q6TeR6g2Y3_l-yXm6FTUK-u6NioqqaZvNdHGq0Lek3mKLXFJYwub-IxajhXiLGdoR5MQS-VVPlWtZVbF1qGE--kdoxgySaCKs5bE8DbFR9YPv3opSXDt39ZkCuFZd7RxO6TCW0nVroe4KV7Vl8nzYNK8cX1cVP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyIlQUZFMYtHhH5jGgAfc_5v4CMme0rFc1Z2R93DAjbcBEAEgAGCVgoCAmAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAgmxjAafUrI-4AIAqAMBqgTmAk_QssYmSRP-rABYvd0tg8hgeZ64-5kCGAAdlBnih-Tq7ncKEE6AeiheuMr0DmAYYwQReQBI099cCWTbTDHnRoYijDFrPuM26slO9JHw9roX39D4Hu1_mCfBrTtS-aiyB1nKwP6eeirj4oxfxfkv-IoDaxm6Yjem3rfDe17ThUYaMJIMnUv4gYvJhjqroEhMW9-SaEdJQlsPQ4r6lSjqlkMaX0iYF3EFZ2F9htodxGO_IkXeaccHFijKk6LXu2VwAHxoDo01UZ5rDEKE_K77v-o2xWCj1LMTZxgrAL95u69NgU0zC4IBvCAwT4n-sWfL_3jyPgsKPq1ZGc2NXjDLVnZvtxpXLAxZv3GZ3geDIm4C3lvba1pHN04D-sfAp8VmmknOA8HOHUleDTNe-AX54jtw5DkzwF2JokgAQXNi5uQ0I9Aexfhh4G8JJ6lHFcLGe6huEdQ2eG7yx7gDG0dlfbXvrvLO5lbgBAGABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0fPgfze2jlLfZ30XxWFBZkQPyZog%26client%3Dca-pub-5413329544040947%26adurl%3D
Frame ID: 24BEE143FDA865C74A06270C900367FF
Requests: 23 HTTP requests in this frame

Frame: https://s-img.mgid.com/g/11739829/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNGMwN2FmNjRjZTM5NzJlYzZkMzAxYzVhZTUxN2QwMjEucG5n.webp?v=1649185105-D4SVwiq8e9MCQOSN4leBPAx_SX8ceOpRa3ilDstuz4A
Frame ID: DC4C12456F2657CC0122DE1E786012C9
Requests: 3 HTTP requests in this frame

Frame: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 54D90BD134094B7D84EAAECF2E2D5A55
Requests: 1 HTTP requests in this frame

Frame: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 80E70168E8E99C6694EF11CD750C4516
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 31D83C8D36D5B4B6CCA0F9507029BAED
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4224A574F370CB3A81659C0222C429D4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AAC73CD88B855311F0C3BEA0928DBE48
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E0CC216C655F15314521C4A8C513D70E
Requests: 2 HTTP requests in this frame

Frame: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 44EE0C06E4597E124135CB23B1EA052C
Requests: 9 HTTP requests in this frame

Frame: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: CAD7B89A872FBF1BDEA9AA433EA2092F
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACwaUIEe2pAAs7fd-2zPojfkMakGv09w&u=%7COTslYO5yuC1uoppnQVaw41BXBQTY8VilKAWgCCihEJ4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbDgLypM9UfFGjF90nj49bt2Eblu5BubXn807KLfzOzbWwNBLn5aFm8zuncCvFasvGOS-pPCYczUNZ8nDLXd6zKZb07UIm8oJCZg8Udi9SrGG9lOePT3KpReLMpz6EUro7GoffHKZQvzbSx9WBCSvx1yZuHfiwzCAlFcMjCwvnAM1-3t6YyQaWY3ut3PKBykBBvDXGGs9U6YPR8PZqbRt6eQHrTXIiTZOhDC9KZSD3nJez8tpimZiux1VC3SuULA4yDWjtENzdykbOgmLGILoEPyspTioa3dDAAGaNnJH_nN3z0ElnEOc3jiNp6IlSPZyvIJwi_4x9GGdrnPnCB-5XxW8C5C38w5U2W7mxYPTXEbtmh4w68rbb4ZjXumVhMjKoIcwofX38hpY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRS6IUpFMYqWDC6nbx_AP_fas0AzJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE7QJP0KFIqW8C8LyeOqiSAftAP9PRnB_OInRee1P1UsLnSbW_AGVwvhl0doRc85Ao6goshepFfly7aoFmE5a0GUOdam4o2-DC4m7oWmaVgLSqeMcnGvBFc7ClQ4ZrMyzBf0UZwvuTrLLHFVtYmVaxvw6RpJY5ljPSzTneT_aeGZqENpUVEwHbBbamrcv_kVfbfwqaEh2sMLVLYF9I8jJv0LTDGpAY2_zLLdTxDS77_fyUK-knOOLmf5-cQwdC0ij280bGeS8L-0otrbJMfb3uaHuQhAIK-QAI86XnCqB_Qt1zcs_QyFyhDQtuDHzAc_ir2OmsD3rfKLpfFkZGoFDgNHlnBBAFQ9CSPCRfY2xZi3wHcgzlopylYj2VXyQC1b8ItF0JNduhquolyvhxXYai5RBsAP_2SCfaZJbbBjxQ8UEt0q1vSSRrvf51Yvcdx9Z65zqqEPsSsptkUPmNCz3IoIAznhAedMZG24_uMQOLK-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0WgfAoeYGI1tbQnUOPNTHth7xJ8A%26client%3Dca-pub-5413329544040947%26adurl%3D
Frame ID: CE73147FB39DAB499756D9837F8486BE
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5E72D9CAE787D032C1E8373B59C83228
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACixUIEdYZAASVXE5IqcEL1M1jI7YU8Q&u=%7COTslYO5yuC3t1NQzgDtOyfVNkGjAT%2FJiwBzHq%2BxibmE%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbRUdlw-7O7JRwsLBcP9qbdsD8N18eJ6aGytFF4fgLQWKqcbbbvfJLDD-a3WTWtVuiE3R_Sfv6rS8Q9ctrdlxjQGhK-Z-7H7SJrooyz21dcpfhRUMhRywQ7jpAh7KwTDqpJlIWU_DYZI7ilxUpiBYDMk2SU4Tk4MdRwB7VMCH2pzCQPMmBKUrH2ijjE6dTi-7O1kNf6LbcsChKK_xPf5T0vzq2BTSwZwMU8AxwMQDoDINmPgtuhhqPnBdaCMcY1TzxrslMu1m3UaWIcvKRWZBEx3z659LpTfHvvQP4B7BC1PD6_1W5YrRnt2OU76T6bGuwEWkS3dWqxvOeMvhOH1mI7Fwb02AEmVC5fb8Vrxj2zOYA839KyRWWvKHu3oVxq-bjsUEv11u60oY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCcvkIUpFMYpWWCpmsx_AP3KqSgAXJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE5wJP0LnBMpcV4u7nnwM3VsVDevBYnGGY1tnxV6i6mQRkkag-ItlST8qI1SYzeibx_2gKRa6DQN-JeLUrVG8tdBtLeKf-XyEIt69tNS3Z74LxM_Fz32mAB11rJMDBRaLGsOjzoQ1c_QN1UeAKV8vlL386aQ3qQ7PCV1CM2jpgonubiYcCt_DpRbimQw_LmiViTdJZJSTT5oB06nVqLFHGI8V1akpbTgv679eO-vzhyB5r0pCNxNJxcE7hr3GdLIQ_pheL_edelUok8laUIos_gjZkMZlQJKoEWdOhxwNKu30mQirGOp0Nz06R_lMrJKpBYZeNF5rVKFLM7VqJ0CdXpK5qQTh49s3CdyoPar3r8vXL7fkMg06qkH9t2KjjAPjgjjIACc92tqg0qrmUXFePZal_whZ13UebL0rJ9JSj0i_AgA85pggzdeAqr7HLafLsQCDVtOVmOu3jieezKPy_UgeaYvs4B5iFD-AEAYAGhqPyhY2UsIM7oAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1jgcnzMv7yc7Udcj60XOrsBC5ZXw%26client%3Dca-pub-5413329544040947%26adurl%3D
Frame ID: 8E851B5D8539D93EB76E74D368E3C130
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BF7051731BFD6461DD4127CEE2F355C8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Christmas Holiday Crush Games - Android App

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

241
Requests

95 %
HTTPS

59 %
IPv6

31
Domains

49
Subdomains

38
IPs

8
Countries

4525 kB
Transfer

7660 kB
Size

29
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=air.com.fgl.charstudio.christmassweeper2
Title: Get it on Google Play

Search URL Search Domain Scan URL

URL: http://www.fgl.com/

Search URL Search Domain Scan URL

URL: https://www.fgl.com/pp.php

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=7D0477D870174C8D8F7455ED281FA0DA&RedC=c.clarity.ms&MXFR=1A3C73DE1570666E343462A3117068B8 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=7D0477D870174C8D8F7455ED281FA0DA&MUID=0CC7A22EDAE868A00206B353DB836997

Request Chain 100

https://c.adskeeper.com/c?pv=2&v=0|0|0|-lhXo6JJG7w5moo6bcCH2INwacJaN4ki-du16GhT76LS_dY6yZAH_z2vFjkQDBJ_&cid=1220982&f=1&h2=L_VeimGmIyuuyKT7tZS8nfhiGb6CTwVO6xjKycj2N0E*&rid=5f51899d-b512-11ec-b919-e4434b374cb2&psid=608532c2eac0e20ce6d36538&iub=aHR0cHM6Ly9zLWltZy5hZHNrZWVwZXIuY29tL2cvMzgwNTUyOC8zMjh4MzI4LzgyeDB4MzI4eDMyOC9hSFIwY0RvdkwybHRaMmh2YzNSekxtTnZiUzkwWlcxd0x6SXdNVGN0TURRdE1USXZNVEF4T1RJMEx6UTFZVGN6WXpBMU9XRXhabU13TUdNNVpXVTNaVE5oTlRBek9UTTRaVFptTG1wd1p6OTBQVEUwT1RFNU9URTJOemd3TURJLndlYnA_dj0xNjQ5MTg1MTA1LWxHNi1PYWI3ZHFBdGtka1d3eU14d1ZuZVNvTHhObFRvUF9KTmRySUh5TG8= HTTP 301
https://s-img.adskeeper.com/g/3805528/328x328/82x0x328x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp?v=1649185105-lG6-Oab7dqAtkdkWwyMxwVneSoLxNlToP_JNdrIHyLo

Request Chain 120

https://c.mgid.com/c?pv=2&v=0|0|0|gU7hVULRrGkEfm_-H2LRZT8iTeKzuVXmTMB9KRjYxNqQoDpS9UK_GuoPX3Pg2E6L&cid=1221081&f=1&h2=L_VeimGmIyuuyKT7tZS8nfhiGb6CTwVO6xjKycj2N0E*&rid=5f8895a7-b512-11ec-b8e1-e4434b151302&psid=608532c2eac0e20ce6d36538&iub=aHR0cHM6Ly9zLWltZy5tZ2lkLmNvbS9nLzExNzM5ODI5LzMyOHgzMjgvLS9hSFIwY0RvdkwyTnNMbWx0WjJodmMzUnpMbU52YlM5cGJXZG9MMmx0WVdkbEwyWmxkR05vTDJGeVh6RTZNU3hqWDJacGJHd3NaVjl6YUdGeWNHVnVPakV3TUN4bVgycHdaeXhuWDJaaFkyVnpPbUYxZEc4c2QxODVOakF2YUhSMGNEb3ZMMmx0WjJodmMzUnpMbU52YlM5MEx6SXdNakV0TVRFdk1UQXhPVEkwTHpSak1EZGhaalkwWTJVek9UY3laV00yWkRNd01XTTFZV1UxTVRka01ESXhMbkJ1Wncud2VicD92PTE2NDkxODUxMDUtQTJhYnNreXFXd1IxWkczbmYyRkxCR2Q1VkJvZTJZRlRjTUE4dHBwNmp3QQ== HTTP 301
https://s-img.mgid.com/g/11739829/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMTEvMTAxOTI0LzRjMDdhZjY0Y2UzOTcyZWM2ZDMwMWM1YWU1MTdkMDIxLnBuZw.webp?v=1649185105-A2abskyqWwR1ZG3nf2FLBGd5VBoe2YFTcMA8tpp6jwA

Request Chain 189

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEE43iszbunQEQPjq_hCV_gc&google_cver=1&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEE43iszbunQEQPjq_hCV_gc&google_cver=1&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe&google_hm=YX5Q_IxSSmenGM4IyHx0OQ==

Request Chain 191

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOabKAMmtmKdJM1Ayz6O5TA&google_cver=1&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzijeiztRt810MY HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOabKAMmtmKdJM1Ayz6O5TA&google_cver=1&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzijeiztRt810MY&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzijeiztRt810MY&google_hm=2e7465968f3514486680cfaf

Request Chain 192

https://match.360yield.com/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP

Request Chain 196

https://um.simpli.fi/gp_match?google_gid=CAESEFsJSN3siyuo7oZrfuGhTy8&google_cver=1&google_push=AYg5qPL0zs5_-BYzXM_ROvD1jlkYu8taKzDjSiYNtv_X5nYU0XBjPn8OESbEzVsp397peSsJftXsVSoVwHBLmRbKwpqOs4f3FWOX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3E0C41A8C66B4A6F911509157CF4C4A0&google_push=AYg5qPL0zs5_-BYzXM_ROvD1jlkYu8taKzDjSiYNtv_X5nYU0XBjPn8OESbEzVsp397peSsJftXsVSoVwHBLmRbKwpqOs4f3FWOX

Request Chain 197

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEPnn9_ZhFVzpHXE4MrQIvsU&google_cver=1&google_push=AYg5qPJWKomjH3aNCZPUu-tYLPoNpcc4uvOj5_85fKcHnCL5VMlGcV12e6qpRmykVjV3uK1bE-KUvetPBQsgRyIEsW9DSwVpJLmF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJWKomjH3aNCZPUu-tYLPoNpcc4uvOj5_85fKcHnCL5VMlGcV12e6qpRmykVjV3uK1bE-KUvetPBQsgRyIEsW9DSwVpJLmF&google_hm=ODE0ODI5MDU3MTQ0NjU3OTQyMQ%3D%3D

Request Chain 198

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEM_xOT7yy8DEdBJTu5wbsQY&google_cver=1&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8eBYUyCRaJInlnqHYb89WdO HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEM_xOT7yy8DEdBJTu5wbsQY&google_cver=1&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8eBYUyCRaJInlnqHYb89WdO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg5NDk0MzUyMjc3NzMwMDU2Ng&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8eBYUyCRaJInlnqHYb89WdO

Request Chain 199

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ

Request Chain 200

https://match.360yield.com/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo

241 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request air.com.fgl.charstudio.christmassweeper2 Show response
nets4.com/android-apps/ 45 KB
10 KB 722ms
548ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38737b0e94619d42725f737b877f8b8a37b413ef6cfe48445e2ae21ac0007158

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=86400, proxy-revalidate
cf-cache-status: MISS
cf-ray: 6f7483d0ee0483bb-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Apr 2022 18:58:24 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 05 Apr 2022 18:58:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2vOcOLAs2NB3%2FtTKV%2BSyPSjMsAZmZTEDpWSr7LBdjRhmZT7Dc6hsaHfT3BioBRG6YZalBzVkyfNaq1YS%2F2z%2FwUj1IpBcpmUZOPYeI6Myd5i71AYzF6FKgXUhvvP%2FNAve8mXQOXUAeG4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 42ms
40ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9951636
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: Z92G2ZE1HMNW2AZG
x-amz-id-2: kRmlxs4Uk6Ans6W39/LiWarHKqNq5cjEv92nMKItZebgN+Nxd7ZAp/ZkZhClaetuHR0YmxVsIG8=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F1gworVp%2BYPv%2FzKD%2B72fmDEXeVleY71MjW80On7Rsez8RgqXD7sGTOTvPiSX7jynMMJMWq%2FZjf13EqB%2B1NtJZc7U7tNjMTvykT8atDAeaG39u5yar1WOtIbPw%2B4XXxXBurc7nbh0Cxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6f7483d48dd483bb-MXP

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 64ms
29ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3456393
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7K8ivbbhC0qeFFV6xXNZTG1C%2BacooHRdiGoKyxsXsxsThDAeBa%2BfHFvuRU5vbY%2B8EtGyCYDIKjyf7S%2BhbUk1DSeT1tjpINnVjNLtZyaRhaJ95ocdgEsb1qqq7DWAyjk9EFuFiyBPVmGno35IqFEwCphh"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d4bb2b0211-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 65ms
30ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2337565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X75TMR4VnVaHtHL8YEdFgPQQaFR23Q0kaROigrHj4NxteHyzYz%2FKswzY%2BOZ9Vr8J7eda21FTC13XAdCc482PXO7P%2BEgGL%2FF6EGgisXqE4UNoMpBnOxYniSHXA0AD1y3dIo36qxmHdRKjvEXg1XhCL05J"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d4bb2d0211-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
566 B 54ms
54ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5916
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0fVpeGflUFZDzcW8dfcoFZllpbypbMLkjVanpS11WngEDMakmbxQ4QJaUcPITMWqxhjrdllJB0Ff3Vu0NCjKfJV9Jpp%2FU%2Fed9ZgxJueRyXyUTaOpXkBlRyNuUUEMOn0CGDrbGUYS3R0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6f7483d48dd983bb-MXP
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/b/scripts/ 46 KB
17 KB 46ms
45ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1649181600
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df5f21e266b2c1c94b4a93f2f7e12c2bdaae0a3e25327e0844949f178c1c23ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZ0NasNkUHuKuNnG6dqKROMQQXeZXMjR5R8J9ydurwOz%2BGWdh%2BmeUoZ8EgVIuuKij8G6ewoedVZGGOJ%2BpQIw7CFyuy7itJDMH6SLBSfOFp%2Bnzp%2B3Re8dq%2FTw%2Fgv%2BagBs1JT0WIzqF4M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6f7483d50a187361-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 78ms
66ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fa3103806ec53fb0e95a0b28ca8b6ff105212961406e7074f9e67c1dca13dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10124785
cf-ray: 6f7483d50f2083bb-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1490
x-served-by: cache-sea4480-SEA, cache-mxp6982-MXP
server: cloudflare
x-timer: S1639060319.223268,VS0,VE1
etag: "stly99L8QVWcb6m8RMUQ7cA4kw:db93d278b907309c379deddbb0d961d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n0LtEXSkAWSZsOKPOvWntIHWNkH%2BTgWxFo0KJ371msmxXCrSUI30GOJ4YN0vuLUYr56%2B7zbhuvpqqgKM8mzsZsQzcYyuy%2BoQFoz7rkJVQet0gPzL6F18V%2BngLdLiq19iD29tElDg8Pcb6%2FvL"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 472 B
1 KB 77ms
65ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

912fa3094520c8407511db6ba89d2896806103a3d91119b6a187d6aaf91b84ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171982
access-control-expose-headers: *
cf-ray: 6f7483d50f2983bb-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 472
x-served-by: cache-sea4428-SEA, cache-mxp6930-MXP
st-img-id: 6a5af67d3cc36089-SEA
server: cloudflare
x-timer: S1638013122.261633,VS0,VE1
etag: "stlyiP4BjAye3OZ8qlZ7vzTBDQ:452ecb89109de4e1cab9c5348e6f85ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hOk0lMv9979hVGHlI18bU3AuiS90SNVzW8ig7Hqe3lcqkDfoWk%2Bztn9t7SKplbAt6MM%2FJwJnSdL%2F3H2oox5qEUAibebC1Ty8jgd8NdibXIeOQ8aVL%2BRrtw5ZFty8g50V%2Bg6PEcbqD2%2B6qmD"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/58T3Wrl.png>; rel="canonical"
cf-bgj: imgq:66,h2pri

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 29ms
29ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 11:29:35 GMT
server: cloudflare
etag: W/"623c561f-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtQStluIojO6iiUGwS9LEwcnBv%2FA0seA6lGn1hX5PWYlZdnEes3JitiyHa%2B6jXfZtgTqgeK1UdJspa6mcsYx%2BWbyzQjRYLEI1LYNKQm1LM3BC%2FHdUSDRYYb2JscrOIZnbidZ%2Bk0TtrE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6f7483d4f9e67361-MRS
vary: Accept-Encoding
expires: Thu, 07 Apr 2022 18:58:24 GMT

GET
H2 200 wnZ4x8qdVA8KgNByJS--b1tqZmTSGk5Lb2-YCqnAS0L1EzKISvdlOAjru-jxg56pzp8=w300
play-lh.googleusercontent.com/ 144 KB
144 KB 171ms
136ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/wnZ4x8qdVA8KgNByJS--b1tqZmTSGk5Lb2-YCqnAS0L1EzKISvdlOAjru-jxg56pzp8=w300

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ce282e34a0df839f095a4a11cc4220b6f4f4abd410137515f0f6d4ed619bfc47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147035
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H2 200 5iw0e_xner6_SAU2mgTF_Q8LF6LIXolm4PHthDt-ntzx619njQBKtFDxk0a-ht_2_Q=w500
play-lh.googleusercontent.com/ 39 KB
39 KB 184ms
148ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/5iw0e_xner6_SAU2mgTF_Q8LF6LIXolm4PHthDt-ntzx619njQBKtFDxk0a-ht_2_Q=w500

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

510147b11541a835c7afc26691957ac104e0e7090012840927afd1987a7fb9b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39602
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 email-decode.min.js Show response
nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 26ms
26ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 11:29:35 GMT
server: cloudflare
etag: W/"623c561f-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgaxGjINezYdiSFgZvLC4C0RkBtuwriJHqtx5AogmJQEyPeTFYNdRvfOd7X3KaCGbKsK8RlG8e5D5UxZx%2Bguha4FfOCkCfwKZ6JqPSjGua4wa85cp6OBfOSrAsu7RxIPjPJ4xDNIyK8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6f7483d4f9fe7361-MRS
vary: Accept-Encoding
expires: Thu, 07 Apr 2022 18:58:24 GMT

GET
H2 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 75ms
75ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6250600
cf-ray: 6f7483d52f7a83bb-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4470-SEA, cache-mxp6945-MXP
server: cloudflare
x-timer: S1642934504.494838,VS0,VE1
etag: W/"ee80457266cef4b485c3668cbdd5f67e7ed204e94a46f041afd17fa27c93c945"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQSXt19vAh2oMXkCbgPgXTzTzXGTXiS1ETn9FJHGTw4X%2BzoDv6RZOsoHsyiGlxsWwaj5mE9%2FzZ0Sr%2FRosvPqAPuxW25pMwXPUQCnSu7%2FQpI9DSsoxhq9W2ufLjft7h1kW9E8tVa48Jz5RSUG"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 53ms
32ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6735186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQIZ31gkXfeB3VlIIREdHchukQNsldctCZvbTjr8O5Qx6FOM3rZ9BXSswcNGFkuRaC1LITf4TaDs1k6u6%2BkLjiPEWL3qeFnOllk3oZ%2FebKe26e%2Fg5guoIW6cpLk5Wtznq%2BsfLvOc0gYpwP%2FwU8ASugf2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d54eac01df-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 25ms
24ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16342931
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Bmb8F%2BU3m88YSBnmmAYGOsuHwLHd6kBjIk%2Fe%2BTeOWMV4Kuj49ljZR73zjhKv1zCH%2F1Cy5w8ExoBvHBPANymsEJDB22SmkHdJ%2BWC0xDiB4XCrOfJ0LG5gYuoAHB97hDSPcp0CcTckJYwPnrE%2FKuS8Jlo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d5bf6d01df-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
13 KB 32ms
32ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3364022
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fPT68I05LdsuqAtayMKEOt8O%2BUN1j5ADXGtRFuSkMJSHn8axLRIsxKHZKmeJDdPjwd2SUWkThv74uAU5T%2BjYeEL%2BG0j5IBjLyXnpqpjX6lP4OTt14R3EEohTbB7HGziZn12D15YxKCwSzpAo%2FrAMyjQB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d5efc401df-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 72ms
72ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4800
cf-polished: origSize=120806
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jl382vfEQ6UBNNAgWFsYR5rga23b47Aj76yJkajPYK6aplW95pnkf6tBLSLCYh3d1rble7M0MDe2ryvCq8cLXEuCOisApGjO08M%2FvC8bFCRebQu8LEWFaYbiHrTjsHIDIjnv%2Fh%2FdRI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6f7483d6beae7361-MRS
cf-bgj: minify

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 36 KB
11 KB 80ms
19ms Script
application/javascript 18.64.103.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.103.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-103-66.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eef64f7a397e400b8f553622d72e44cfcfb2630f74b958fb561f0392a13ba48d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 09:26:22 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 09:26:13 GMT
server: AmazonS3
age: 34323
etag: "459fced820cea712f76c27f56f23821c"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 71899bd3f76489e8a6e71cc77aaa6424.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P3
accept-ranges: bytes
content-length: 10804
x-amz-cf-id: IXdRDSXZFDJxlXeKByT0ub2SPX9KSjueaeS_0dqjYaphwU_B4vZwcQ==

GET
H3 200 air.com.fgl.charstudio.christmassweeper2
nets4.com/android-apps/ 15 B
0 41ms
41ms Fetch
application/json 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
ts-request-embed-key: 9dd0c9c1-d905-4350-9919-a94e7da85dfa:14a3eda404899d973f0b4b1fc306d132c8e9f8e3dfad3f3e4a51b000ad8c1849
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVYBwfVtjXpIuKa8LsIy4OOzGvhopo0L%2Fw1SPT0V2VxANLLJk4aqsVQzgRsKFBYdelczYm7RSuk1dY%2BBf6xw3Lwy%2Fuacdh2kwWejDT6sHqG9LWSZANxMnzuuLRuGMhss7GCZMO6hFp4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6f7483d6ced07361-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
969 B 37ms
15ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e1afac4f639ccfd2a3176184d598ee162e4c2f66e56900e5897e9d821553f169

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Tue, 05 Apr 2022 18:58:24 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 83ms
53ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6f7483d6ef250221-ZRH

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5014
date: Tue, 05 Apr 2022 17:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 05 Apr 2022 19:34:50 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 142ms
142ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQ2hyaXN0bWFzJTIwSG9saWRheSUyMENydXNoJTIwR2FtZXMlMjAtJTIwQW5kcm9pZCUyMEFwcCUyMiUyQyUyMnclMjIlM0ExNjAwJTJDJTIyaCUyMiUzQTEyMDAlMkMlMjJqJTIyJTNBMTIwMCUyQyUyMmUlMjIlM0ExNjAwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbmV0czQuY29tJTJGYW5kcm9pZC1hcHBzJTJGYWlyLmNvbS5mZ2wuY2hhcnN0dWRpby5jaHJpc3RtYXNzd2VlcGVyMiUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJrJTIyJTNBMjQlMkMlMjJuJTIyJTNBJTIyVVRGLTglMjIlMkMlMjJvJTIyJTNBMCU3RA==
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d81da1c2333ea18b9649d21dd0dbb2a09141d43d18ef3e2eea1157f3e56d6277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=syCDNi1vuTqfL88ogzpFQjoWBflooUkXUMnPEJ0ehX8oCg0NMDmlPtj2pEnQeY3p2mhQYigGH7H8nI7heQ%2F%2FHXM6clv6xy6vFVOCtTcIRNlQvpTws8wdyIBIa0Gi9zCGg0gzklebGuM%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6f7483d6ced87361-MRS
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 39ms
25ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1041615
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=INOtpliRh1NV%2BN2dIeb8aqP2SBaV2dOB3muCjKn%2B%2FhCI579j5dSMYyS6Ow%2FBgqg%2FYin95lSPSshdRRsurVSzWbYL0n%2FZKQnzaqlX2rTzAtdIGheZiVLE%2Bz46hBFK%2B%2BR7kGDyVc58Yup0KcygE3kjD%2BUO"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d6daf6cc4a-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 62ms
48ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 82042
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=euzpoUd4QSsFM4xFoi%2FHEfNUDi6Qt4BQfjDhJVutLy5fLf3EgDmv%2F6Say4hcA6CZ%2FSkVuGzqxhmwH3esgQltw000yU9wi%2BytePKGM01zP3uLEgfOJxgdwNo6VyS5BOjhIjgjogDui9GdithUc6dIdZdC"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483d6daf2cc4a-ZRH
expires: Sun, 26 Mar 2023 18:58:24 GMT

GET
H3 200 wnZ4x8qdVA8KgNByJS--b1tqZmTSGk5Lb2-YCqnAS0L1EzKISvdlOAjru-jxg56pzp8=w16
play-lh.googleusercontent.com/ 971 B
995 B 176ms
160ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/wnZ4x8qdVA8KgNByJS--b1tqZmTSGk5Lb2-YCqnAS0L1EzKISvdlOAjru-jxg56pzp8=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e3e7c69d3f963ae4160aa72b714a02f75fcf0555ba097dc7f51a46f4c3e3e8ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 971
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 ZrITliAvAPpK_XR6WDxDPiZsKKcRcvlCSVeRNnWclmsAvAkYk-F_nA3pOVlT2tgJDfU
play-lh.googleusercontent.com/ 76 KB
76 KB 91ms
76ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/ZrITliAvAPpK_XR6WDxDPiZsKKcRcvlCSVeRNnWclmsAvAkYk-F_nA3pOVlT2tgJDfU

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d0511dc6843e7aec148923ec9cb14586ad149c35f2261f2e42332f7984e4363d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77645
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 hJl9XrnPfBkoR7bEPeOBIqr1AZtpnefPf4rEEGx1lpzK8zYf7M8t6bspYM6RAsTdES0
play-lh.googleusercontent.com/ 89 KB
89 KB 173ms
157ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/hJl9XrnPfBkoR7bEPeOBIqr1AZtpnefPf4rEEGx1lpzK8zYf7M8t6bspYM6RAsTdES0

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d02a41d5e4e8f28ff7c21cb6ab313d17467ba95105f96eeaba162a081b4930d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90801
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 EC3oXntMobQvS-O_6kbJdSoCVAw33UoSvq66AdjKzhOgcQ2_qZLNIGW8SHBAb8aMFys
play-lh.googleusercontent.com/ 100 KB
100 KB 177ms
161ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/EC3oXntMobQvS-O_6kbJdSoCVAw33UoSvq66AdjKzhOgcQ2_qZLNIGW8SHBAb8aMFys

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7b0b2975dc9009e34fbfebf8f498ffc64b3fc17ae5a46bf2af3f3688aa50fedd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102545
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 hDQ7vct6xDo09skFeZjI63TpWYzQiZFdNM_MFM5W1bNMU4WzPMhKGMpx-1Z1Xp4Dgww
play-lh.googleusercontent.com/ 82 KB
82 KB 783ms
768ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/hDQ7vct6xDo09skFeZjI63TpWYzQiZFdNM_MFM5W1bNMU4WzPMhKGMpx-1Z1Xp4Dgww

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

771e43b2aadaf068f9edc391e8192bd9372e92be5bff6e5d10e683a9fdf2f28a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84161
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:25 GMT

GET
H3 200 okZgIyuIUdcCJ5IaTHJdyUaIAvYdNwTtiBPEGsSFGxrH56g5_UbNiRq-VmU3Vn2Ijw
play-lh.googleusercontent.com/ 97 KB
97 KB 202ms
188ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/okZgIyuIUdcCJ5IaTHJdyUaIAvYdNwTtiBPEGsSFGxrH56g5_UbNiRq-VmU3Vn2Ijw

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2aa5e1135da27f359b8aa8635358fe678666995d32278286bb4c292652eebadd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99542
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 NEK5hfwoG5YHTH-paqfjNdhnqNAwiyVn-z6UaJuyj9xqsj-jM-BxukVrJi4DP8Snk5zL
play-lh.googleusercontent.com/ 89 KB
89 KB 164ms
149ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/NEK5hfwoG5YHTH-paqfjNdhnqNAwiyVn-z6UaJuyj9xqsj-jM-BxukVrJi4DP8Snk5zL

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fc224df18921d7751f2f448bde0e9a3816db9dd19c6a87bd312b6b488771d5a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90907
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 86GDjoTkFLLkhvauj2OeR5g3zdbO3O5SUgbjhYaADTsDkdvJ5ACZiD-iJpa7tRoLpg
play-lh.googleusercontent.com/ 90 KB
90 KB 204ms
190ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/86GDjoTkFLLkhvauj2OeR5g3zdbO3O5SUgbjhYaADTsDkdvJ5ACZiD-iJpa7tRoLpg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e494c44d5e9b1cf9f4a5e8023c43be68e9f959c03d4cf9f92642236cf797095

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91970
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 Xiy_vPRz_hfAuQeCwh5mGE6ze6E2c2q-MGo7JFchMsF2bTylZU8JPS1SyXfEDiHjJNs
play-lh.googleusercontent.com/ 95 KB
95 KB 237ms
223ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/Xiy_vPRz_hfAuQeCwh5mGE6ze6E2c2q-MGo7JFchMsF2bTylZU8JPS1SyXfEDiHjJNs

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f3d0d742872c72044c50440340b8ac015a99ae2f6eab1385be65d4baa6bef5ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96985
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 ic_T_awz902o6SVG71z5Sd13StEAVwaeQxrWzdPoRaCEKef7818_tC6dpEYmeZNQHagW
play-lh.googleusercontent.com/ 86 KB
86 KB 281ms
267ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/ic_T_awz902o6SVG71z5Sd13StEAVwaeQxrWzdPoRaCEKef7818_tC6dpEYmeZNQHagW

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1d9268537357484fd7ef88766a0faecccf316c038933c1dccf964eeec8f4305a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88411
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 gE-u_aKoJGYf4Ww-puh7m95c4VCjVPrOI_6tKJL6D8XkPuQyp68jJjeEJJZqRj3uow
play-lh.googleusercontent.com/ 94 KB
94 KB 41ms
28ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/gE-u_aKoJGYf4Ww-puh7m95c4VCjVPrOI_6tKJL6D8XkPuQyp68jJjeEJJZqRj3uow

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

54b434775350cc0cb6581e5b1f71a991a85fe06d2d67a7c9162122b3a265c02b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96021
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 vW9ewBLqfL7XmDfmO3aKDI7_62LJT-C-bQ7FRIR44Xb5oFNH20pmdNSRiuZz6CYeMuDs
play-lh.googleusercontent.com/ 108 KB
108 KB 345ms
331ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/vW9ewBLqfL7XmDfmO3aKDI7_62LJT-C-bQ7FRIR44Xb5oFNH20pmdNSRiuZz6CYeMuDs

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

08383c35578c37174a79128800d3f39d4c432eaa149bf3fcd968674f6c7d252d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110401
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 IZJPVLGGCFzIVrwIPtkfDxMPGVTH3BsDUpW_8FmOPeaarbWQzbHnB-WGSmEBBrzy2A
play-lh.googleusercontent.com/ 75 KB
75 KB 325ms
312ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/IZJPVLGGCFzIVrwIPtkfDxMPGVTH3BsDUpW_8FmOPeaarbWQzbHnB-WGSmEBBrzy2A

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

77d674e5129f10a4384ce74d1e70429d0ea3a4821815f6a42f22c43a5959dea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76608
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 _1GO4of-C8U4kL0n0e6sTLBOBrmhZqikGq4BeNwlE0_6MMI5xPgGswMU__xalfuHow
play-lh.googleusercontent.com/ 111 KB
111 KB 223ms
211ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/_1GO4of-C8U4kL0n0e6sTLBOBrmhZqikGq4BeNwlE0_6MMI5xPgGswMU__xalfuHow

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

045f7b2e89fcfb5484ba4acd31e889919df3c3c9cc38cb7320531a64a11f5641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113804
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 RJYxWeEW-Ut3UvM2pzmJChizC_Yi2Y1vMf4117JLbZCWWn_KdV34t274zKgIJ6PPuac
play-lh.googleusercontent.com/ 87 KB
87 KB 373ms
361ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/RJYxWeEW-Ut3UvM2pzmJChizC_Yi2Y1vMf4117JLbZCWWn_KdV34t274zKgIJ6PPuac

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a99033e433cb5106d4345e8081a5d58eedf900397a6f35479a2c4ce2fb3b0359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89379
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 YeZMAtBws5WZLypWNVgyCcMDiGs6DV4MMNMm9BLWiziKW_ZDTiJvxDVuW_3oGFMbcI1N
play-lh.googleusercontent.com/ 96 KB
96 KB 265ms
253ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/YeZMAtBws5WZLypWNVgyCcMDiGs6DV4MMNMm9BLWiziKW_ZDTiJvxDVuW_3oGFMbcI1N

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

35d42c7719fbcb4c6b5b2103b9a74912a28c69436121f9338a6ad4a4f2761195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97896
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 QDVE5yhGVD12ZIY4qIa2hORMy89FDqDuWFuVIbVaxDhpar2Paj5RkafCTqSbVeuX2w
play-lh.googleusercontent.com/ 100 KB
100 KB 328ms
316ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/QDVE5yhGVD12ZIY4qIa2hORMy89FDqDuWFuVIbVaxDhpar2Paj5RkafCTqSbVeuX2w

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d9121164dc823a1c1c052daf0a086f314373c37b1600d07e21077005ca8523d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102227
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 KECfPD723RcSEIvDPu3k5jKuoU9EqUDnj1gUJuJ8tezw_rrlhZEatugjnWFbF5vlbW8
play-lh.googleusercontent.com/ 86 KB
86 KB 766ms
753ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/KECfPD723RcSEIvDPu3k5jKuoU9EqUDnj1gUJuJ8tezw_rrlhZEatugjnWFbF5vlbW8

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1d9268537357484fd7ef88766a0faecccf316c038933c1dccf964eeec8f4305a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88411
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:25 GMT

GET
H3 200 xKaFeXueAQEkAGP849DlfSsWyW9_0QnRzJEQD0oekx0pJHGhFvWQCJGfPJHz0fenDxk
play-lh.googleusercontent.com/ 94 KB
94 KB 354ms
341ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/xKaFeXueAQEkAGP849DlfSsWyW9_0QnRzJEQD0oekx0pJHGhFvWQCJGfPJHz0fenDxk

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

54b434775350cc0cb6581e5b1f71a991a85fe06d2d67a7c9162122b3a265c02b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96021
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 S3DboMxqinWiINaqBfOUNh-QhAjQzd5Jf5ZByy1pSmp93ogzW6q6hR0O4e82IE5A1ZI
play-lh.googleusercontent.com/ 108 KB
108 KB 335ms
323ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/S3DboMxqinWiINaqBfOUNh-QhAjQzd5Jf5ZByy1pSmp93ogzW6q6hR0O4e82IE5A1ZI

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

08383c35578c37174a79128800d3f39d4c432eaa149bf3fcd968674f6c7d252d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110401
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 W0oUk_gLu8l1eKLcHJgBEAeQMdMObb6tvL8mx4V1nrP0sOiUxzmy6qpitxTNG1NH7jE
play-lh.googleusercontent.com/ 75 KB
75 KB 337ms
325ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/W0oUk_gLu8l1eKLcHJgBEAeQMdMObb6tvL8mx4V1nrP0sOiUxzmy6qpitxTNG1NH7jE

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

77d674e5129f10a4384ce74d1e70429d0ea3a4821815f6a42f22c43a5959dea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76608
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 eJ_dUqahMfKVpa33MXU6mD5wzHrV11hxbm-VQ1fLjtjg0E-bUcvdR2h6-eGgAiDvqoQ
play-lh.googleusercontent.com/ 111 KB
111 KB 275ms
263ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/eJ_dUqahMfKVpa33MXU6mD5wzHrV11hxbm-VQ1fLjtjg0E-bUcvdR2h6-eGgAiDvqoQ

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

045f7b2e89fcfb5484ba4acd31e889919df3c3c9cc38cb7320531a64a11f5641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113804
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 C-TgXizmOsaLBvGeGvegOmUivtWyVX5_Bm_VcPz7-p_WFloElo-zLs7TQY-ABYtShSyb
play-lh.googleusercontent.com/ 87 KB
87 KB 368ms
356ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/C-TgXizmOsaLBvGeGvegOmUivtWyVX5_Bm_VcPz7-p_WFloElo-zLs7TQY-ABYtShSyb

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a99033e433cb5106d4345e8081a5d58eedf900397a6f35479a2c4ce2fb3b0359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89379
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 Lrxdn6zaK6ZdckKvpWm5bRBGy5OOP754SbVEXUMxppWU6rAOyRoCH0uaGahW9OvDuoY
play-lh.googleusercontent.com/ 96 KB
96 KB 176ms
164ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/Lrxdn6zaK6ZdckKvpWm5bRBGy5OOP754SbVEXUMxppWU6rAOyRoCH0uaGahW9OvDuoY

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

35d42c7719fbcb4c6b5b2103b9a74912a28c69436121f9338a6ad4a4f2761195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97896
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 HqWA0wPtc66uchyM5wEXsiusmd7S2TcewjDIKFEW659RVou1JM6OcERYK3XhV2n4VDlD
play-lh.googleusercontent.com/ 100 KB
100 KB 331ms
320ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/HqWA0wPtc66uchyM5wEXsiusmd7S2TcewjDIKFEW659RVou1JM6OcERYK3XhV2n4VDlD

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d9121164dc823a1c1c052daf0a086f314373c37b1600d07e21077005ca8523d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102227
x-xss-protection: 0
expires: Wed, 06 Apr 2022 18:58:24 GMT

GET
H3 200 PFtVf8J3S_4ToEi_fYjbNigByV6WzGAyjovbSdEKc1OkdnqXZ29-sX2qih6eXB4ffsJF=w16
play-lh.googleusercontent.com/ 889 B
914 B 28ms
16ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/PFtVf8J3S_4ToEi_fYjbNigByV6WzGAyjovbSdEKc1OkdnqXZ29-sX2qih6eXB4ffsJF=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ffbcabff9528a24cc4e0ab68a3414f0354e95f9b239b29bd9ef90dd814ae7dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 889
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 6Kf7hq5tLExnZJhhT_VWIIHFKuk-X3MTCLqxln43WXG0685GmE-3YO5JE9IZHP88bkHA=w16
play-lh.googleusercontent.com/ 754 B
779 B 22ms
13ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/6Kf7hq5tLExnZJhhT_VWIIHFKuk-X3MTCLqxln43WXG0685GmE-3YO5JE9IZHP88bkHA=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7e2d0b2397510318814ce5197ab175d3f1c813a76dfc7de84408199185f3eacc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 754
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 BZKEDcsVJ-zk4Oa6s1NU41h2qvxw7W8wRkR0XhpHVs8BJkSbE0xmcrM9Dq3E8u5b5cML=w16
play-lh.googleusercontent.com/ 446 B
471 B 20ms
12ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/BZKEDcsVJ-zk4Oa6s1NU41h2qvxw7W8wRkR0XhpHVs8BJkSbE0xmcrM9Dq3E8u5b5cML=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

156b9147c6c44124d5787c9d95708cc2ed72761453a33e735496169f8160bf8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 446
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 hsp9R-NrDV5Snvw5g3oiKH9FmtLwAucRingy4_7dzhCT64AebUBEJ--Ijx_48eJ_0-g=w16
play-lh.googleusercontent.com/ 785 B
810 B 20ms
12ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/hsp9R-NrDV5Snvw5g3oiKH9FmtLwAucRingy4_7dzhCT64AebUBEJ--Ijx_48eJ_0-g=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d1675582e399fe4ebddf1590f3e691f4c2eb576d6b827cfe8171bca4d71415cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 785
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 2iUpHqBGMGT4uWLWKDjIYLDr2mun9Ckbnqokhr_qo-fGwbzvsKS4zF5atEMBsWspatbs=w16
play-lh.googleusercontent.com/ 995 B
1020 B 25ms
17ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/2iUpHqBGMGT4uWLWKDjIYLDr2mun9Ckbnqokhr_qo-fGwbzvsKS4zF5atEMBsWspatbs=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

30ccf44890fddda4fc53e1364a652004a9f85923373aa54cb1472f861ec8a629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 995
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 LmHQJ8xARKkq5uGsW21Xj-FSVB73BhhmSDiT6m6t4AVaV1g02TaEkCMJtHlQVE5V4rA=w16
play-lh.googleusercontent.com/ 493 B
518 B 24ms
16ms Image
image/jpeg 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/LmHQJ8xARKkq5uGsW21Xj-FSVB73BhhmSDiT6m6t4AVaV1g02TaEkCMJtHlQVE5V4rA=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8bed2eb902ec65c1bbfb02c78fb1c5bc29a659a22a5ec9cda1b2151a4ee75b09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 493
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 LpUt3CRFCvVJqqWaQIKLR42_Re35Bw80AX3OxDdxsT9PXG8YK8ZQWD9wS73FqYAvorc=w16
play-lh.googleusercontent.com/ 530 B
555 B 22ms
16ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/LpUt3CRFCvVJqqWaQIKLR42_Re35Bw80AX3OxDdxsT9PXG8YK8ZQWD9wS73FqYAvorc=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6c9c9572bac1efdf36f4a5f936a4209ee9df53a656a2018666cbab86dc4c2d9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 530
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 D59i2Msk0t7TCbUmYBlugCd8Qv1xUzbcwmyrdSii_xx3basYQuQ7W7IpUW0fpexZm7s=w16
play-lh.googleusercontent.com/ 337 B
362 B 21ms
15ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/D59i2Msk0t7TCbUmYBlugCd8Qv1xUzbcwmyrdSii_xx3basYQuQ7W7IpUW0fpexZm7s=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9d3926035d8584194f91efc49b1e49c75a7dcbe7eadb7a8018c01ea47436c049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 cbFaEc9Q1JpvdToiRHh1IDw_mePDANAI_PIdxWVMj-mRYiV2rbEHSaYrVp23MA3Rzg=w16
play-lh.googleusercontent.com/ 612 B
637 B 22ms
16ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/cbFaEc9Q1JpvdToiRHh1IDw_mePDANAI_PIdxWVMj-mRYiV2rbEHSaYrVp23MA3Rzg=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

333c98d98da28ae758b55eff4b52d7dc2ae21e19e3c41b83e90aac4a78e7cf81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 612
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

GET
H3 200 g_tj-MIIhpFn6SxZ6kfsXzIkTztj_ScExTh-6uiv_jFgnH6o3KfE0zS6BI0oi6Wbaoo=w16
play-lh.googleusercontent.com/ 646 B
671 B 21ms
15ms Image
image/png 2a00:1450:4001:827::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/g_tj-MIIhpFn6SxZ6kfsXzIkTztj_ScExTh-6uiv_jFgnH6o3KfE0zS6BI0oi6Wbaoo=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

897cd7f94889663829433a19a1776b4bb236773d22905edfc366daa28990b6d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 15:55:14 GMT
x-content-type-options: nosniff
age: 10990
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 646
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 15:55:14 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=424248196&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fair.com.fgl.charstudio.christmassweeper2&ul=en-us&de=UTF-8&dt=Christmas%20Holiday%20Crush%20Games%20-%20Android%20App&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1675613051&gjid=603203762&cid=334559498.1649185106&tid=UA-123511935-10&_gid=1218009620.1649185106&_r=1&_slc=1&z=248881652

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame EA8C 278 B
650 B 81ms
36ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 1805679
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 6f7483d7d972cc4e-ZRH
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 05 Apr 2022 18:58:24 GMT
etag: W/"116-5cd1487afaaea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e2s
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/gif

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 314ms
108ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1649185105666
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:24 GMT
x-request-id: 6cf73729-bdb0-4760-ae9b-497d5a721b92

GET
H2 200 init Show response
api.purpleads.io/x/ 68 B
357 B 332ms
143ms Fetch
application/json 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1649185105666
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: 587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
etag: W/"44-Pm5SJt3t2KI5gMvsRd3GV+dxT2U"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
content-length: 68
x-request-id: 72d2f14d-4809-451a-8651-2c2e4978f9db

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 74ms
47ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 30051933
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6f7483d7d974cc4e-ZRH
cf-bgj: minify

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 683 B
1 KB 151ms
114ms Script
application/x-javascript 2620:1ec:27::cafe:1846
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1846 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: e78fb1c3b2113445c2f8c06cb66da75193a5a4ebe70ea04a987cccdacf8a8b6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
x-powered-by: ASP.NET
x-azure-ref: 0UJFMYgAAAABph5nWapCfR6Tj9zQfpMG3TVVDMzBFREdFMDMxNAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2 200 clarity.js Show response
k.clarity.ms/s/0.6.34/ 53 KB
23 KB 304ms
97ms Script
application/javascript 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:24 GMT
content-encoding: br
etag: "1d841fea437dd54"
last-modified: Sun, 27 Mar 2022 17:18:14 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 245ms
132ms Fetch
application/json 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=2dc351d5-63c6-4309-803b-668aa76b13a0&ts=1649185105872
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: 13dde827c5b6afc12da109950ace86190eeae479bc6c04f14b8d3b5341c67629

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
etag: W/"175e-fyc/fPQnAvDIw2RbzWg//utDUWc"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: c506562f-1c60-49d9-977c-6d7b47aeec11

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 186ms
184ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=2dc351d5-63c6-4309-803b-668aa76b13a0&ts=1649185105872
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:24 GMT
x-request-id: 65086103-0ecb-40be-96a4-59a11ed597f0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=7D0477D870174C8D8F7455ED281FA0DA&RedC=c.clarity.ms&MXFR=1A3C73DE1570666E343462A3117068B8
https://c.clarity.ms/c.gif?CtsSyncId=7D0477D870174C8D8F7455ED281FA0DA&MUID=0CC7A22EDAE868A00206B353DB836997

42 B
369 B

29ms
28ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=7D0477D870174C8D8F7455ED281FA0DA&MUID=0CC7A22EDAE868A00206B353DB836997
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:24 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D91731BA7A3F411D9CC8BDFC9AB01C9B Ref B: FRAEDGE1513 Ref C: 2022-04-05T18:58:25Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=7D0477D870174C8D8F7455ED281FA0DA&MUID=0CC7A22EDAE868A00206B353DB836997
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 117ms
116ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=2b46d051-bb16-4c91-8983-41b9546890e5&ts=1649185106299
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:25 GMT
x-request-id: 4ecaafdc-617e-4950-ab14-d98ed8001916

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 158ms
158ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=5ccc669d-0db9-4785-8422-b69d1c165304&ts=1649185106299
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:25 GMT
x-request-id: 0b620f9c-d09c-48f3-9a06-a13785d9df11

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 117ms
117ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[200,200],[250,250]]&slotid=a988cda9-d56c-4039-9bbc-2527ee07c19e&ts=1649185106299
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:25 GMT
x-request-id: 05009dfc-1c3b-44ea-832f-e575746149f5

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 103ms
102ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[200,200],[250,250]]&slotid=d24384ed-a573-41bc-a382-082b55d339ea&ts=1649185106300
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:25 GMT
x-request-id: e17002f6-faf9-4db4-8ad0-dfbbb6e23c69

GET
H2 200 / Show response
api.purpleads.io/x/b/ 12 KB
3 KB 307ms
306ms Fetch
application/json 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=2b46d051-bb16-4c91-8983-41b9546890e5&ts=1649185106299
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: a8c3a82916b6e6831214fc16c734efd7c01e454cbe5ca8b27add17c0d9fa7d35

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
etag: W/"2e7e-nvAfEBBP2zVOiB5GBJvXpksXJcs"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 497bb0fa-750f-421f-8371-d916bf46e72b

GET
H2 200 / Show response
api.purpleads.io/x/b/ 12 KB
3 KB 562ms
561ms Fetch
application/json 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=5ccc669d-0db9-4785-8422-b69d1c165304&ts=1649185106299
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: bfb244f5049099e06bd8392e06c531b002bbbc52bf02828b7b4dd53da9389477

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
etag: W/"306b-wG7AOhmV8k/h8aOmBUWYYz7PZMk"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: d888803a-50cb-47cb-a691-ad604bbc6e57

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 330ms
329ms Fetch
application/json 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[200,200],[250,250]]&slotid=a988cda9-d56c-4039-9bbc-2527ee07c19e&ts=1649185106299
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: baa1c7577458e57b9378b4eff9cd957d26f73ba323e13ac7e14003a374d70621

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
etag: W/"1739-iAlLuCpNCyOKYQ3Y9sL7DbeqjxA"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 26c2c6ca-e15f-45b1-a8b4-e5bc69c5d1af

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 371ms
370ms Fetch
application/json 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=9d1c5b49d78e4ed59b5c892d8b80768d&sizes=[[200,200],[250,250]]&slotid=d24384ed-a573-41bc-a382-082b55d339ea&ts=1649185106300
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: d29db413ec0a3a5f148c5f68957c0d5c83f7fc099e01195758efe6b19cd39126

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
etag: W/"1739-1sPpBel/AP3zA4CRP0NGgdUERdI"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 2fbd70b0-39b2-41be-857a-bec53723daff

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 362 KB
144 KB 39ms
18ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:02:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:02:16 GMT

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/b/scripts/ 22 KB
8 KB 45ms
44ms Other
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cd9579c3d1f4f72c55909fc5c57a39f7356a0ca4450662704f11d5b2bc9100b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2e8fOoi5WE0sdDS6K%2BjX013SOItHSYyrTm3hS8ZAp1807pNjYXB2ZUHf2c39tYxDjew%2FchNsEK2%2B5yklKRZOQFSnUDxmdv6ZLMuZpGsYufR97kkI3Eph7hHwRNigbosp6tESzl%2F2Ak%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6f7483dbac887361-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 67ms
18ms Preflight
text/plain 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
cf-ray: 6f7483dbeafe01df-ZRH
content-encoding: gzip
content-type: text/plain
date: Tue, 05 Apr 2022 18:58:25 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 31ms
31ms XHR
text/plain 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
content-type: application/json

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6f7483dc0b5e01df-ZRH
vary: Origin

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1BAE 82 KB
28 KB 57ms
24ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

77dc0f922a2934882d2fc34d054d62eb614aaf3c1949a5fd63081b08b18b5620

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28282
x-xss-protection: 0
server: sffe
etag: "1179 / 762 of 1000 / last-modified: 1649156675"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 05 Apr 2022 18:58:25 GMT

POST
H2 204 collect Show response
k.clarity.ms/ 0
65 B 291ms
290ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: k.clarity.ms
URL: https://k.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:24 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 15A0 43 KB
22 KB 44ms
27ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=qu3gvicvbmvn

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b35f2bb54fb9557aef213eb485cd948bb47a538d77cc08069ec4e45906fca061

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oQQWCuY0jMtTG7gUawpXUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22792
content-security-policy: script-src 'report-sample' 'nonce-oQQWCuY0jMtTG7gUawpXUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1BAE 366 KB
125 KB 21ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 787
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Apr 2023 18:45:18 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame 15A0 51 KB
24 KB 20ms
6ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=qu3gvicvbmvn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 11:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 11:48:05 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame 15A0 362 KB
143 KB 23ms
9ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:02:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:02:16 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1BAE 107 B
792 B 68ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1BAE 107 B
549 B 45ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1BAE 24 KB
10 KB 230ms
229ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=83553651310547&correlator=756943298797962&eid=31063377%2C31065714&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=1944610241&sfv=1-0-38&ecs=20220405&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1649185106558&dlt=1649185106311&idt=217&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=389&ucis=amqfklaiyvvi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fair.com.fgl.charstudio.christmassweeper2&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=334559498.1649185106&ga_sid=1649185107&ga_hid=1927073416&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

71d4402e323ad9a22471749a45aeb45792845b31014f0501dd63a7dfa40d6c74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10096
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1BAE 14 KB
11 KB 63ms
27ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

286c70fef55ef339da75a65b7bae3e59be01022db0e710f1bf6b2cd81d951d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10677
x-xss-protection: 0

GET
H2 200 container.html
0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 40B9 6 KB
0 78ms
14ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Wed, 05 Apr 2023 18:58:25 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1BAE 17 KB
7 KB 70ms
32ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 18:58:25 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 15A0 102 B
134 B 18ms
17ms Other
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=qu3gvicvbmvn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 05 Apr 2022 18:58:25 GMT

POST
H3 200 6f7483d0ee0483bb Show response
nets4.com/cdn-cgi/challenge-platform/h/b/cv/result/ 2 B
690 B 67ms
67ms XHR
text/plain 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/cv/result/6f7483d0ee0483bb
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1649181600
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6f7483df9fb37361-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jsEZ4zi%2BSZx%2FaBhQpb9N6NlxXCSkfa0LoObcZdNFJtkQIYznW3GMg%2BituX8xW6xlVfhYADDtRy9IfxUx64VBGkz7llnyDS1yGG%2BCHD4czSh%2FD2eYiEm5hZx%2B9JzUffopJii4qIkIWY%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 container.html Show response
0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3054 6 KB
3 KB 22ms
8ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Wed, 05 Apr 2023 18:58:25 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/7ec61d056a67724a2893350b0534678a:67df8b53793068f946243755b3b66ca74c1f75de0baba084f0badc5e42368203f880df68e0608f5fdb4167bd938b95e948749d77b2617ac33e36f9cd322557db9083a01dbe164d5... Frame 0
0 120ms
119ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/7ec61d056a67724a2893350b0534678a:67df8b53793068f946243755b3b66ca74c1f75de0baba084f0badc5e42368203f880df68e0608f5fdb4167bd938b95e948749d77b2617ac33e36f9cd322557db9083a01dbe164d561bd617a598072cd681d4dc1edc3176fd4fc69ba3d53fcc0cddea8b1e5ffb89ba1b90f84412d91b430a7f5eb23cfc314c16b89fc9979e182f94df0b93a100915e791ad3678e869070d64fa14ac24e59b3a054034a685dd3ed/i?id=c506562f-1c60-49d9-977c-6d7b47aeec11&ts=1649185106976
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:25 GMT
x-request-id: 9d685b89-57d9-468e-9d6f-9476c7bab0a2

GET
H2 200 i Show response
api.purpleads.io/x/a/7ec61d056a67724a2893350b0534678a:67df8b53793068f946243755b3b66ca74c1f75de0baba084f0badc5e42368203f880df68e0608f5fdb4167bd938b95e948749d77b2617ac33e36f9cd322557db9083a01dbe164d5... 0
199 B 298ms
295ms Fetch 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/7ec61d056a67724a2893350b0534678a:67df8b53793068f946243755b3b66ca74c1f75de0baba084f0badc5e42368203f880df68e0608f5fdb4167bd938b95e948749d77b2617ac33e36f9cd322557db9083a01dbe164d561bd617a598072cd681d4dc1edc3176fd4fc69ba3d53fcc0cddea8b1e5ffb89ba1b90f84412d91b430a7f5eb23cfc314c16b89fc9979e182f94df0b93a100915e791ad3678e869070d64fa14ac24e59b3a054034a685dd3ed/i?id=c506562f-1c60-49d9-977c-6d7b47aeec11&ts=1649185106976
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:26 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 681bd4c8-d0bb-4735-b48e-f913e0bd7ac8

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 8C62 7 KB
1 KB 20ms
19ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1366faeb431988c8b0a20e9c905f1c1b6dc56584dfe6ec226162caad7ace2e4d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uBOAPeUCz66Gol2JWq/how' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1110
content-security-policy: script-src 'report-sample' 'nonce-uBOAPeUCz66Gol2JWq/how' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp
s-img.adskeeper.com/g/3805528/328x328/82x0x328x328/ Frame BC16
Redirect Chain

https://c.adskeeper.com/c?pv=2&v=0|0|0|-lhXo6JJG7w5moo6bcCH2INwacJaN4ki-du16GhT76LS_dY6yZAH_z2vFjkQDBJ_&cid=1220982&f=1&h2=L_VeimGmIyuuyKT7tZS8nfhiGb6CTwVO6xjKycj2N0E*&rid=5f51899d-b512-11ec-b919-e...
https://s-img.adskeeper.com/g/3805528/328x328/82x0x328x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp?v=164...

6 KB
6 KB

35ms
21ms

Image
image/webp

104.18.17.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.com/g/3805528/328x328/82x0x328x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp?v=1649185105-lG6-Oab7dqAtkdkWwyMxwVneSoLxNlToP_JNdrIHyLo
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Server: 104.18.17.65 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d13ac1aea9ae15721e120b5fee5677d16b0fe071d7d5cd6d7021bd76f9c790e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 16:00:27 GMT
x-mg-request-uuid: 63900a15-2a31-40e7-91d3-116dbb9dd813
age: 118887
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f7483e08d0990ac-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6224
server: cloudflare

Redirect headers

date: Tue, 05 Apr 2022 18:58:25 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 27e62a1a-68bb-473b-8849-658f1b603852
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://s-img.adskeeper.com/g/3805528/328x328/82x0x328x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp?v=1649185105-lG6-Oab7dqAtkdkWwyMxwVneSoLxNlToP_JNdrIHyLo
cf-ray: 6f7483e02c5390ac-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare

GET
H2 200 i
api.purpleads.io/x/a/24898db33728bac124f4f24f1e08d320:dd44a8527cc3aa0690f652b97f98eaf9e77d82e8a472ce40180d16e3751e4d9026447e8dabf14d2f2930f1f4d09a471f3a73bfe5ee508a2614c1d236ab9d1d2cec5e8e7804bb6c4... Frame BC16 0
199 B 194ms
194ms Image
text/plain 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/24898db33728bac124f4f24f1e08d320:dd44a8527cc3aa0690f652b97f98eaf9e77d82e8a472ce40180d16e3751e4d9026447e8dabf14d2f2930f1f4d09a471f3a73bfe5ee508a2614c1d236ab9d1d2cec5e8e7804bb6c4bfab9233f5989ccda5acdc83e53238783354e2b5ef36d6fcdfe334e81722e91e1b54446e98b583e33aef4042015fcc86a260770459ac6e0e8ebf9502b2bea155595932b76d95bd615/i?id=497bb0fa-750f-421f-8371-d916bf46e72b
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Tue, 05 Apr 2022 18:58:26 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: a241f75f-8da9-45e0-a332-29410dcb0d81

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6BE1 82 KB
28 KB 19ms
19ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

f40eaf406926b73d8a231e0b20e79139fb0bfb9e5326515553ad3d596b202023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28281
x-xss-protection: 0
server: sffe
etag: "1179 / 106 of 1000 / last-modified: 1649156764"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 05 Apr 2022 18:58:25 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C441 13 KB
5 KB 22ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 205
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:55:00 GMT
expires: Wed, 05 Apr 2023 18:55:00 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 90D9 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

79695380d4df251d6856e75cf1f9f81752dac83fe864607b566e7659c188988f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UOAIlOyZlaXWjDsRQSYASg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-UOAIlOyZlaXWjDsRQSYASg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Tue, 05 Apr 2022 18:58:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 325A 82 KB
28 KB 22ms
21ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

77dc0f922a2934882d2fc34d054d62eb614aaf3c1949a5fd63081b08b18b5620

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28282
x-xss-protection: 0
server: sffe
etag: "1179 / 897 of 1000 / last-modified: 1649156675"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 05 Apr 2022 18:58:25 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame 8C62 51 KB
24 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 11:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 11:48:05 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame 8C62 362 KB
143 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:02:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:02:16 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3054 0
0 46ms
45ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ca-yaUZFMYtHhH5jGgAfc_5v4CMme0rFc1Z2R93DAjbcBEAEgAGCVgoCAmAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAgmxjAafUrI-4AIAqAMBqgTjAk_QssYmSRP-rABYvd0tg8hgeZ64-5kCGAAdlBnih-Tq7ncKEE6AeiheuMr0DmAYYwQReQBI099cCWTbTDHnRoYijDFrPuM26slO9JHw9roX39D4Hu1_mCfBrTtS-aiyB1nKwP6eeirj4oxfxfkv-IoDaxm6Yjem3rfDe17ThUYaMJIMnUv4gYvJhjqroEhMW9-SaEdJQlsPQ4r6lSjqlkMaX0iYF3EFZ2F9htodxGO_IkXeaccHFijKk6LXu2VwAHxoDo01UZ5rDEKE_K77v-o2xWCj1LMTZxgrAL95u69NgU0zC4IBvCAwT4n-sWfL_3jyPgsKPq1ZGc2NXjDLVnZvtxpXLAxZv3GZ3geDIm4C3lvba1pHN04D-sfAp8VmmknOA8HOHUleDTNe-AX54jtw5DkzwF2JokgAQXNipOYVsVeRWevefHuq95Th7cvScR5kP8y0zKbPYUq8BWt9-B9rvU3gBAGABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU0MTMzMjk1NDQwNDA5NDcYwYx0&sigh=UzSKKnlPZSU&uach_m=[UACH]&cid=CAQSPwCNIrLMK6G7x4Qm66WtydsSuOEpgRloJs2ylHcISWX9VachvQ1iTYpA1a_x_hOHW18OgovJ6jY1fRcYw1-CjRgB
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 3054 0
0 217ms
17ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=U-b8EMg12AVanYNiAgIAAAAm529vQRUJZEqt_uJOvUHsEFGRTGJEwS5CQDFT-57KBgAS&wp=YkyRUQAH8NEK4CMYAAb_3A8ElEs9sfDXSPWsqA

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
server: Kestrel
server-processing-duration-in-ticks: 250251
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 24BE 202 KB
57 KB 202ms
142ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUQAH8NEK4CMYAAb_3A8ElEs9sfDXSPWsqA&u=%7CNWpTk8j1PEisx9lDouuXhTEymq6lX%2B4eaQ%2FnDxYJQ%2FA%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF3Tlrxo47hJn45Y6Vk_dXyp4_vqRnh1uotz8tALyg3xF48XsqI5FpgPnDTPoxN6xq5YKMOgl_1b1jkwufhx-x55taqOvSOlL8m1npR0WF5XlWmf9kSpEzdXx6DxgS8TrNup29EESrzCvRRz1qS1_4V-O9-W_x3MiYBo7JJ0Hy6eyazvUOFx7KBwwx36JNxP2nXHeBqdptGWMpW_opO2icW2ILBxUrU8hoJQfTuwZid7F5z0lrqY9Ybrs5q6TeR6g2Y3_l-yXm6FTUK-u6NioqqaZvNdHGq0Lek3mKLXFJYwub-IxajhXiLGdoR5MQS-VVPlWtZVbF1qGE--kdoxgySaCKs5bE8DbFR9YPv3opSXDt39ZkCuFZd7RxO6TCW0nVroe4KV7Vl8nzYNK8cX1cVP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyIlQUZFMYtHhH5jGgAfc_5v4CMme0rFc1Z2R93DAjbcBEAEgAGCVgoCAmAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAgmxjAafUrI-4AIAqAMBqgTmAk_QssYmSRP-rABYvd0tg8hgeZ64-5kCGAAdlBnih-Tq7ncKEE6AeiheuMr0DmAYYwQReQBI099cCWTbTDHnRoYijDFrPuM26slO9JHw9roX39D4Hu1_mCfBrTtS-aiyB1nKwP6eeirj4oxfxfkv-IoDaxm6Yjem3rfDe17ThUYaMJIMnUv4gYvJhjqroEhMW9-SaEdJQlsPQ4r6lSjqlkMaX0iYF3EFZ2F9htodxGO_IkXeaccHFijKk6LXu2VwAHxoDo01UZ5rDEKE_K77v-o2xWCj1LMTZxgrAL95u69NgU0zC4IBvCAwT4n-sWfL_3jyPgsKPq1ZGc2NXjDLVnZvtxpXLAxZv3GZ3geDIm4C3lvba1pHN04D-sfAp8VmmknOA8HOHUleDTNe-AX54jtw5DkzwF2JokgAQXNi5uQ0I9Aexfhh4G8JJ6lHFcLGe6huEdQ2eG7yx7gDG0dlfbXvrvLO5lbgBAGABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0fPgfze2jlLfZ30XxWFBZkQPyZog%26client%3Dca-pub-5413329544040947%26adurl%3D

Requested by

Host: 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
URL: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d7cc09116751d52ea1b72aa613a1b70bdaf3440dae09b8b754c9096e35bb8f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=DUo0cthWtp99U5G7gAqszmYEJ4YM5wGDqwUWmhLvcvE2oA1niqRhXO5BPDvio1L-K9UGr3RqWKtN6REcJEgY0JaOsdBT5yDqnceplEsT7HoF-pBEYYYunXM9MRjwaR-QRr6ZYdtz7AXfoFypYjd8PAMI0hta7T4w7Pos09ljbP_quy5oJ3G-gqNiYO5whkhHHkiMcQWYW7lUdqrr3yQTVXDNfTAvbhFf7kOj2WWGeXJ3u99uz_TzRgG_AkGo1JqCrHHaKA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 122178875
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/ Frame 3054 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
URL: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 18:57:18 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/ Frame 3054 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
URL: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:57:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 18:57:59 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3054 0
0 16ms
15ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSVkWF_8V7LoiW4TgHGooefKp_XZLsB96OZUwE5VMoFNXSaClliSQk5YT7uwXVx8XHm_COj1n-ipnM5uosByOxX2uS-PQ
Requested by: Host: 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
URL: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 3054 22 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
URL: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 06:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44618
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Apr 2023 06:34:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3054 119 KB
37 KB 45ms
17ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
URL: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 18:58:26 GMT

GET
H3 200 pubads_impl_2022040401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6BE1 369 KB
125 KB 8ms
8ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

49adad57c43159e3b07daf3f0ae19e1f31d973bc3859ec4dcb647784f0677736

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 11:01:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28610
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128155
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 08:35:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Apr 2023 11:01:35 GMT

GET
H3 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 325A 366 KB
125 KB 7ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 788
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Apr 2023 18:45:18 GMT

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNGMwN2FmNjRjZTM5NzJlY...
s-img.mgid.com/g/11739829/492x277/-/ Frame DC4C 27 KB
28 KB 58ms
22ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739829/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMS8xMDE5MjQvNGMwN2FmNjRjZTM5NzJlYzZkMzAxYzVhZTUxN2QwMjEucG5n.webp?v=1649185105-D4SVwiq8e9MCQOSN4leBPAx_SX8ceOpRa3ilDstuz4A
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcb0ba76d03300d7391a9ee2c885a39110e632e77fa3aa810620d577a0934fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 12:46:05 GMT
x-mg-request-uuid: ec0649cd-e119-4923-8b88-2bface5ad34a
age: 123080
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f7483e0c9606964-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28108
server: cloudflare

GET
H2 200 i
api.purpleads.io/x/a/206e471877e4a8d0e85af63cce3631b4:3e7933f393cbd01243336f6ac1cbe56887bb1ace2c9cd2f25283fe3e8559726e3d3e8219391d546d1eec8c61f22d62591ce37c23b704dcf27712016c87050861c295b78e0523e1b... Frame DC4C 0
199 B 290ms
289ms Image
text/plain 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/206e471877e4a8d0e85af63cce3631b4:3e7933f393cbd01243336f6ac1cbe56887bb1ace2c9cd2f25283fe3e8559726e3d3e8219391d546d1eec8c61f22d62591ce37c23b704dcf27712016c87050861c295b78e0523e1ba9e4a39ef2e9246ac021abc31657fc704937cdbc26215e916a53a926f4971ab0099c1613a6befec4b886e2b64380c4386abf16898cc53c0b453894d0aef267a502f3c4108ee6fc482/i?id=d888803a-50cb-47cb-a691-ad604bbc6e57
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Tue, 05 Apr 2022 18:58:26 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 0936ebdd-e5b1-41a0-8587-2a3c6812b443

GET
H3

200

aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMTEvMTAxOTI0LzRjMDdhZjY0Y2UzOTcyZWM2Z...
s-img.mgid.com/g/11739829/328x328/-/ Frame DC4C
Redirect Chain

https://c.mgid.com/c?pv=2&v=0|0|0|gU7hVULRrGkEfm_-H2LRZT8iTeKzuVXmTMB9KRjYxNqQoDpS9UK_GuoPX3Pg2E6L&cid=1221081&f=1&h2=L_VeimGmIyuuyKT7tZS8nfhiGb6CTwVO6xjKycj2N0E*&rid=5f8895a7-b512-11ec-b8e1-e4434b...
https://s-img.mgid.com/g/11739829/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90L...

21 KB
22 KB

32ms
21ms

Image
image/webp

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739829/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMTEvMTAxOTI0LzRjMDdhZjY0Y2UzOTcyZWM2ZDMwMWM1YWU1MTdkMDIxLnBuZw.webp?v=1649185105-A2abskyqWwR1ZG3nf2FLBGd5VBoe2YFTcMA8tpp6jwA
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28afcef670bfdf1c4641d6ab628e45535b03838d2a0217d8af5980a306861f87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 12:57:09 GMT
x-mg-request-uuid: 322192ef-d854-4231-89e2-9db3e30eb056
age: 123015
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f7483e23cc89158-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21948
server: cloudflare

Redirect headers

date: Tue, 05 Apr 2022 18:58:26 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 24e25e64-0308-48d0-8739-a03d74bcee1d
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://s-img.mgid.com/g/11739829/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMTEvMTAxOTI0LzRjMDdhZjY0Y2UzOTcyZWM2ZDMwMWM1YWU1MTdkMDIxLnBuZw.webp?v=1649185105-A2abskyqWwR1ZG3nf2FLBGd5VBoe2YFTcMA8tpp6jwA
cf-ray: 6f7483e0ba8068eb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 90D9 0
0 120ms
103ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=83553651310547&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js Show response
pagead2.googlesyndication.com/bg/ Frame C441 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:06:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13770
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:06:48 GMT

GET
DATA 200
OK truncated
/ Frame 3054 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d827e31e0b03257120ce1e7bc458b59874e6283fd77ff0e1be1249dd6c13aef7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6BE1 107 B
122 B 32ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6BE1 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6BE1 26 KB
11 KB 275ms
275ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1368573080706281&correlator=1276983457112030&eid=31066024%2C31066025%2C31066342%2C31066991%2C44761477%2C44742767&output=ldjh&gdfp_req=1&vrg=2022040401&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=200x200%7C250x250&ifi=1&adks=1937206528&sfv=1-0-38&ecs=20220405&fsapi=false&eri=4&sc=1&cookie=ID%3D86fe2d0a44eb7462-22910c4a70cd0060%3AT%3D1649185105%3AS%3DALNI_MZ3-FOTmPitrgpYayGu5ug8Bxj17A&abxe=1&dt=1649185107209&dlt=1649185106999&idt=188&biw=1600&bih=1200&isw=200&ish=200&adxs=1128&adys=255&ucis=z0n75wgxypv8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fair.com.fgl.charstudio.christmassweeper2&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=200x198&msz=200x0&fws=256&ohw=0&ea=0&ga_vid=334559498.1649185106&ga_sid=1649185107&ga_hid=865307364&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

207167860391da6128961187e00d359a3ad505ad8e21cbd597d14d75f3099a85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11570
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6BE1 14 KB
10 KB 47ms
33ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cb57681cf42d17f5e38d8015213bde372180fc1218a6521710333ecc248eef3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10681
x-xss-protection: 0

GET
H2 200 container.html Show response
b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 54D9 6 KB
3 KB 57ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Wed, 05 Apr 2023 18:58:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 325A 27 KB
11 KB 253ms
253ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=624336138858159&correlator=2702599451593835&eid=31060438%2C31066947&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=200x200%7C250x250&ifi=1&adks=1937206528&sfv=1-0-38&ecs=20220405&fsapi=false&eri=4&sc=1&cookie=ID%3D86fe2d0a44eb7462-22910c4a70cd0060%3AT%3D1649185105%3AS%3DALNI_MZ3-FOTmPitrgpYayGu5ug8Bxj17A&abxe=1&dt=1649185107233&dlt=1649185107015&idt=211&biw=1600&bih=1200&isw=200&ish=200&adxs=1128&adys=1283&ucis=a9f6y98qu538&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fair.com.fgl.charstudio.christmassweeper2&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=200x198&msz=200x0&fws=256&ohw=0&ea=0&ga_vid=334559498.1649185106&ga_sid=1649185107&ga_hid=1838726454&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

57d50a99d9e4199fd95053a7ed3e2cee6c9a77bd53e5d9ae5ec22ad1bc60a7c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11639
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 325A 14 KB
11 KB 26ms
26ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e97b7a51a2f6d3a97139ff08a8130e07e4f1243f18d431743f8a0f72f355a6a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10756
x-xss-protection: 0

GET
H2 200 container.html Show response
e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 80E7 6 KB
3 KB 43ms
14ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Wed, 05 Apr 2023 18:58:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 325A 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 18:58:26 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6BE1 17 KB
6 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 18:58:26 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 24BE 2 KB
1 KB 52ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUQAH8NEK4CMYAAb_3A8ElEs9sfDXSPWsqA&u=%7CNWpTk8j1PEisx9lDouuXhTEymq6lX%2B4eaQ%2FnDxYJQ%2FA%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF3Tlrxo47hJn45Y6Vk_dXyp4_vqRnh1uotz8tALyg3xF48XsqI5FpgPnDTPoxN6xq5YKMOgl_1b1jkwufhx-x55taqOvSOlL8m1npR0WF5XlWmf9kSpEzdXx6DxgS8TrNup29EESrzCvRRz1qS1_4V-O9-W_x3MiYBo7JJ0Hy6eyazvUOFx7KBwwx36JNxP2nXHeBqdptGWMpW_opO2icW2ILBxUrU8hoJQfTuwZid7F5z0lrqY9Ybrs5q6TeR6g2Y3_l-yXm6FTUK-u6NioqqaZvNdHGq0Lek3mKLXFJYwub-IxajhXiLGdoR5MQS-VVPlWtZVbF1qGE--kdoxgySaCKs5bE8DbFR9YPv3opSXDt39ZkCuFZd7RxO6TCW0nVroe4KV7Vl8nzYNK8cX1cVP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyIlQUZFMYtHhH5jGgAfc_5v4CMme0rFc1Z2R93DAjbcBEAEgAGCVgoCAmAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAgmxjAafUrI-4AIAqAMBqgTmAk_QssYmSRP-rABYvd0tg8hgeZ64-5kCGAAdlBnih-Tq7ncKEE6AeiheuMr0DmAYYwQReQBI099cCWTbTDHnRoYijDFrPuM26slO9JHw9roX39D4Hu1_mCfBrTtS-aiyB1nKwP6eeirj4oxfxfkv-IoDaxm6Yjem3rfDe17ThUYaMJIMnUv4gYvJhjqroEhMW9-SaEdJQlsPQ4r6lSjqlkMaX0iYF3EFZ2F9htodxGO_IkXeaccHFijKk6LXu2VwAHxoDo01UZ5rDEKE_K77v-o2xWCj1LMTZxgrAL95u69NgU0zC4IBvCAwT4n-sWfL_3jyPgsKPq1ZGc2NXjDLVnZvtxpXLAxZv3GZ3geDIm4C3lvba1pHN04D-sfAp8VmmknOA8HOHUleDTNe-AX54jtw5DkzwF2JokgAQXNi5uQ0I9Aexfhh4G8JJ6lHFcLGe6huEdQ2eG7yx7gDG0dlfbXvrvLO5lbgBAGABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0fPgfze2jlLfZ30XxWFBZkQPyZog%26client%3Dca-pub-5413329544040947%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 24BE 2 KB
1 KB 50ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 24BE 308 B
636 B 47ms
18ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 24BE 507 B
836 B 46ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 24BE 0
688 B 212ms
161ms Image
text/plain 2600:9000:2156:6200:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1649185105
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUQAH8NEK4CMYAAb_3A8ElEs9sfDXSPWsqA&u=%7CNWpTk8j1PEisx9lDouuXhTEymq6lX%2B4eaQ%2FnDxYJQ%2FA%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF3Tlrxo47hJn45Y6Vk_dXyp4_vqRnh1uotz8tALyg3xF48XsqI5FpgPnDTPoxN6xq5YKMOgl_1b1jkwufhx-x55taqOvSOlL8m1npR0WF5XlWmf9kSpEzdXx6DxgS8TrNup29EESrzCvRRz1qS1_4V-O9-W_x3MiYBo7JJ0Hy6eyazvUOFx7KBwwx36JNxP2nXHeBqdptGWMpW_opO2icW2ILBxUrU8hoJQfTuwZid7F5z0lrqY9Ybrs5q6TeR6g2Y3_l-yXm6FTUK-u6NioqqaZvNdHGq0Lek3mKLXFJYwub-IxajhXiLGdoR5MQS-VVPlWtZVbF1qGE--kdoxgySaCKs5bE8DbFR9YPv3opSXDt39ZkCuFZd7RxO6TCW0nVroe4KV7Vl8nzYNK8cX1cVP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyIlQUZFMYtHhH5jGgAfc_5v4CMme0rFc1Z2R93DAjbcBEAEgAGCVgoCAmAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAgmxjAafUrI-4AIAqAMBqgTmAk_QssYmSRP-rABYvd0tg8hgeZ64-5kCGAAdlBnih-Tq7ncKEE6AeiheuMr0DmAYYwQReQBI099cCWTbTDHnRoYijDFrPuM26slO9JHw9roX39D4Hu1_mCfBrTtS-aiyB1nKwP6eeirj4oxfxfkv-IoDaxm6Yjem3rfDe17ThUYaMJIMnUv4gYvJhjqroEhMW9-SaEdJQlsPQ4r6lSjqlkMaX0iYF3EFZ2F9htodxGO_IkXeaccHFijKk6LXu2VwAHxoDo01UZ5rDEKE_K77v-o2xWCj1LMTZxgrAL95u69NgU0zC4IBvCAwT4n-sWfL_3jyPgsKPq1ZGc2NXjDLVnZvtxpXLAxZv3GZ3geDIm4C3lvba1pHN04D-sfAp8VmmknOA8HOHUleDTNe-AX54jtw5DkzwF2JokgAQXNi5uQ0I9Aexfhh4G8JJ6lHFcLGe6huEdQ2eG7yx7gDG0dlfbXvrvLO5lbgBAGABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0fPgfze2jlLfZ30XxWFBZkQPyZog%26client%3Dca-pub-5413329544040947%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:6200:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: afUY4ZK2dwpa0tm06aFNIeDQjbPmty-uF49FTQq15ZbJx2rft1j_Zg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 24BE 43 B
348 B 154ms
16ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=nYVka-FtwMx5BkCzaq8HKeJFXfNN92mHZa435PTp72q3WTmBXwTJtjpdx2UoFiVzkv7A5UTO4IMSPOg9IFt7WPkHSjumzSRt41z6LZwktePTESJogkpcYN0Nbh9Tq7R9AyqcUke9gYFOAZf1dww3QC25rOR9ccCj230SiTkKyaf5SMsih0Q76q_HxnJRtqwJRocTyL22ysc10TMMiXa-ZlnrkpFaDWpaCMhzT1JecT5CFEqkjJbllrfLTCpiShwpu7Fv8iL_KidOwVLMiWlNgGNiHzJbcBJkESM4N4Ma8N3rcQJiUdlCIn6qgJrsHCrHg5w8OXfJVz1uelUNwceOsfay_93eC8pbhlAMHmfkOIKloQJvw3HMQg0icTz-rvoQJcrppw3TtoxxPDXeBC9Xbipk2dR0D9QdQulEKI6XLfsGTsQnazqlMQDlHWepFg6J7wlUUQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2492599
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 31D8 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:55:00 GMT
expires: Wed, 05 Apr 2023 18:55:00 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4224 783 B
535 B 16ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

676692963f35dfb06bcf354a9af5fe4db67152e66360dab4cf2d4bc86b2ea3b2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OyaVsXfnwv5xzBLwo4I0cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-OyaVsXfnwv5xzBLwo4I0cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Tue, 05 Apr 2022 18:58:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AAC7 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:55:00 GMT
expires: Wed, 05 Apr 2023 18:55:00 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E0CC 783 B
534 B 19ms
19ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f53e805cbf3e98e3558659229b169493a1639213ac547aa903cf4e026d7aaa88

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v9DFbvGeIQpNkE/o4n+zIg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-v9DFbvGeIQpNkE/o4n+zIg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Tue, 05 Apr 2022 18:58:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 24BE 12 KB
6 KB 15ms
15ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 7 KB
7 KB 197ms
34ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=256&s=Ztz4HcK_1CUe8izFWU-TMUXT

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2a29e79bd75cc83eade181c4acc1c198786539997766b648bc21ed5aa7698408

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30026558
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7142
expires: Sun, 19 Mar 2023 07:41:04 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 1 KB
1 KB 175ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoScribbr-B-V-277389DE-2109171301.gif%3Feb%3D1&v=3&w=800&s=Dyl5XmWuJnDTGw9ZS4Nc5xAw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

94b11dcebc7b200b22b9561a3d0807bde8f84b2454063facd429ab5dc43d7b6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2249547
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1070
expires: Sun, 01 May 2022 19:50:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 6 KB
7 KB 175ms
12ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2FlogoBMW-Group-27361DE-2101221525.gif%3Feb%3D1&v=3&w=800&s=MsH_5I1fgPst-J4Jpa9CEsh7&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f8de8ee65552be2f01a67a6dc47020a4a132e9bfe4b8eb02143d89fb2df08241

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6422
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 1 KB
2 KB 175ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F0%2FlogoSchneider-Electric-GmbH-91666DE-2111251717.gif%3Feb%3D1&v=3&w=800&s=X_XukX_KZegZKuszcl0ABwya&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b700b6e66765842f1f34ae9741743aa8f824dff2d7119a354a4948ea999731c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1470
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 3 KB
3 KB 182ms
20ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F4%2FlogoABF-Pharmazie-GmbH-Co-KG-276589DE-2112061114.gif%3Feb%3D1&v=3&w=800&s=vJeTBViTBA0akNWov1NPb446&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

511dfce7c1f8030304d0d886e6f4a408a84e76c4a8ca8a1ca1a3414dcaf54dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=8282
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2770
expires: Tue, 05 Apr 2022 21:16:28 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 2 KB
3 KB 182ms
20ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2FlogoAmprio-GmbH-201935DE-2106231706.gif%3Feb%3D1&v=3&w=800&s=HokYZuKMzPY0PkFyJnXtNULS&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=1434060
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2446
expires: Fri, 22 Apr 2022 09:19:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 1 KB
1 KB 16ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2Flogobenntec-Systemtechnik-GmbH-4150DE.gif%3Feb%3D1&v=3&w=800&s=2h5h8_6Mv4ASZCuIVy6vzLo8&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

93f169534bcb2fcd2a761e2a4bb2cfea477e39b0b0381f598e0d6c7bf0fa4905

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1974081
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1186
expires: Thu, 28 Apr 2022 15:19:48 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 3 KB
4 KB 15ms
14ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2Flogoadcon-GmbH-128710DE-2101221639.gif%3Feb%3D1&v=3&w=800&s=A48DrRl_2q56WC-HX2ysRY-h&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

d17e3cf1dbeb254e4ec8148dd7b6394dce74ac3b9843d0eee4a3879e3aac69d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=2270
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3377
expires: Tue, 05 Apr 2022 19:36:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 1 KB
2 KB 16ms
15ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2Flogoumlaut-22544DE-2011191708.gif%3Feb%3D1&v=3&w=800&s=AkP6VzvhlWQHomqr6ocOPfaW&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1e04cc8c7f4f0ea9326b4de881d5734b2a1f8a96e9b11c11f6a24ff5997d9b18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=1965085
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1403
expires: Thu, 28 Apr 2022 12:49:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 2 KB
3 KB 21ms
21ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F3%2FlogoPierburg-GmbH-70849DE-2106231713.gif%3Feb%3D1&v=3&w=800&s=FH5xOvZ-lYTaM2SpEfII9W_F&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=2482537
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2446
expires: Wed, 04 May 2022 12:34:04 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 24BE 0
128 B 48ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=DUo0cthWtp99U5G7gAqszmYEJ4YM5wGDqwUWmhLvcvE2oA1niqRhXO5BPDvio1L-K9UGr3RqWKtN6REcJEgY0JaOsdBT5yDqnceplEsT7HoF-pBEYYYunXM9MRjwaR-QRr6ZYdtz7AXfoFypYjd8PAMI0hta7T4w7Pos09ljbP_quy5oJ3G-gqNiYO5whkhHHkiMcQWYW7lUdqrr3yQTVXDNfTAvbhFf7kOj2WWGeXJ3u99uz_TzRgG_AkGo1JqCrHHaKA&sds=2&rev=81065&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 24BE 2 KB
1 KB 19ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 24BE 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

POST
H2 204 collect Show response
k.clarity.ms/ 0
48 B 226ms
225ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: k.clarity.ms
URL: https://k.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:25 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C441 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?our07A
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 44EE 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Wed, 05 Apr 2023 18:58:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/c98c4a8035084adb939ad52a2dda8d6c:ca59097e156de4164f734ff1f99909f07dc0d49a5f953fb4f178644f7076e9a79daf4af5b879d02bc8f3c39abdc36535c15ac9a3dd1d54eee680c290df1ae427e01cb430817e526... Frame 0
0 129ms
128ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/c98c4a8035084adb939ad52a2dda8d6c:ca59097e156de4164f734ff1f99909f07dc0d49a5f953fb4f178644f7076e9a79daf4af5b879d02bc8f3c39abdc36535c15ac9a3dd1d54eee680c290df1ae427e01cb430817e526e5adedcd40f7974a59a89709f94bd299ec2a2f58dd84258810551530b0ceea595e8272c35005f687ee0c4f5f3ed478eb67200830b450071b4f6ac8c9adc5e34df0272a43e9ec07055e754d45207d7df6f434be69910d26802/i?id=2fbd70b0-39b2-41be-857a-bec53723daff&ts=1649185107509
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:26 GMT
x-request-id: b8617b79-fd68-42db-a95c-c881ec94536a

GET
H2 200 i Show response
api.purpleads.io/x/a/c98c4a8035084adb939ad52a2dda8d6c:ca59097e156de4164f734ff1f99909f07dc0d49a5f953fb4f178644f7076e9a79daf4af5b879d02bc8f3c39abdc36535c15ac9a3dd1d54eee680c290df1ae427e01cb430817e526... 0
199 B 458ms
457ms Fetch 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/c98c4a8035084adb939ad52a2dda8d6c:ca59097e156de4164f734ff1f99909f07dc0d49a5f953fb4f178644f7076e9a79daf4af5b879d02bc8f3c39abdc36535c15ac9a3dd1d54eee680c290df1ae427e01cb430817e526e5adedcd40f7974a59a89709f94bd299ec2a2f58dd84258810551530b0ceea595e8272c35005f687ee0c4f5f3ed478eb67200830b450071b4f6ac8c9adc5e34df0272a43e9ec07055e754d45207d7df6f434be69910d26802/i?id=2fbd70b0-39b2-41be-857a-bec53723daff&ts=1649185107509
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:26 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 15dfc172-33d5-4da2-b45b-66af6ed5157f

GET
H3 200 container.html Show response
b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CAD7 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040401.js?cb=31066991

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Wed, 05 Apr 2023 18:58:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/8d08a796805cb08e4d911c2827bf086b:3f3bb9f4e896cf778ede8110905c36e79d2ed1023b5df6069599549a98a286b664972aa2b4fdf991e7310c2d97db046f53bb0fbbf195b1a2ace49d65ef70b9f9790cced0b413379... Frame 0
0 99ms
98ms Preflight 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/8d08a796805cb08e4d911c2827bf086b:3f3bb9f4e896cf778ede8110905c36e79d2ed1023b5df6069599549a98a286b664972aa2b4fdf991e7310c2d97db046f53bb0fbbf195b1a2ace49d65ef70b9f9790cced0b41337945860caba9eb8188ed988bdd14f925d022b100c26d9349ead9ae6d1207c5de5242108e1e93db958b46cbe3036a8c6ad02d918894be48d5b8a5b48bf5609552696e77c58ebfdc6744a4ca4b10fd120f274425b61ad3d5ac0a9/i?id=26c2c6ca-e15f-45b1-a8b4-e5bc69c5d1af&ts=1649185107527
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:26 GMT
x-request-id: f2199a28-b6b1-455c-acf1-4fd869586fa6

GET
H2 200 i Show response
api.purpleads.io/x/a/8d08a796805cb08e4d911c2827bf086b:3f3bb9f4e896cf778ede8110905c36e79d2ed1023b5df6069599549a98a286b664972aa2b4fdf991e7310c2d97db046f53bb0fbbf195b1a2ace49d65ef70b9f9790cced0b413379... 0
199 B 182ms
182ms Fetch 3.211.16.130
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/8d08a796805cb08e4d911c2827bf086b:3f3bb9f4e896cf778ede8110905c36e79d2ed1023b5df6069599549a98a286b664972aa2b4fdf991e7310c2d97db046f53bb0fbbf195b1a2ace49d65ef70b9f9790cced0b41337945860caba9eb8188ed988bdd14f925d022b100c26d9349ead9ae6d1207c5de5242108e1e93db958b46cbe3036a8c6ad02d918894be48d5b8a5b48bf5609552696e77c58ebfdc6744a4ca4b10fd120f274425b61ad3d5ac0a9/i?id=26c2c6ca-e15f-45b1-a8b4-e5bc69c5d1af&ts=1649185107527
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.16.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-16-130.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2Fpci5jb20uZmdsLmNoYXJzdHVkaW8uY2hyaXN0bWFzc3dlZXBlcjI=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:26 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 224bf0e5-c964-4099-aa91-c523cf8b12f4

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4224 0
0 55ms
55ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=624336138858159&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E0CC 0
0 71ms
71ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040401&jk=1368573080706281&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 44EE 0
0 50ms
49ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8XT_UpFMYqWDC6nbx_AP_fas0AzJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE6gJP0KFIqW8C8LyeOqiSAftAP9PRnB_OInRee1P1UsLnSbW_AGVwvhl0doRc85Ao6goshepFfly7aoFmE5a0GUOdam4o2-DC4m7oWmaVgLSqeMcnGvBFc7ClQ4ZrMyzBf0UZwvuTrLLHFVtYmVaxvw6RpJY5ljPSzTneT_aeGZqENpUVEwHbBbamrcv_kVfbfwqaEh2sMLVLYF9I8jJv0LTDGpAY2_zLLdTxDS77_fyUK-knOOLmf5-cQwdC0ij280bGeS8L-0otrbJMfb3uaHuQhAIK-QAI86XnCqB_Qt1zcs_QyFyhDQtuDHzAc_ir2OmsD3rfKLpfFkZGoFDgNHlnBBAFQ9CSPCRfY2xZi3wHcgzlopylYj2VXyQC1b8ItF0JNduhquolyvhxXYai5RBsAP_2SCfaZJbbBjxQ8UEt0q1vSSQpv9_n5XiB1Gnm85l6LV3qu49u5vOjE798aL2VbK8AWN7DcQv9juAEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTQxMzMyOTU0NDA0MDk0NxjBjHQ&sigh=NQp0q9MbZbQ&uach_m=[UACH]&cid=CAQSPACNIrLMvnj6KZUtvCFHcnaVXNVLIFHoSTKdQdrsAzPM8oQ6jO_wH9Ntr-PkxdL_7CEzSvnxydQ5gj_-VBgB
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 44EE 0
0 20ms
20ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=U-b8EMLVC_oB-gGdg2ICAgAAACbnb29BFQlkSq3-4k69QewQUpFMYgw06lLzpQeNHq4oABI&wp=YkyRUgACwaUIEe2pAAs7fd-2zPojfkMakGv09w

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
server: Kestrel
server-processing-duration-in-ticks: 312668
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame CE73 163 KB
52 KB 167ms
166ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACwaUIEe2pAAs7fd-2zPojfkMakGv09w&u=%7COTslYO5yuC1uoppnQVaw41BXBQTY8VilKAWgCCihEJ4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbDgLypM9UfFGjF90nj49bt2Eblu5BubXn807KLfzOzbWwNBLn5aFm8zuncCvFasvGOS-pPCYczUNZ8nDLXd6zKZb07UIm8oJCZg8Udi9SrGG9lOePT3KpReLMpz6EUro7GoffHKZQvzbSx9WBCSvx1yZuHfiwzCAlFcMjCwvnAM1-3t6YyQaWY3ut3PKBykBBvDXGGs9U6YPR8PZqbRt6eQHrTXIiTZOhDC9KZSD3nJez8tpimZiux1VC3SuULA4yDWjtENzdykbOgmLGILoEPyspTioa3dDAAGaNnJH_nN3z0ElnEOc3jiNp6IlSPZyvIJwi_4x9GGdrnPnCB-5XxW8C5C38w5U2W7mxYPTXEbtmh4w68rbb4ZjXumVhMjKoIcwofX38hpY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRS6IUpFMYqWDC6nbx_AP_fas0AzJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE7QJP0KFIqW8C8LyeOqiSAftAP9PRnB_OInRee1P1UsLnSbW_AGVwvhl0doRc85Ao6goshepFfly7aoFmE5a0GUOdam4o2-DC4m7oWmaVgLSqeMcnGvBFc7ClQ4ZrMyzBf0UZwvuTrLLHFVtYmVaxvw6RpJY5ljPSzTneT_aeGZqENpUVEwHbBbamrcv_kVfbfwqaEh2sMLVLYF9I8jJv0LTDGpAY2_zLLdTxDS77_fyUK-knOOLmf5-cQwdC0ij280bGeS8L-0otrbJMfb3uaHuQhAIK-QAI86XnCqB_Qt1zcs_QyFyhDQtuDHzAc_ir2OmsD3rfKLpfFkZGoFDgNHlnBBAFQ9CSPCRfY2xZi3wHcgzlopylYj2VXyQC1b8ItF0JNduhquolyvhxXYai5RBsAP_2SCfaZJbbBjxQ8UEt0q1vSSRrvf51Yvcdx9Z65zqqEPsSsptkUPmNCz3IoIAznhAedMZG24_uMQOLK-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0WgfAoeYGI1tbQnUOPNTHth7xJ8A%26client%3Dca-pub-5413329544040947%26adurl%3D

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8031dcda0cf8cdc5e1a583d6a8b7315721801e6df1d6154ca4d376ebb8aa3ede

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:25 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=j_XbMdhWtp99U5G7JZEuVDMFQe7C4ybHvK-G3joWOrGk-Rco8gmaDIn3ZKyM2VTmw8YzqD5Ze4pgovHMiVLgmsVKBRUgaJ9tA7WvfuhF5Y3AzCSKQYHjeY6u1Bhkk7O0jhFX1SmQl6hukWs78m4IiZ2YvBlbmKYMw1zTMn7y9Jn9Aw2hkCoMlisWmHk6yAt9n4UgIYZOvsl12-y4_6MjcfftiExtK9ru5F-K_2gg9wwobrzwAEd3YKtWl-Id-QAiN0wl3g"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 138496450
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/ Frame 44EE 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/window_focus_fy2019.js

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 18:57:18 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5E72 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 19934
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Wed, 06 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 44EE 119 KB
36 KB 33ms
18ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 18:58:26 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/ Frame 44EE 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:57:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 18:57:59 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 44EE 0
0 16ms
15ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSH5iZALZrUDppwMqnQ7ZbMeR6ZzKwqMm0kfaFXWHvnA1d0994WTPxoS62OudFdhve_MZQEwasaGfczrxirpVru4F1nwQ
Requested by: Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 44EE 22 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 06:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Apr 2023 06:34:47 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CAD7 0
0 48ms
47ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAk0TUpFMYpWWCpmsx_AP3KqSgAXJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE5AJP0LnBMpcV4u7nnwM3VsVDevBYnGGY1tnxV6i6mQRkkag-ItlST8qI1SYzeibx_2gKRa6DQN-JeLUrVG8tdBtLeKf-XyEIt69tNS3Z74LxM_Fz32mAB11rJMDBRaLGsOjzoQ1c_QN1UeAKV8vlL386aQ3qQ7PCV1CM2jpgonubiYcCt_DpRbimQw_LmiViTdJZJSTT5oB06nVqLFHGI8V1akpbTgv679eO-vzhyB5r0pCNxNJxcE7hr3GdLIQ_pheL_edelUok8laUIos_gjZkMZlQJKoEWdOhxwNKu30mQirGOp0Nz06R_lMrJKpBYZeNF5rVKFLM7VqJ0CdXpK5qQTh49s3CdyoPar3r8vXL7fkMg06qkH9t2KjjAPjgjjIACc92tqg0qrmUXFePZal_whZ13UebL0rJ9JSj0i-Cgi6rIYevZl-2uxIbVFQUSTTfAu9IIm9XQdoV2kOhfh8fyH8ruOAEAYAGhqPyhY2UsIM7oAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTQxMzMyOTU0NDA0MDk0NxjBjHQ&sigh=2n5z1lysgLo&uach_m=[UACH]&cid=CAQSPACNIrLMpp5f7ewcEafDltYjMaYMXCV-glJ5iGZcY3l_LMC9gF-NlhbVAcQ6qKYUJ6afnzbnzhl0M0cSIxgB
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame CAD7 0
0 18ms
15ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=U_znEsLVC_oB-gGdg2ICAgAAACbnb29BFQlkSq3-4k69QewQUpFMYgC5f3MHN17R9xPcABI&wp=YkyRUgACixUIEdYZAASVXE5IqcEL1M1jI7YU8Q

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:25 GMT
server: Kestrel
server-processing-duration-in-ticks: 258771
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8E85 153 KB
48 KB 177ms
173ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACixUIEdYZAASVXE5IqcEL1M1jI7YU8Q&u=%7COTslYO5yuC3t1NQzgDtOyfVNkGjAT%2FJiwBzHq%2BxibmE%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbRUdlw-7O7JRwsLBcP9qbdsD8N18eJ6aGytFF4fgLQWKqcbbbvfJLDD-a3WTWtVuiE3R_Sfv6rS8Q9ctrdlxjQGhK-Z-7H7SJrooyz21dcpfhRUMhRywQ7jpAh7KwTDqpJlIWU_DYZI7ilxUpiBYDMk2SU4Tk4MdRwB7VMCH2pzCQPMmBKUrH2ijjE6dTi-7O1kNf6LbcsChKK_xPf5T0vzq2BTSwZwMU8AxwMQDoDINmPgtuhhqPnBdaCMcY1TzxrslMu1m3UaWIcvKRWZBEx3z659LpTfHvvQP4B7BC1PD6_1W5YrRnt2OU76T6bGuwEWkS3dWqxvOeMvhOH1mI7Fwb02AEmVC5fb8Vrxj2zOYA839KyRWWvKHu3oVxq-bjsUEv11u60oY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCcvkIUpFMYpWWCpmsx_AP3KqSgAXJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE5wJP0LnBMpcV4u7nnwM3VsVDevBYnGGY1tnxV6i6mQRkkag-ItlST8qI1SYzeibx_2gKRa6DQN-JeLUrVG8tdBtLeKf-XyEIt69tNS3Z74LxM_Fz32mAB11rJMDBRaLGsOjzoQ1c_QN1UeAKV8vlL386aQ3qQ7PCV1CM2jpgonubiYcCt_DpRbimQw_LmiViTdJZJSTT5oB06nVqLFHGI8V1akpbTgv679eO-vzhyB5r0pCNxNJxcE7hr3GdLIQ_pheL_edelUok8laUIos_gjZkMZlQJKoEWdOhxwNKu30mQirGOp0Nz06R_lMrJKpBYZeNF5rVKFLM7VqJ0CdXpK5qQTh49s3CdyoPar3r8vXL7fkMg06qkH9t2KjjAPjgjjIACc92tqg0qrmUXFePZal_whZ13UebL0rJ9JSj0i_AgA85pggzdeAqr7HLafLsQCDVtOVmOu3jieezKPy_UgeaYvs4B5iFD-AEAYAGhqPyhY2UsIM7oAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1jgcnzMv7yc7Udcj60XOrsBC5ZXw%26client%3Dca-pub-5413329544040947%26adurl%3D

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

912acb76f22170887a835d4c4fff89f0d0f18d78bed0ff373c0cc2324668222a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 18:58:26 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=haFQcthWtp99U5G7d36yEMMtpD2tcUZ009VjMQB3PIbwCc7ROhkhQ8WPwY6qM9-ajlfE3rpaYGWyVtKrMpWKh6P1tIIZO52ceacTO_8MUd8-G6Dk-oO0F6Yo5X2w5NKd8cwISzaswg1rkF_h7rVMlzno5yyOvQLaF_Th8Hxvx_VZVTqOPd9IIGbM_UHvWM-FnfmCPZYEPFvZ2L_222cVo_AgybWwSSoRfZs0XAifhJE2l1Z4cQLyWWmkKcpsC8IF-9pD9A"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 134683457
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/ Frame CAD7 2 KB
1 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/window_focus_fy2019.js

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 18:57:18 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BF70 1 KB
749 B 12ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 19934
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Wed, 06 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CAD7 119 KB
36 KB 37ms
32ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 18:58:26 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/ Frame CAD7 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220331/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:57:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 18:57:59 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame CAD7 22 KB
7 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 06:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Apr 2023 06:34:47 GMT

GET
H3 200 3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js Show response
pagead2.googlesyndication.com/bg/ Frame 31D8 35 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:06:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13770
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:06:48 GMT

GET
H3 200 3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js Show response
pagead2.googlesyndication.com/bg/ Frame AAC7 35 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:06:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13770
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:06:48 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 5E72 0
103 B 198ms
23ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDRvjiDM8JamvMs3OLWcrCc&google_cver=1&google_push=AYg5qPJ_4bjJalE1lP9ecgH1VqpvVBGkluUYL_UCVTSALjiMnpvHPg21m55i9QpGbVQ6_ZWJG2PfPYQuXJ6Zs9v8o3GjAkKk5Wg
Requested by: Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 5E72 0
191 B 193ms
25ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEA_FeacrVFLYEtTp-Hu9-to&google_cver=1&google_push=AYg5qPIHlsHSQrbyIHqKk2aWnEk1pfzFakwncyh6a_e1VjifiKXIaTExFvMycGEF3aY8Dqo2kBReN9F86D9EKcwrCEPMARAxl_M7
Requested by: Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:25 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E72
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEE43iszbunQEQPjq_hCV_gc&google_cver=1&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEE43iszbunQEQPjq_hCV_gc&google_cver=1&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYa...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe&google_hm=YX5Q_IxSSmenGM4IyHx0OQ==

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe&google_hm=YX5Q_IxSSmenGM4IyHx0OQ==

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe&google_hm=YX5Q_IxSSmenGM4IyHx0OQ==
Date: Tue, 05 Apr 2022 18:58:27 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET gg_pixel
sync.adaptv.advertising.com/ Frame 5E72 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E72
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOabKAMmtmKdJM1Ayz6O5TA&google_cver=1&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzij...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOabKAMmtmKdJM1Ayz6O5TA&google_cver=1&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzij...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzijeiztRt810MY&google_hm=2e7465968f3514486680cfaf

170 B
188 B

19ms
19ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzijeiztRt810MY&google_hm=2e7465968f3514486680cfaf

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 05 Apr 2022 18:58:26 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIzOL0sbpUDcFBupFSbp70lXwrMBLA67KgmH0guRUZiGbo73Ix6_ZQL7cZqDn3dsN7kw4TRITPbdFZu8hzijeiztRt810MY&google_hm=2e7465968f3514486680cfaf
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET

pixel
cm.g.doubleclick.net/ Frame 5E72
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1V...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1...

0
0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 5E72 0
75 B 239ms
20ms Image
text/plain 185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEOlLucubxZNyU4y_2kZvTf0&google_cver=1&google_push=AYg5qPIMG611aBSN_o8kmiP7XVfKl5yLTo3GbC9VilAtIm9iTSFhCwFVEgl0dPTchc1c1012F5Tbz4JoPc1ca6DWFGnn9mKHzvgM
Requested by: Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5E72 0
232 B 175ms
14ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0mMbehpbeHkdoRXJivLMXhUZM3Pga0yE-MOv54cBENOUNTB91oj4iEC0NjgXgxGgUdW9O

Requested by

Host: e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
URL: https://e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame BF70 0
104 B 149ms
23ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDRvjiDM8JamvMs3OLWcrCc&google_cver=1&google_push=AYg5qPKGCb50PaWadsswcl_7es3_yNUEJRCPpnI6cbSWDZxKVjRAE430lKuoXsUCvC8SoAsZKdN2uPkrYyWs_1Y_ujf_YqiQ8pYw
Requested by: Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF70
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEFsJSN3siyuo7oZrfuGhTy8&google_cver=1&google_push=AYg5qPL0zs5_-BYzXM_ROvD1jlkYu8taKzDjSiYNtv_X5nYU0XBjPn8OESbEzVsp397peSsJftXsVSoVwHBLmRbKwpqOs4f3FWOX
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3E0C41A8C66B4A6F911509157CF4C4A0&google_push=AYg5qPL0zs5_-BYzXM_ROvD1jlkYu8taKzDjSiYNtv_X5nYU0XBjPn8OESbEzVsp397peSsJftXsVSoVwHBLmRb...

170 B
188 B

31ms
17ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3E0C41A8C66B4A6F911509157CF4C4A0&google_push=AYg5qPL0zs5_-BYzXM_ROvD1jlkYu8taKzDjSiYNtv_X5nYU0XBjPn8OESbEzVsp397peSsJftXsVSoVwHBLmRbKwpqOs4f3FWOX

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Apr 2022 18:58:26 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3E0C41A8C66B4A6F911509157CF4C4A0&google_push=AYg5qPL0zs5_-BYzXM_ROvD1jlkYu8taKzDjSiYNtv_X5nYU0XBjPn8OESbEzVsp397peSsJftXsVSoVwHBLmRbKwpqOs4f3FWOX
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Mon, 04 Apr 2022 18:58:26 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF70
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEPnn9_ZhFVzpHXE4MrQIvsU&google_cver=1&google_push=AYg5qPJWKomjH3aNCZPUu-tYLPoNpcc4uvOj5_85fKcHnCL5VMlGcV12e6qpRmykVjV3uK1bE-KUvetPBQsgRyIEsW9DSwV...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJWKomjH3aNCZPUu-tYLPoNpcc4uvOj5_85fKcHnCL5VMlGcV12e6qpRmykVjV3uK1bE-KUvetPBQsgRyIEsW9DSwVpJLmF&google_hm=ODE0ODI5MDU3MTQ0NjU3OT...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJWKomjH3aNCZPUu-tYLPoNpcc4uvOj5_85fKcHnCL5VMlGcV12e6qpRmykVjV3uK1bE-KUvetPBQsgRyIEsW9DSwVpJLmF&google_hm=ODE0ODI5MDU3MTQ0NjU3OTQyMQ%3D%3D

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Apr 2022 18:58:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJWKomjH3aNCZPUu-tYLPoNpcc4uvOj5_85fKcHnCL5VMlGcV12e6qpRmykVjV3uK1bE-KUvetPBQsgRyIEsW9DSwVpJLmF&google_hm=ODE0ODI5MDU3MTQ0NjU3OTQyMQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF70
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEM_xOT7yy8DEdBJTu5wbsQY&google_cver=1&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8eB...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEM_xOT7yy8DEdBJTu5wbsQY&google_cver=1&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyV...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg5NDk0MzUyMjc3NzMwMDU2Ng&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8...

170 B
188 B

20ms
20ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg5NDk0MzUyMjc3NzMwMDU2Ng&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8eBYUyCRaJInlnqHYb89WdO

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg5NDk0MzUyMjc3NzMwMDU2Ng&google_push=AYg5qPLpc5CFA-hM8xHilzRACyzh3rxjV-s5ufsWrq26yf_8O0hRT1aexXVDf9C8zhtsRcdvtyVlV8eBYUyCRaJInlnqHYb89WdO
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET

pixel
cm.g.doubleclick.net/ Frame BF70
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f...

0
0

GET

pixel
cm.g.doubleclick.net/ Frame BF70
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEOHieSKEuJp4c3HFvz82zpM&google_cver=1&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrI...

0
0

GET
H2 200 dot.gif
s0.2mdn.net/ Frame BF70 43 B
577 B 138ms
14ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEKrGkZyKtp51vzKL29EzsJo&google_cver=1&google_push=AYg5qPIyNlnQl3iYUOZ85nTOqT_sc4UJ_em98RFP8tuw-8_x0yPehr4dfYkskMciBcIgrjl5y57VtOcVhS3Sb0pbmwBtmvrHFghS6g

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Apr 2022 18:58:26 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame BF70 0
40 B 134ms
15ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J7oxxUldyE_eF9bqRTiCgCBH_2Mx2o-SFGPHYi8v6hCDwpV4gxCyWkc9IKPXHQ6aClWvtKZA

Requested by

Host: b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
URL: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 44EE 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e5d2d66eb2fb40bcb7fc9c5ef632835310b50d5f458c5166fa9dad31028f5d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame CAD7 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf3f74dcaa408e301c86d9eafa2cbabdcfff437462bf609da261608bc63c65c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame CE73 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACwaUIEe2pAAs7fd-2zPojfkMakGv09w&u=%7COTslYO5yuC1uoppnQVaw41BXBQTY8VilKAWgCCihEJ4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbDgLypM9UfFGjF90nj49bt2Eblu5BubXn807KLfzOzbWwNBLn5aFm8zuncCvFasvGOS-pPCYczUNZ8nDLXd6zKZb07UIm8oJCZg8Udi9SrGG9lOePT3KpReLMpz6EUro7GoffHKZQvzbSx9WBCSvx1yZuHfiwzCAlFcMjCwvnAM1-3t6YyQaWY3ut3PKBykBBvDXGGs9U6YPR8PZqbRt6eQHrTXIiTZOhDC9KZSD3nJez8tpimZiux1VC3SuULA4yDWjtENzdykbOgmLGILoEPyspTioa3dDAAGaNnJH_nN3z0ElnEOc3jiNp6IlSPZyvIJwi_4x9GGdrnPnCB-5XxW8C5C38w5U2W7mxYPTXEbtmh4w68rbb4ZjXumVhMjKoIcwofX38hpY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRS6IUpFMYqWDC6nbx_AP_fas0AzJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE7QJP0KFIqW8C8LyeOqiSAftAP9PRnB_OInRee1P1UsLnSbW_AGVwvhl0doRc85Ao6goshepFfly7aoFmE5a0GUOdam4o2-DC4m7oWmaVgLSqeMcnGvBFc7ClQ4ZrMyzBf0UZwvuTrLLHFVtYmVaxvw6RpJY5ljPSzTneT_aeGZqENpUVEwHbBbamrcv_kVfbfwqaEh2sMLVLYF9I8jJv0LTDGpAY2_zLLdTxDS77_fyUK-knOOLmf5-cQwdC0ij280bGeS8L-0otrbJMfb3uaHuQhAIK-QAI86XnCqB_Qt1zcs_QyFyhDQtuDHzAc_ir2OmsD3rfKLpfFkZGoFDgNHlnBBAFQ9CSPCRfY2xZi3wHcgzlopylYj2VXyQC1b8ItF0JNduhquolyvhxXYai5RBsAP_2SCfaZJbbBjxQ8UEt0q1vSSRrvf51Yvcdx9Z65zqqEPsSsptkUPmNCz3IoIAznhAedMZG24_uMQOLK-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0WgfAoeYGI1tbQnUOPNTHth7xJ8A%26client%3Dca-pub-5413329544040947%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame CE73 2 KB
1 KB 27ms
26ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame CE73 308 B
636 B 19ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame CE73 507 B
835 B 18ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame CE73 0
689 B 154ms
153ms Image
text/plain 2600:9000:2156:6200:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1649185105
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACwaUIEe2pAAs7fd-2zPojfkMakGv09w&u=%7COTslYO5yuC1uoppnQVaw41BXBQTY8VilKAWgCCihEJ4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbDgLypM9UfFGjF90nj49bt2Eblu5BubXn807KLfzOzbWwNBLn5aFm8zuncCvFasvGOS-pPCYczUNZ8nDLXd6zKZb07UIm8oJCZg8Udi9SrGG9lOePT3KpReLMpz6EUro7GoffHKZQvzbSx9WBCSvx1yZuHfiwzCAlFcMjCwvnAM1-3t6YyQaWY3ut3PKBykBBvDXGGs9U6YPR8PZqbRt6eQHrTXIiTZOhDC9KZSD3nJez8tpimZiux1VC3SuULA4yDWjtENzdykbOgmLGILoEPyspTioa3dDAAGaNnJH_nN3z0ElnEOc3jiNp6IlSPZyvIJwi_4x9GGdrnPnCB-5XxW8C5C38w5U2W7mxYPTXEbtmh4w68rbb4ZjXumVhMjKoIcwofX38hpY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRS6IUpFMYqWDC6nbx_AP_fas0AzJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE7QJP0KFIqW8C8LyeOqiSAftAP9PRnB_OInRee1P1UsLnSbW_AGVwvhl0doRc85Ao6goshepFfly7aoFmE5a0GUOdam4o2-DC4m7oWmaVgLSqeMcnGvBFc7ClQ4ZrMyzBf0UZwvuTrLLHFVtYmVaxvw6RpJY5ljPSzTneT_aeGZqENpUVEwHbBbamrcv_kVfbfwqaEh2sMLVLYF9I8jJv0LTDGpAY2_zLLdTxDS77_fyUK-knOOLmf5-cQwdC0ij280bGeS8L-0otrbJMfb3uaHuQhAIK-QAI86XnCqB_Qt1zcs_QyFyhDQtuDHzAc_ir2OmsD3rfKLpfFkZGoFDgNHlnBBAFQ9CSPCRfY2xZi3wHcgzlopylYj2VXyQC1b8ItF0JNduhquolyvhxXYai5RBsAP_2SCfaZJbbBjxQ8UEt0q1vSSRrvf51Yvcdx9Z65zqqEPsSsptkUPmNCz3IoIAznhAedMZG24_uMQOLK-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0WgfAoeYGI1tbQnUOPNTHth7xJ8A%26client%3Dca-pub-5413329544040947%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:6200:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: P6K9QUYQEpf6xDpgKksEj8Wn7_QSYu6Uv2eaXBtN9O_OB7cqlZalTQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame CE73 43 B
347 B 17ms
16ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=j2ERHZU2IxNQZpx58j7cN2hot74uG4iwKzU1s--FDBwCxGQu7uMY8tnVer3itCN78XEUsoV8EnnBkK0xJwdT7VFibvGX9ZWQux7MxsKAMSm9EHKF0Ma9_1eBbSKnLu5meYdsmLN0cMUbyCPvQ3_9aBufWpGScLUx0seljiamJDv7e4nGneYYukEEOSA-PR11GesKRGsUzY6-fFAY0Msm1ESNLUXnS6lEezOMYYM3s2wc5-eQdEW6nhOHj5VnXDOOf9RsKd8hO0h4gBIYK8YySEm4dNJ0RzpIuR8ptEYbXVF01nZOTRD-LkPg2pZ4iXN1m-77FpgFxSg81ZuyqwRDEfdscdCnhH3W262GHPcZYwL80cU3kekQN3I0U2j3e2Le7GTCDVYtwmm7w6V7QFHD9Lo_M5COmYCHBnEpl2IqtZj1auGgZe-Ygg_9pll1pOsTZomkew

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:25 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2749049
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8E85 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YkyRUgACixUIEdYZAASVXE5IqcEL1M1jI7YU8Q&u=%7COTslYO5yuC3t1NQzgDtOyfVNkGjAT%2FJiwBzHq%2BxibmE%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSM0Dix1JLsqqaPRaZSZtkfbRUdlw-7O7JRwsLBcP9qbdsD8N18eJ6aGytFF4fgLQWKqcbbbvfJLDD-a3WTWtVuiE3R_Sfv6rS8Q9ctrdlxjQGhK-Z-7H7SJrooyz21dcpfhRUMhRywQ7jpAh7KwTDqpJlIWU_DYZI7ilxUpiBYDMk2SU4Tk4MdRwB7VMCH2pzCQPMmBKUrH2ijjE6dTi-7O1kNf6LbcsChKK_xPf5T0vzq2BTSwZwMU8AxwMQDoDINmPgtuhhqPnBdaCMcY1TzxrslMu1m3UaWIcvKRWZBEx3z659LpTfHvvQP4B7BC1PD6_1W5YrRnt2OU76T6bGuwEWkS3dWqxvOeMvhOH1mI7Fwb02AEmVC5fb8Vrxj2zOYA839KyRWWvKHu3oVxq-bjsUEv11u60oY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCcvkIUpFMYpWWCpmsx_AP3KqSgAXJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDegAdW20uoDyAEJqQIRR-mQ8WayPuACAKgDAaoE5wJP0LnBMpcV4u7nnwM3VsVDevBYnGGY1tnxV6i6mQRkkag-ItlST8qI1SYzeibx_2gKRa6DQN-JeLUrVG8tdBtLeKf-XyEIt69tNS3Z74LxM_Fz32mAB11rJMDBRaLGsOjzoQ1c_QN1UeAKV8vlL386aQ3qQ7PCV1CM2jpgonubiYcCt_DpRbimQw_LmiViTdJZJSTT5oB06nVqLFHGI8V1akpbTgv679eO-vzhyB5r0pCNxNJxcE7hr3GdLIQ_pheL_edelUok8laUIos_gjZkMZlQJKoEWdOhxwNKu30mQirGOp0Nz06R_lMrJKpBYZeNF5rVKFLM7VqJ0CdXpK5qQTh49s3CdyoPar3r8vXL7fkMg06qkH9t2KjjAPjgjjIACc92tqg0qrmUXFePZal_whZ13UebL0rJ9JSj0i_AgA85pggzdeAqr7HLafLsQCDVtOVmOu3jieezKPy_UgeaYvs4B5iFD-AEAYAGhqPyhY2UsIM7oAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1jgcnzMv7yc7Udcj60XOrsBC5ZXw%26client%3Dca-pub-5413329544040947%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 8E85 2 KB
1 KB 26ms
24ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8E85 308 B
636 B 21ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 8E85 507 B
835 B 16ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 8E85 43 B
347 B 18ms
17ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=lBNR3R_cVJrxyb8hQjvt7eL3Kp5RtcsdhJauqGR5Qsq_BkqleBcCgmn3nXbloZhusGSo5n4LcNpV6roK6UB-P5OwFKYrRkGALjpCKW8y_OyKydTeuqFqFIoct-sM6Q76VLZ0TqLVHnYAuo6tYap8z4RJz_O9xZ3-HzabS2yEWOQPPbqWr1nLXjjB5f0LuTS21wx70b3nP3yiQx3u5CfpVGcQ22C-128Z9VN_E7uVyX0br-Y1b676P_9RUJX9hL34oXp4l4mh7u-USLt73oOx2UI0DljrpUTNQN8syOhVQ23XmEKQiF-LAoIFZ_IsideshiqgM3_yw4qosO27Y99arFrgV8KeJ-Cm0SeDgBZT78aRWcmK3vIwPdPll5wjb-ao_Cc3jY-bN93N1RoMFtW9YMymvR0SQRuBc2ZqtgsqKvTNS_DofKDefXlFZp-haheTJgbVwA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:26 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2554404
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 8E85 12 KB
5 KB 20ms
19ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1041619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2BuWY3l%2BGGj0B4wqXipkpK9FnPOV18EAhedStTB78tFzBGVqsz4rLuHmfCGOIItFWoIimKtMDCvFV%2BF58TtEFHE2uUAqetwrZ6vjGXyCEygT7D04q%2F2L%2FYwoiwVkivKx9IfVFNvZElusa%2BiK9KwL1Ly0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7483e63ec801df-ZRH
expires: Sun, 26 Mar 2023 18:58:26 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 8E85 12 KB
6 KB 24ms
24ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8E85 12 KB
12 KB 17ms
16ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=132&m=0&partner=58172&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F58172%2F210330%2Fd466d1c7d97e41be9e2a21896a693eb4_logo_w_horizontal.png&v=3&w=496&s=0S0V1sW-H15uuEokBzVFIbkk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cfca4acbe01c23a7973f98e028ec3e6fab1e08864a60f6adf800b8dbf89fe83f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28478183
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 12520
expires: Wed, 01 Mar 2023 09:34:50 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8E85 8 KB
9 KB 17ms
17ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=58172&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-chromebox_cxi4_premium_1000main.png&v=3&w=400&s=HynDZU9B16nF_xgWkctMVF9A&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

635fc3642d77c0ffc3368165582c4d03124eff007d5f58f6beca929f7785904a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=425884
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 8576
expires: Sun, 10 Apr 2022 17:16:31 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8E85 29 KB
30 KB 19ms
19ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=58172&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fo%2F_orion-3000_po3-630_gl_gallery_main_usb_dg.e2ceg.01g.png&v=3&w=400&s=UVgmNiyJaDRzgl6bhYPOdKff&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

58d260c57004679defa1dbbf59b59df7bc1df71b6b664767b9bc0f4e76de9f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=84867
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29938
expires: Wed, 06 Apr 2022 18:32:54 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8E85 14 KB
14 KB 27ms
26ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=58172&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fn%2F_nitro-5-an517-54-bl-rgb_1000main_nh.qf7ev.001.png&v=3&w=400&s=vgWBsz02lkaGMZXsx40aV9F2&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

af97a127628876cab5f8f369c2523e2b7b321297ad728f01a806e7c78f605dd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=164877
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 14368
expires: Thu, 07 Apr 2022 16:46:24 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8E85 0
127 B 14ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=haFQcthWtp99U5G7d36yEMMtpD2tcUZ009VjMQB3PIbwCc7ROhkhQ8WPwY6qM9-ajlfE3rpaYGWyVtKrMpWKh6P1tIIZO52ceacTO_8MUd8-G6Dk-oO0F6Yo5X2w5NKd8cwISzaswg1rkF_h7rVMlzno5yyOvQLaF_Th8Hxvx_VZVTqOPd9IIGbM_UHvWM-FnfmCPZYEPFvZ2L_222cVo_AgybWwSSoRfZs0XAifhJE2l1Z4cQLyWWmkKcpsC8IF-9pD9A&sds=2&rev=81065&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8E85 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8E85 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame CE73 12 KB
6 KB 21ms
21ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame CE73 14 KB
14 KB 14ms
14ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=76&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F05c244b8e1cf40f39dbba9559c8c38e9_blue.png&v=3&w=496&s=XdU4DjFrNKUOG4i9UD0BIQFA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5298d6aa96d4c31e65e9198beb08bc3de1b5b885f22ece667f35c05ea42e2424

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30381447
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 14455
expires: Thu, 23 Mar 2023 10:15:54 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame CE73 0
127 B 14ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=j_XbMdhWtp99U5G7JZEuVDMFQe7C4ybHvK-G3joWOrGk-Rco8gmaDIn3ZKyM2VTmw8YzqD5Ze4pgovHMiVLgmsVKBRUgaJ9tA7WvfuhF5Y3AzCSKQYHjeY6u1Bhkk7O0jhFX1SmQl6hukWs78m4IiZ2YvBlbmKYMw1zTMn7y9Jn9Aw2hkCoMlisWmHk6yAt9n4UgIYZOvsl12-y4_6MjcfftiExtK9ru5F-K_2gg9wwobrzwAEd3YKtWl-Id-QAiN0wl3g&sds=2&rev=81065&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Apr 2022 18:58:26 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame CE73 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:26 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:26 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame CE73 2 KB
1 KB 23ms
23ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:27 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Mar 2023 18:58:27 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 31D8 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fy7wfw
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AAC7 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?y4-HAA
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/air.com.fgl.charstudio.christmassweeper2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 8E85 2 KB
937 B 37ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 18:28:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 05 Apr 2022 18:58:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Apr 2022 18:58:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1BAE 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=83553651310547&bg=!V1SlVBDNAAZku-1yRLs7ACkAdvg8Wm-Ics2cn6HqsVts8bQuD9PsD6tkqoOaUXE3LHrt6cl_84UVCQIAAAEyUgAAAANoAQcKAGUTp8mROIysmvujNNIDODiCKmq8atFWECBYOavIVKys7C3sAcOYxieD7EuhH8HSpQsDhw6Ks7UD0tJN9uIl_R3B3ZXVUL9zIv1mzka2r8LrhXymP5oUnSMttKsBO5h14HPexNu5rpkC6-2Vk1VvI2Kbah-DoAlcIRlVbBh2Br0Qwe4UqRhbFrXuYhnuQNGa1aswYTDa-YW-T_VmVWBIlpn_C2TPQVRagj2nFfJF0siQZZ1itcgOHsZNgGtFg7zTd7NI2OHCVC0Z6pi2vPeqJ_K_I1zjFKfYZ-ymtiVplKkZXuU8qKlrGIEZV6CaPj5rvSHJYo1tZL-NcVdW6IdK8uXg-j1AU7nCTpr0bpUwlnLgDeCQdXo7TScP3CMplHOF3rRmZ2U7KsShCQcpNdhaW0Geaqb9vywfL83RYkemUy-ntJ8OIMPhQe1kCoV7UiLpV3ihjoVncOTPDPxaGoC_wzn2cbUn_-A6LqyV2MO1MXTwCa7MrxYChNTX415vuuFDm4RAlbVxsRb6lxi-3C86nbU25ieUkneaRAC4CcfKSr-tsspr1efFLPr9aITL981hlTHYzQ3SFumNqnStnWE66zHtu3ULxHIA6w3-raH-GcZl7YkVhkwQhzjBxnDVaf0vggN1jXSuKpskffVY7lSCSlpGC-lrOPqc1YG5e8-9rqEHjl1oM5whPxotN0nTcZE-JJUt_XKPwVpkryp_eLyHJpikjKp-yO2ZXiyPoC4Qe5M2BxxmCMtBID_W6VEmRYUS-cTTTdKruZmss3SUitO21_lfC1JePC5zQy5Tyl0Ca-UseFFBETAcwPOVVGaehCZ9KFAWL8fJX4vDUPYwudczk4gnFqR1GYsACod6dnDyj6jOHohg0BsK4bA4ytAEPhANkF7K1B9V8xJNuTSULl6XKLC_Y9f9iFylWMhYMfj3xghhSMxkEiTOvhhaTUHbbfpmZi4OfkHUbXNdBANH4O4vb5E-xYV4R3XwhqFVejtgVjsAfZI6tU2iMIbDJ7tpmphnmvOei1sz1Bw9CyW7XCCBAmuaHx7jH1F0IX67blwO5LhPmLjQyZ0CTYQ4PO009nxwCvGeloFBffjfgHPB5F4PR4xsLm5El3R_qqSn9YZzgMQB-vT6jA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v26/ Frame 8E85 31 KB
31 KB 33ms
12ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v26/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 01:52:36 GMT
x-content-type-options: nosniff
age: 407151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31248
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:37:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Apr 2023 01:52:36 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3054 42 B
64 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss4jVgS9oDfwGtXCnqGTO6olgmjaUE3MeJy1IwD4f4rtmKLcHG1vt_vGpu95TIGHIqmnWm4NHo5eKa0FpX8R6v_&sig=Cg0ArKJSzB7MMRSVYuMSEAE&id=lidar2&mcvt=1000&p=389,294,479,1022&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220404&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1944610241&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649185106972&rpt=203&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 24BE 0
127 B 14ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Apr 2022 18:58:27 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 325A 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=624336138858159&bg=!-_il-LzNAAZku-1yRLs7ACkAdvg8Wh59qVKMUq0lJ4wUJsa2CVhKghzhBMUNRk7QQYTfdSppJOPyjwIAAAImUgAAAAJoAQeZAtlsydz36qK_562SHvz1cRlaZ5bV2Qyu9cYIV4qh_KO0zLFBIIjrjkB_VEQvjCJheZrvtPMRQJbu9ILDzp2fUs-lluSL2qBxbYuggXCBhcWvmMkCQYth7Zl3a3yec7LREm7NXr1mlAnAS8mxujt7cBZr5I4Op57reaq7kodSsPFDFo-y2xo66K78OA2-j8AIXCOKcfSc9mXbZOebz8_Q2azcYUYNfXFqRu_RLQ-aPLPyfv2K0P69K7Rx4n6Ep2qZ6fCDDsCTAShmWVcgg2FZ8fsnZ4zNUAsZkcJKdC3b-MwgqjDeWz36xnY8UCfWe71ZxjLIpidClM_8xhjGSfQCL_F3q46z5dYWymh_Yf-fD323pS6Db5KastG_ApoAwFv4S57iLmL43dtOAOe4Y2bhTVLkewPfSaE3pWUcIHWo--XLi3uMtzucRznQHK6e6qagUO78LdadPbCF1VbHpXtotvPOG6_26JtL6F_Qgd4VqkKQyalvRaYdQ28VNu76NSKHE1JJWYxLs5Y4YJ7h1wgfAmjrbHhfuO3ySNAAQVfRwIVIgLVxM6euCw6e_zscmZeRvqiV4QIReK5fNQr0FhXliqheyXUYkQM2Bfghs-smlO_e8Q-5YspVjWWOAObc-01AFHNiMFxDb-6hXHOyug4QCEo_WmYHp9WqHRSfWtzYfaaUsSHf1iiECJt5PqBEaPDZMz15WKxNdonHuRaAOScbxtG5mA1t6ai-Oy88dYbLsrHiDEN7794DCsIgpioxWV5TiGGmwNTvCbGZrfjAV75ZNVUOQmpSaQGE5G772M0mIYc6HHAG4v05X7pPJes4NA7iNQv-3ItYbq0pqZQAWGCizoyMQ2T2Lh0b2f-tVn3sorj7wPkhrtANQe0BrSClahQPKvBlvyAdzEUL18rPn1YA2mSh4kGXeCbKI1YbKbREUaYTRzl6mYGsv0Ko5yIgbyvY1Pn7YaCSI86AbDY

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6BE1 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040401&jk=1368573080706281&bg=!BwSlBEDNAAZku-1yRLs7ACkAdvg8WkbaCAbAHkvTpAtIg5fcPAj_oznKbgwdL3Bisxl_OkHEri8eGQIAAAGfUgAAAAFoAQcKAKeVx-xpu63GUjBA5NkgqCc-ixB5Z97VHdzzP5IrzrfSP_MEFkJ2r3RM0y_oGAtbliNbaazbGefYGqpS2w11oojOJXEVfd5fpvitFO5mrcl609kze7bfeYtAbL8HWy-NdXjbvLnigj0GONb1M-ngnDAW4IR2-tMntepDYD2KSI_aEBb-fZQHIYcgHNItj0K3mPq533VNV3EY3gtP71MtMxzhnT3GjfNL5JkC3g-2iZMdeBz29bdJ2thutV-A_vts6GQLNhVj35z1RRUtmsfOA4wANAj0erj_tYZnQzpAHsr_Gwh5dsKk86c3j2g_d6H93q771CXReerlc1Zzf4OXmW_0Ja7ifraYZgM9pL_HWd9N3aX5-ebhzgfHPXlswex281hWUt6TOq0wg6TeZDpcnZbxaRZvfmpsslIJyNHenD05j-5Up8PcfMrLZePwtfSBN1D7I1g6kvEVytJj4KU4oNXydk8010l17RaE7rKSaZhp84g6zAhzqbXCcon0p8y4-0wAKXFC-m5cFjAF9d1fjXofkwdoVQEKvrETQU2q9ZQg3kPPswqGFOHZVncKvTuSkF9NVLtyVTaZIsHlG23H3J4v8H7sVj-XlcMZn_rXKsGOLrp8avzAfD7UcfEEhXleM-8_q6O96CzEIKU-ajzzyGFABwvx2BtDu9kUY4AmNPGT3iIZv3fDN_fU18P-YFL1ABYhvAcIJvhsUxBdJt0CdjRrEWXc1PAfyLvwG2nm4Ns09R-LGovWlZW1uR97apQdE1E8XXEauD_6pq_fuCoSIN2vJE8GJMEcjeWXsGkMC1HOCH4AcX6XEJw5thdOc_22_6qLpuVBkstID7jErgk1t5oFjrtqvJzMpB-Yd-c73sb1n04SMjhXoWDI9DX5AVmEXLhUAQGqp85mMC8FZh0i5VV1yYdZsLOkOC-HVSPIkHvqbgH3c7WqP_Ez8wDZT3NVZGVoBpBl1OtZbxLBLvROd6vXKR_xTCkPQ3vOzGKGKQKxN85v9tomJLfc6MI01DlWCdVmwqZApQSDm4cvcoWO-i1pbk9iEJTZCw6woNNIKDcmfrcmX5jrO-sbnVZVlROXgqu6ggvFknh4fnT1anm5-byP2XCl3gV7Q14Akf0eKslQemO-BZey_y6bj-_NvBQUOLKCwld4_FSRDek944qz2jr7jbPxnoFV4b5dUeYDfL_FvuAZg2JiVzhZ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CAD7 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssVUDJc3YdLEiNug9gH_U9p-JQEg-wy3pMR5GnfLFfVD-rV6_t_VOhkrhIeAd7Bh70TL3ibLKGo9HqDpqGrW-vl&sig=Cg0ArKJSzA8CcNIr3VYaEAE&cid=CAASF-RoAXw0ynA175cLqNeS-srsgax0uavC&id=lidar2&mcvt=1001&p=0,0,250,250&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220404&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1937206528&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649185107524&rpt=299&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 18:58:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8E85 0
127 B 16ms
15ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Apr 2022 18:58:27 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

POST
H2 204 collect Show response
k.clarity.ms/ 0
48 B 191ms
190ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: k.clarity.ms
URL: https://k.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 05 Apr 2022 18:58:27 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 24BE 1 KB
1 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

94b11dcebc7b200b22b9561a3d0807bde8f84b2454063facd429ab5dc43d7b6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:28 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2249543
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1070
expires: Sun, 01 May 2022 19:50:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8E85 8 KB
9 KB 15ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

635fc3642d77c0ffc3368165582c4d03124eff007d5f58f6beca929f7785904a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 18:58:29 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=425881
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 8576
expires: Sun, 10 Apr 2022 17:16:31 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adaptv.advertising.com
URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESEH53hkkY2SUwgLDwG0st3E8&google_cver=1&google_push=AYg5qPK3CFSaE-Z0ign0qS8LsosZmGoeFeltNMu-Bhwn_l1Q06JZ6t-4hjKS39syhx-gyiU4LMI4dRQk3p5CP15WH4UFEvFfNuzO

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 19:37:37	Name: _ga Value: GA1.2.334559498.1649185106
.nets4.com/	1970-01-20 02:07:51	Name: _gid Value: GA1.2.1218009620.1649185106
.nets4.com/	1970-01-20 02:06:25	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 10:52:01	Name: CLID Value: 204e6179408b40168cb2bb2580c9b884.20220405.20230405
.nets4.com/	1970-01-20 10:52:01	Name: _clck Value: eh8a3f\|1\|f0d\|0
.c.bing.com/	1970-01-20 11:28:01	Name: SRM_B Value: 0CC7A22EDAE868A00206B353DB836997
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 11:28:01	Name: MUID Value: 0CC7A22EDAE868A00206B353DB836997
.c.clarity.ms/	1970-01-20 02:06:25	Name: ANONCHK Value: 0
.nets4.com/	1970-01-20 02:07:51	Name: _clsk Value: 11n17ai\|1649185106934\|1\|1\|k.clarity.ms/collect
.nets4.com/	1970-01-20 02:06:26	Name: __cf_bm Value: g1dN5TaTSuNxSUCjXyPVDi8YwE1xVqFVIuc1ZBWhlY4-1649185105-0-AfDJk8ybBcDpH2OoT/PwZsUVrrl5rS6BWxjuHM16V/6VYJ6Wv6o2zduwPVFQ1ICqUN3JZr9rb+dP7Eq2G7HpAdANY9Z8aVlwrof5btt2R42ZaPjsdHEElHB8FvxZBpLqNQ==
.doubleclick.net/	1970-01-20 11:28:01	Name: IDE Value: AHWqTUnuwSMdLBogvNRvBLVND9G0gdy5y8wCgCkZ4xGS5povzR_tpzttuPYaeiGR2pM
.mgid.com/	1970-01-20 02:06:26	Name: __cf_bm Value: 1K184PZtNv5NZAeN1SsXwZMkxqX4gbpuIkrIMaStScY-1649185106-0-Afnityv4+Ko9438zLSYdT+KJljcxfmzbm27ea6+EIUZ1PHh9oOloT3nu/RwslJEkldh2AjSDQmVJNoL2f6VeEEU=
.nets4.com/	1970-01-20 11:28:01	Name: __gads Value: ID=86fe2d0a44eb7462:T=1649185105:S=ALNI_Ma7-Vlg-kqjO2KkCi5IFgsTY6LCNg
.simpli.fi/	1970-01-20 10:53:27	Name: suid Value: 3E0C41A8C66B4A6F911509157CF4C4A0
.lijit.com/	1970-01-20 10:52:01	Name: ljt_reader Value: 2e7465968f3514486680cfaf
.360yield.com/	1970-01-20 04:16:01	Name: tuuid_lu Value: 1649185106
.360yield.com/	1970-01-20 04:16:01	Name: tuuid Value: bb0fc27c-c56f-4e1e-8dea-8696bbfcced9
.yahoo.com/	1970-01-20 10:52:22	Name: A3 Value: d=AQABBFKRTGICEGERpjVL2pNYpjUZjYFEdMgFEgEBAQHiTWJWYgAAAAAA_eMAAA&S=AQAAAlce4nG9zhrbxLC4k5_MSNU
.casalemedia.com/	1970-01-20 10:52:01	Name: CMID Value: YkyRUmRfceZzyTohFWmuKAAA
.casalemedia.com/	1970-01-20 04:16:01	Name: CMPS Value: 5223
.adform.net/	1970-01-20 02:49:37	Name: C Value: 1
.casalemedia.com/	1970-01-20 04:16:01	Name: CMPRO Value: 1212
.casalemedia.com/	1970-01-20 02:07:51	Name: CMST Value: YkyRUmJMkVIA
.bidswitch.net/	1970-01-20 10:52:01	Name: tuuid Value: 617e50fc-8c52-4a67-a718-ce08c87c7439
.bidswitch.net/	1970-01-20 10:52:01	Name: c Value: 1649185106
.adform.net/	1970-01-20 03:32:49	Name: uid Value: 2894943522777300566
.bidswitch.net/	1970-01-20 10:52:01	Name: tuuid_lu Value: 1649185107
.bidswitch.net/	1970-01-20 02:06:25	Name: google_push Value: AYg5qPIzaxpYVk2pWzy47JCsLOCKsYoxVwtJPtGfdtZ6CLbnwKUncFGDB8XcUhUT4Wd30_WtJFnALtJDXa5vYaUWaUBG1djOphCe

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESEH53hkkY2SUwgLDwG0st3E8&google_cver=1&google_push=AYg5qPK3CFSaE-Z0ign0qS8LsosZmGoeFeltNMu-Bhwn_l1Q06JZ6t-4hjKS39syhx-gyiU4LMI4dRQk3p5CP15WH4UFEvFfNuzO Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPI7VjyUW45FyNBhyN1NRpfxNMDyNPknDJS7MNXDNoAZbRdtuvJMhOokXoRUcSsmrgxlZBXB7MIFM5DOPrIa6Lwjt7lYqjo Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uw_CfMVvTh6N6oaWu_zO2Q&google_push=AYg5qPJqek8TC7RJl4OGs14_XiomSiVu1A2rsaeiZwGgWu0ayqdDbkryTLGiqFbobOOPJuXr0z9AKv9ptcvS8F1VOWdPxG2LrJtP Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkyRUmRfceZzyTohFWmuKAAABLwAAAAB&google_cver=1&google_push=AYg5qPIEz6CViEuG7A0XMXp3efXpkeSdLZTIAZXQy_wVLhzaiA2FOCK-EgY3pZh1LINngxcPII6f0rbx0gBfeVsSBH7ByKM0seOM&google_gid=CAESEEWaa1oZRbJo7SKnBHEdusQ Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0178f5063caf1e3d7133cdd1e4a2372c.safeframe.googlesyndication.com
ads.eu.criteo.com
adservice.google.com
adservice.google.de
ap.lijit.com
api.purpleads.io
b354f0876925ee0fe749c36122414e4a.safeframe.googlesyndication.com
c.adskeeper.com
c.bing.com
c.clarity.ms
c.mgid.com
c1.adform.net
cat.nl.eu.criteo.com
cdn.purpleads.io
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
csm.eu.criteo.net
dclk-match.dotomi.com
e4953ce8078805fb115b33e347f21f93.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
img.nets4.com
k.clarity.ms
nets4.com
pagead2.googlesyndication.com
pix.eu.criteo.net
pixel-sync.sitescout.com
play-lh.googleusercontent.com
pr-bh.ybp.yahoo.com
rtb.fr.eu.criteo.com
s-img.adskeeper.com
s-img.mgid.com
s0.2mdn.net
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.addtoany.com
static.cloudflareinsights.com
static.criteo.net
sync.adaptv.advertising.com
tpc.googlesyndication.com
um.simpli.fi
www.clarity.ms
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cm.g.doubleclick.net
sync.adaptv.advertising.com
104.18.17.65
104.19.132.78
104.19.135.78
142.250.185.130
169.50.137.184
172.217.18.98
178.250.2.135
178.250.2.148
178.250.2.150
18.64.103.66
185.86.137.122
20.96.88.162
216.52.2.30
2600:9000:2156:6200:1e:a43d:b640:93a1
2606:4700:10::6816:46c5
2606:4700:440e::6812:2fe6
2606:4700:440e::ac40:9c1a
2606:4700::6811:180e
2620:1ec:27::cafe:1846
2620:1ec:c11::200
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2004
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:827::2016
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2001
2a02:2638:1::4
2a02:2638::2
2a02:2638::3
2a02:fa8:8806:20::2010
2a05:d018:d29:3601:4405:fc16:ad1d:f00e
2a06:98c1:3121::7
3.211.16.130
35.156.192.121
37.157.5.142
52.142.114.2
66.155.71.149
045f7b2e89fcfb5484ba4acd31e889919df3c3c9cc38cb7320531a64a11f5641
08383c35578c37174a79128800d3f39d4c432eaa149bf3fcd968674f6c7d252d
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d13ac1aea9ae15721e120b5fee5677d16b0fe071d7d5cd6d7021bd76f9c790e
1366faeb431988c8b0a20e9c905f1c1b6dc56584dfe6ec226162caad7ace2e4d
13dde827c5b6afc12da109950ace86190eeae479bc6c04f14b8d3b5341c67629
156b9147c6c44124d5787c9d95708cc2ed72761453a33e735496169f8160bf8b
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
1d9268537357484fd7ef88766a0faecccf316c038933c1dccf964eeec8f4305a
1e04cc8c7f4f0ea9326b4de881d5734b2a1f8a96e9b11c11f6a24ff5997d9b18
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
207167860391da6128961187e00d359a3ad505ad8e21cbd597d14d75f3099a85
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
286c70fef55ef339da75a65b7bae3e59be01022db0e710f1bf6b2cd81d951d53
28afcef670bfdf1c4641d6ab628e45535b03838d2a0217d8af5980a306861f87
2a29e79bd75cc83eade181c4acc1c198786539997766b648bc21ed5aa7698408
2aa5e1135da27f359b8aa8635358fe678666995d32278286bb4c292652eebadd
2cd9579c3d1f4f72c55909fc5c57a39f7356a0ca4450662704f11d5b2bc9100b
2fa3103806ec53fb0e95a0b28ca8b6ff105212961406e7074f9e67c1dca13dfc
30ccf44890fddda4fc53e1364a652004a9f85923373aa54cb1472f861ec8a629
333c98d98da28ae758b55eff4b52d7dc2ae21e19e3c41b83e90aac4a78e7cf81
35d42c7719fbcb4c6b5b2103b9a74912a28c69436121f9338a6ad4a4f2761195
38737b0e94619d42725f737b877f8b8a37b413ef6cfe48445e2ae21ac0007158
49adad57c43159e3b07daf3f0ae19e1f31d973bc3859ec4dcb647784f0677736
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
4ffbcabff9528a24cc4e0ab68a3414f0354e95f9b239b29bd9ef90dd814ae7dd
510147b11541a835c7afc26691957ac104e0e7090012840927afd1987a7fb9b5
511dfce7c1f8030304d0d886e6f4a408a84e76c4a8ca8a1ca1a3414dcaf54dd2
51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1
5298d6aa96d4c31e65e9198beb08bc3de1b5b885f22ece667f35c05ea42e2424
54b434775350cc0cb6581e5b1f71a991a85fe06d2d67a7c9162122b3a265c02b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57d50a99d9e4199fd95053a7ed3e2cee6c9a77bd53e5d9ae5ec22ad1bc60a7c3
587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a
58d260c57004679defa1dbbf59b59df7bc1df71b6b664767b9bc0f4e76de9f3b
5cb57681cf42d17f5e38d8015213bde372180fc1218a6521710333ecc248eef3
5e5d2d66eb2fb40bcb7fc9c5ef632835310b50d5f458c5166fa9dad31028f5d6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
635fc3642d77c0ffc3368165582c4d03124eff007d5f58f6beca929f7785904a
676692963f35dfb06bcf354a9af5fe4db67152e66360dab4cf2d4bc86b2ea3b2
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6c9c9572bac1efdf36f4a5f936a4209ee9df53a656a2018666cbab86dc4c2d9f
71d4402e323ad9a22471749a45aeb45792845b31014f0501dd63a7dfa40d6c74
771e43b2aadaf068f9edc391e8192bd9372e92be5bff6e5d10e683a9fdf2f28a
77d674e5129f10a4384ce74d1e70429d0ea3a4821815f6a42f22c43a5959dea2
77dc0f922a2934882d2fc34d054d62eb614aaf3c1949a5fd63081b08b18b5620
79695380d4df251d6856e75cf1f9f81752dac83fe864607b566e7659c188988f
7b0b2975dc9009e34fbfebf8f498ffc64b3fc17ae5a46bf2af3f3688aa50fedd
7e2d0b2397510318814ce5197ab175d3f1c813a76dfc7de84408199185f3eacc
8031dcda0cf8cdc5e1a583d6a8b7315721801e6df1d6154ca4d376ebb8aa3ede
897cd7f94889663829433a19a1776b4bb236773d22905edfc366daa28990b6d1
8bed2eb902ec65c1bbfb02c78fb1c5bc29a659a22a5ec9cda1b2151a4ee75b09
8e494c44d5e9b1cf9f4a5e8023c43be68e9f959c03d4cf9f92642236cf797095
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
912acb76f22170887a835d4c4fff89f0d0f18d78bed0ff373c0cc2324668222a
912fa3094520c8407511db6ba89d2896806103a3d91119b6a187d6aaf91b84ee
93f169534bcb2fcd2a761e2a4bb2cfea477e39b0b0381f598e0d6c7bf0fa4905
94b11dcebc7b200b22b9561a3d0807bde8f84b2454063facd429ab5dc43d7b6a
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d3926035d8584194f91efc49b1e49c75a7dcbe7eadb7a8018c01ea47436c049
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704
a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8c3a82916b6e6831214fc16c734efd7c01e454cbe5ca8b27add17c0d9fa7d35
a99033e433cb5106d4345e8081a5d58eedf900397a6f35479a2c4ce2fb3b0359
af97a127628876cab5f8f369c2523e2b7b321297ad728f01a806e7c78f605dd5
b35f2bb54fb9557aef213eb485cd948bb47a538d77cc08069ec4e45906fca061
b700b6e66765842f1f34ae9741743aa8f824dff2d7119a354a4948ea999731c6
baa1c7577458e57b9378b4eff9cd957d26f73ba323e13ac7e14003a374d70621
bfb244f5049099e06bd8392e06c531b002bbbc52bf02828b7b4dd53da9389477
c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce282e34a0df839f095a4a11cc4220b6f4f4abd410137515f0f6d4ed619bfc47
cf3f74dcaa408e301c86d9eafa2cbabdcfff437462bf609da261608bc63c65c2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfca4acbe01c23a7973f98e028ec3e6fab1e08864a60f6adf800b8dbf89fe83f
d02a41d5e4e8f28ff7c21cb6ab313d17467ba95105f96eeaba162a081b4930d2
d0511dc6843e7aec148923ec9cb14586ad149c35f2261f2e42332f7984e4363d
d1675582e399fe4ebddf1590f3e691f4c2eb576d6b827cfe8171bca4d71415cb
d17e3cf1dbeb254e4ec8148dd7b6394dce74ac3b9843d0eee4a3879e3aac69d3
d29db413ec0a3a5f148c5f68957c0d5c83f7fc099e01195758efe6b19cd39126
d7cc09116751d52ea1b72aa613a1b70bdaf3440dae09b8b754c9096e35bb8f8e
d81da1c2333ea18b9649d21dd0dbb2a09141d43d18ef3e2eea1157f3e56d6277
d827e31e0b03257120ce1e7bc458b59874e6283fd77ff0e1be1249dd6c13aef7
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
d9121164dc823a1c1c052daf0a086f314373c37b1600d07e21077005ca8523d8
dcb0ba76d03300d7391a9ee2c885a39110e632e77fa3aa810620d577a0934fc1
ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29
df5f21e266b2c1c94b4a93f2f7e12c2bdaae0a3e25327e0844949f178c1c23ee
dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
e1afac4f639ccfd2a3176184d598ee162e4c2f66e56900e5897e9d821553f169
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e7c69d3f963ae4160aa72b714a02f75fcf0555ba097dc7f51a46f4c3e3e8ff
e78fb1c3b2113445c2f8c06cb66da75193a5a4ebe70ea04a987cccdacf8a8b6c
e97b7a51a2f6d3a97139ff08a8130e07e4f1243f18d431743f8a0f72f355a6a0
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
eef64f7a397e400b8f553622d72e44cfcfb2630f74b958fb561f0392a13ba48d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f3d0d742872c72044c50440340b8ac015a99ae2f6eab1385be65d4baa6bef5ef
f40eaf406926b73d8a231e0b20e79139fb0bfb9e5326515553ad3d596b202023
f53e805cbf3e98e3558659229b169493a1639213ac547aa903cf4e026d7aaa88
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f8de8ee65552be2f01a67a6dc47020a4a132e9bfe4b8eb02143d89fb2df08241
fc224df18921d7751f2f448bde0e9a3816db9dd19c6a87bd312b6b488771d5a4
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

nets4.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

241 Requests

95 %HTTPS

59 %IPv6

31 Domains

49 Subdomains

38 IPs

8 Countries

4525 kBTransfer

7660 kBSize

29 Cookies

15 Outgoing links

Redirected requests

241 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

241
Requests

95 %
HTTPS

59 %
IPv6

31
Domains

49
Subdomains

38
IPs

8
Countries

4525 kB
Transfer

7660 kB
Size

29
Cookies

241 HTTP transactions
4 data transactions