ffdecks.com Open in urlscan Pro
2001:4860:4802:32::15 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ffdecks.com/
Effective URL:
https://ffdecks.com/
Submission: On December 04 via api (December 4th 2023, 7:19:12 pm UTC) from US — Scanned from DE

Summary HTTP 120 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 35 IPs in 7 countries across 27 domains to perform 120 HTTP transactions. The main IP is 2001:4860:4802:32::15, located in United States and belongs to GOOGLE, US. The main domain is ffdecks.com.
TLS certificate: Issued by GTS CA 1D4 on October 19th 2023. Valid for: 3 months.

This is the only time ffdecks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2001:4860:480... 2001:4860:4802:32::15	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
4	2606:4700:e2:... 2606:4700:e2::ac40:8d0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::201b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
4 7	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
1	172.217.18.6 172.217.18.6	15169 (GOOGLE) (GOOGLE)
4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 4	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
3	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	104.64.118.247 104.64.118.247	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.170.182.156 18.170.182.156	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	18.197.5.251 18.197.5.251	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1 2	23.35.237.56 23.35.237.56	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.222.139.14 52.222.139.14	16509 (AMAZON-02) (AMAZON-02)
1	18.239.50.21 18.239.50.21	16509 (AMAZON-02) (AMAZON-02)
2	35.177.10.97 35.177.10.97	16509 (AMAZON-02) (AMAZON-02)
120	35

17 2001:4860:4802:32::15 (United States) 1 redirects

ASN15169 (GOOGLE, US)

ffdecks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e2::ac40:8d0d (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.212.130 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.116 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.6 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 116.202.48.214 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal900013.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.64.118.247 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-118-247.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.170.182.156 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-182-156.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.5.251 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-5-251.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (Hessen, Germany) 1 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.237.56 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-14.ams50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.50.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-50-21.ams58.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.177.10.97 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-10-97.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	406 KB
17	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 98422	76 KB
17	ffdecks.com 1 redirects ffdecks.com	2 MB
9	gstatic.com fonts.gstatic.com www.gstatic.com	244 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37721 hal900013.redintelligence.net — Cisco Umbrella Rank: 203250	55 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	512 KB
5	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 287 fonts.googleapis.com — Cisco Umbrella Rank: 29	681 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	42 KB
4	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 971	170 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 24395 api.webgains.io — Cisco Umbrella Rank: 59842	19 KB
3	medialead.de pv.medialead.de — Cisco Umbrella Rank: 47317	1013 B
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1299	452 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 802 s.tribalfusion.com — Cisco Umbrella Rank: 2218	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	128 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 61264	3 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 714	387 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 550	363 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 336	146 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	149 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 749	463 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 49821	2 KB
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 13930	702 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 128498	923 B
120	27

	Domain	Requested by
17	pagead2.googlesyndication.com	ffdecks.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
17	ffdecks.com	1 redirects ffdecks.com
13	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
8	fonts.gstatic.com	ffdecks.com fonts.googleapis.com
7	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
7	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
7	www.googletagmanager.com	ffdecks.com www.googletagmanager.com adv.office-partner.de
4	hal900013.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900013.redintelligence.net
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900013.redintelligence.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	use.fontawesome.com	ffdecks.com use.fontawesome.com
3	pv.medialead.de	hal900013.redintelligence.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	storage.googleapis.com
3	www.google-analytics.com	www.googletagmanager.com ffdecks.com
2	api.webgains.io	analytics.webgains.io
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	5994599.fls.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	www.googleadservices.com
2	www.googletagservices.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net hal900013.redintelligence.net
2	www.google.com	tpc.googlesyndication.com googleads.g.doubleclick.net
1	adservice.google.com	5994599.fls.doubleclick.net
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	onetag-sys.com	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	x.bidswitch.net	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	track.webgains.com	googleads.g.doubleclick.net
1	www.awin1.com	hal900013.redintelligence.net
1	adv.office-partner.de	hal900013.redintelligence.net
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
120	38

This site contains links to these domains. Also see Links.

Domain
discord.gg
teespring.com
youtu.be
www.facebook.com
www.patreon.com

Subject Issuer	Validity	Valid
ffdecks.com GTS CA 1D4	`2023-10-19` - `2024-01-17`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
storage.googleapis.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://ffdecks.com/
Frame ID: A8013854C14854284906B589843B1679
Requests: 41 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_fy2021.html?hello=world
Frame ID: BD0C122F7FD1844EE791A8E978A6B122
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=120&slotname=8532896955&adk=4054514594&adf=42665576&pi=t.ma~as.8532896955&w=1200&fwrn=4&fwrnh=100&lmt=1701717547&rafmt=12&format=1200x120&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-42971&adtest=false&fwr=0&fwrattr=true&rh=120&rw=1575&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717546890&bpp=10&bdt=1116&idt=287&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&correlator=1484697607818&frm=20&pv=2&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=249&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaopEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=300
Frame ID: 9AD0B410C5DE72EBDEF59B9945092D94
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&adk=1812271804&adf=3025194257&lmt=1701717547&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-42971&adtest=false&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717546912&bpp=2&bdt=1138&idt=282&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x120&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=286
Frame ID: 649EB65F4FBC1FDE83649B518BF0E808
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=120&slotname=8532896955&adk=4054514594&adf=42665576&pi=t.ma~as.8532896955&w=1200&fwrn=4&fwrnh=100&lmt=1701717547&rafmt=12&format=1200x120&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-39531&adtest=false&fwr=0&fwrattr=true&rh=120&rw=1200&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547222&bpp=1&bdt=1448&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaopeE%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=5
Frame ID: EEE148A4964390034047436ACFAB9CD1
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Frame ID: 487322F54168E49A19320E02639A5445
Requests: 24 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FD3395BF20B9E79C23689D506599C97F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F95EEAAE0016B5D42B4B69423196E257
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js
Frame ID: 4A3BBCC8122EBDF92D70EDCBE8670364
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNUFYyCTFUIiHO-HRLuRpr10XyJYwpLg6wWy9I0_UQ4f7Sl50kLwA36E1sIcBBy2j4xf2FhJoEjhzEgOoPkrRfE91IbaQVsMw_h3vT973mRTtz9XSwUWWOHEkhXGC8RN_g9UZjdQi9022jD0J4BtjvlmepBeh4vgM2kkox_TDOhNUnMxCGg
Frame ID: 7A30591DEB46898BE496C625E0445B36
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: CDEDC89C205001F2599085528C58CC6E
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=48460100218087004444994012528013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: C8338806A15134027F5B700A50065437
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 8FB62046CF89DFB0BFF59332D7B9F351
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785
Frame ID: 5FE54F776C74529571BAB86009BD98F0
Requests: 2 HTTP requests in this frame

Frame: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
Frame ID: 55B8B9FB013427EA2D6EC38624340F9E
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FA6B0B93C19BC70DB2A7B7C1ACD4F363
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home | FF Decks

Page URL History Show full URLs

http://ffdecks.com/ HTTP 302
https://ffdecks.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

120
Requests

92 %
HTTPS

46 %
IPv6

27
Domains

38
Subdomains

35
IPs

7
Countries

4570 kB
Transfer

8263 kB
Size

22
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://discord.gg/2N2RKFQQeF

Search URL Search Domain Scan URL

URL: https://teespring.com/stores/ff-decks-shop
Title: Shop Merchandise

Search URL Search Domain Scan URL

URL: https://youtu.be/fcdXadTS84E
Title: Opus XXI - Ice ReviewNov 28, 2023Hang out with the boys as they go over the Opus XXI Ice Cards. Full Compilation to come later!TCG University WATCH open_in_new

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ffdecks/

Search URL Search Domain Scan URL

URL: https://www.patreon.com/ffdecks

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ffdecks.com/ HTTP 302
https://ffdecks.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

https://googleads.g.doubleclick.net/pagead/adview?ai=CNTiXKyZuZZ7TGZuh7OsPu-uwCIzwm4hz-9nW9_4M2tkeEAEgs-7tO2CV4pCCoAegAajZydsByAEJqQLLh202Y1KNPqgDAcgDywSqBL4BT9AM_wZOjO9_YzIIEMdsC9vzXU_CfEbsOFzrWaAKyiGTibARMt7BWjpfgDSH_xxcKujSnYzkI2duaTJ2GV0CpCVMl-6_btwIKe0rMrTs6mdB2kBzYn3rxStmN_tatP-RHOJBMnOLx3LhspzbMEm8vROLoLwemO5YbU97C1G8aiY8pOzgKDvYOyTAc7y6jI7uJfnjWYMt93NSEkjW3uUlwEqEtPBzvFj5rIrP9buJkfjIt6Vs5n7g4ARiojlgtsAEzZP8o60DiAXY4rW8LKAGLoAHwKa2pAKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBD60gTSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPiYp--_9oIDmgk4aHR0cHM6Ly92aW5kZW0taWVmdGluLnJvL29mZXJ0ZS13cGMvI3RhYl9wcm9maWwtd3BjLWdhcmSACgHICwGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQK4E-QD2BMDiBQE0BUBmBYBgBcBshccChoIABIUcHViLTg3NzgwNDU4ODY1ODc0NzgYAA&sigh=T66nu0lsoJ4&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaN2ybMyaWZTsVWV-_8xEV8YdFVAmxeDXf5rkNrdTRXCf-hzjWC6TjIVCkBHgINe4hTv11MT-SebHIohY282IgRehH-Kim-hkDRZhgB&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211976372346651668234%22,%22debug_reporting%22:true,%22destination%22:%22https://vindem-ieftin.ro%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22460483752%22],%224%22:[%2212-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217145135559295634689%22}&andc=true

Request Chain 73

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1

Request Chain 74

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW4mLR8oZMPvFBWNEC-AsQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1

Request Chain 75

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECmFjdW0-9QBbwS4zgOX40o&google_cver=1

Request Chain 76

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQxMTM3MjMwMDU2OTE1NTQ4OA%3D%3D

Request Chain 85

https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 96

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785

Request Chain 105

https://a.tribalfusion.com/i.match?p=b6&u=CAESELy2JVq82jxwhQ0vSD-SJnY&google_cver=1&google_push=AXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELy2JVq82jxwhQ0vSD-SJnY&google_cver=1&google_push=AXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 109

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEELKk6d8-tY-4Er4IIQ9kqk&google_cver=1&google_push=AXcoOmTQs_diTfOLGkxhhg0KDNNGD27lBZ14Bi0WAwTUXQy_lOZthFZQ2OLWjGj9V-fD5PqK0_xTG-mTqMPfcWE5yIZHZw2l1p7btA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTQs_diTfOLGkxhhg0KDNNGD27lBZ14Bi0WAwTUXQy_lOZthFZQ2OLWjGj9V-fD5PqK0_xTG-mTqMPfcWE5yIZHZw2l1p7btA

Request Chain 110

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENg1J6IcMwjo1Hn9_vnCIwg&google_cver=1&google_push=AXcoOmSStTYJmQX_yNL6FEltVfR3vw0VckDf36yGPE1myYLP2FZMUwpsfhY0f39exjMXLo15xBQvvRZW92IjqqGSsqX_F41CWhH-Kmo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmSStTYJmQX_yNL6FEltVfR3vw0VckDf36yGPE1myYLP2FZMUwpsfhY0f39exjMXLo15xBQvvRZW92IjqqGSsqX_F41CWhH-Kmo HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

120 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ffdecks.com/
Redirect Chain

http://ffdecks.com/
https://ffdecks.com/

12 KB
2 KB

251ms
182ms

Document
text/html

2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: a8a7f2e1118dcfab9e024b0f6b7c469192573d79e0bdcc2af49d5e3c0e3bce75

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-length: 1967
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 19:19:05 GMT
server: Google Frontend
vary: Accept-Encoding
x-cloud-trace-context: ed20445ca60dd55c35d91dd1503d1691

Redirect headers

Content-Length: 0
Content-Type: text/html
Date: Mon, 04 Dec 2023 19:19:05 GMT
Location: https://ffdecks.com/
Server: Google Frontend
X-Cloud-Trace-Context: 48160ce692863f094ce245fdce935d18

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 174 KB
64 KB 178ms
64ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-YOUR_TRACKING_ID

Requested by

Host: ffdecks.com
URL: https://ffdecks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f6a9c0657fb331ee8fe7d68848523108b855bb71bf15e7ddabb0cbd994ef03db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64942
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Dec 2023 19:19:05 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 273ms
158ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ffdecks.com
URL: https://ffdecks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f731e6d49b92b0c14ce5b442f38dbe8744d464638e3476c9a95b643c53c158a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52769
x-xss-protection: 0
server: cafe
etag: 2318181429319220205
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Dec 2023 19:19:05 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.7.2/css/ 53 KB
12 KB 33ms
18ms Stylesheet
text/css 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

Request headers

Referer: https://ffdecks.com/
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 378999
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOFvNSnBhF%2BMa2sfUqMcZyHywssmma22noX88o14LqAolSAAnPnkziIifa4RweAgnUCHCbNw0hXRpjJ8BkWbrw49c06XDD6G%2FTHyWy61MrKMzJzDfB%2FEKSXfTHR1fgYIYAqSNRCFmyceSfVMEg%2BqLzHj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 8306662538c2bb97-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 runtime.b4a24b80dd85b6ebf4a2.js Show response
ffdecks.com/ 5 KB
3 KB 190ms
190ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/runtime.b4a24b80dd85b6ebf4a2.js
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0d69f987011b221800498cf0593730105fad3e5de71631d0c314b3a4deee1da4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: application/javascript
x-cloud-trace-context: 062c1c5fdd053c55f81562d0b3fc2398
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:05 GMT

GET
H2 200 polyfills.0cad0e739423c8717741.js Show response
ffdecks.com/ 37 KB
15 KB 220ms
220ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/polyfills.0cad0e739423c8717741.js
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f6448c7348c7d90723b7204b9ccb6f59c6df3149fe7311b73eced38e8c16119a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: application/javascript
x-cloud-trace-context: 078eeb78848dc47a9d3fae734e7ffdc8
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:05 GMT

GET
H2 200 main.e939bdf6627ea3d2b271.js Show response
ffdecks.com/ 2 MB
621 KB 266ms
266ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/main.e939bdf6627ea3d2b271.js
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 5e0db0c53c83dc928729ec458146a101053f806816cfc972b5cc26d606c96e8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: application/javascript
x-cloud-trace-context: 2488791e2181c09741f554294264bfbc
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:05 GMT

GET
H2 200 styles.110262b3ad3211605059.css
ffdecks.com/ 79 KB
13 KB 232ms
232ms Stylesheet
text/css 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/styles.110262b3ad3211605059.css
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f97fc0f2583c4adcfe48a9e852d52af794ccf152d3e5c2e810d94d76ea4b08c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:05 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: text/css
x-cloud-trace-context: 4d14f903d63836671e6214732d7ee1df
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v30/ 11 KB
11 KB 167ms
53ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: ffdecks.com
URL: https://ffdecks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3251f4935896ec37ada153d20d0109828ad08523127f136415355b3fca2dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 00:39:22 GMT
x-content-type-options: nosniff
age: 412783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11160
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 00:39:22 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 68ms
68ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-113981770-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-YOUR_TRACKING_ID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bd1447116ecffcda7152c42b16aeb50badcccb29985863e5a42733b1294599ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68950
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Dec 2023 19:19:06 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/ Frame BD0C 9 KB
4 KB 160ms
51ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 74612
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 22:35:34 GMT
etag: 12051592065903069241
expires: Sun, 17 Dec 2023 22:35:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
79 KB 72ms
72ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-E8Z1H0X41E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-113981770-1&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8508ec9a8b431ce9f88a446b60d8c47edb54dccc4bc9e95f3317f792b1139632

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81297
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Dec 2023 19:19:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 160ms
51ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-113981770-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 18:31:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2848
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 04 Dec 2023 20:31:38 GMT

GET
H2 200 currentuser Show response
ffdecks.com/ 22 B
129 B 174ms
174ms XHR
text/html 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/currentuser
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/polyfills.0cad0e739423c8717741.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: a44923c328608df86d435de04aa5760ffcd5e3d18d290b880c14a747458dccb1

Request headers

Accept: application/json, text/plain, */*
Referer: https://ffdecks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:06 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: text/html; charset=utf-8
x-cloud-trace-context: f8b56435704a92d344e57cf16d67e41d
cache-control: no-cache
content-length: 42

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/ 398 KB
135 KB 127ms
126ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8778045886587478&plah=ffdecks.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9562db5c80c17e215937efca8cb2395526090f3706783cf2e5bd8564efe486e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137672
x-xss-protection: 0
server: cafe
etag: 3371674136400613862
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 04 Dec 2023 19:19:06 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v140/ 126 KB
126 KB 65ms
64ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 12:24:13 GMT
x-content-type-options: nosniff
age: 284093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128616
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 19:52:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 12:24:13 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v30/ 11 KB
11 KB 54ms
54ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 22:31:35 GMT
x-content-type-options: nosniff
age: 161251
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11072
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Dec 2024 22:31:35 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.7.2/webfonts/ 73 KB
73 KB 16ms
16ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2

Request headers

Referer: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 279074
alt-svc: h3=":443"; ma=86400
content-length: 74348
last-modified: Fri, 22 Sep 2023 01:45:52 GMT
server: cloudflare
etag: "462806316fea535a6a57651bc2b000b0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9VEKn6xqQmT9TrpZy%2BrhMKUO2rbhCUa0ITjQVgpv4ohtfKoilYIYiS6j6S%2FNuL17wps0GgxSsIcqEQYNqaHAi5cqnq4bNyfSDWURZa1xt7El6mH8UnsTG%2FxSZHlWfpDbgOeMPAAyxR8BoSynUCBls%2Fn"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 8306662c1b1dbb97-FRA

GET
H2 200 fa-regular-400.woff2
use.fontawesome.com/releases/v5.7.2/webfonts/ 13 KB
14 KB 23ms
23ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-regular-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 940b3908bf9fc263ff7a9640fd719a1a3ecca9e1224e9ce4758053fa01edbcc0

Request headers

Referer: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1945690
alt-svc: h3=":443"; ma=86400
content-length: 13592
last-modified: Fri, 22 Sep 2023 01:45:52 GMT
server: cloudflare
etag: "65779ebcc35604a25c2ba77309c5b8af"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jOazmcQJ%2BfFCh6bOM6cN7pwIBJNLnR1dC%2Fjmc1tuO8QuYDOqS9eMgMtzCi4FI22CwRM751guQ%2Bva8ADwpSNhRv5YpT%2FlTh0Jh5k16tY0CJTqkodJKzaALqoBUCO414e%2B8LebleTcqPQRCOwstXz6PoW"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 8306662c1b20bb97-FRA

GET
H2 200 common.ee3d7b2c1590b819da53.js Show response
ffdecks.com/ 24 KB
9 KB 266ms
266ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/common.ee3d7b2c1590b819da53.js
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/runtime.b4a24b80dd85b6ebf4a2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: aabc81f588221c87d8e76cb6ccc67eca83e691c662dc2a0950c943bbad93f6f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: application/javascript
x-cloud-trace-context: 628b8dbfe0689ccf1b791e2bc09c1a29
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:07 GMT

GET
H2 200 960.ea361640456cd7aad2b2.js Show response
ffdecks.com/ 22 KB
7 KB 186ms
185ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/960.ea361640456cd7aad2b2.js
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/runtime.b4a24b80dd85b6ebf4a2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: c92aaceb01ca9e14bf8f6e8a0db8f35a70c91557ed190d3d228037083c33d412

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: application/javascript
x-cloud-trace-context: 628b8dbfe0689ccf1b791e2bc09c1a29
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:07 GMT

GET
H2 200 FFDecks_Header.png
ffdecks.com/assets/ 44 KB
45 KB 218ms
218ms Image
image/png 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/FFDecks_Header.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 4b98f46494a5ed245f90786bebe135e59d47bb35f3f8ecde1914c4cad05a74fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:29:07 GMT
date: Mon, 04 Dec 2023 19:19:07 GMT
cache-control: public, max-age=600
x-cloud-trace-context: 628b8dbfe0689ccf1b791e2bc09c1a29
server: Google Frontend
etag: "3U_3xQ"
content-type: image/png

GET
H2 200 discord.svg
ffdecks.com/assets/ 7 KB
3 KB 183ms
183ms Image
image/svg+xml 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/discord.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 3cc6a8b6894af08dff5be9fe2bd2b9bf4f489097f349c4efe16d04d4f1938afd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: gzip
server: Google Frontend
etag: "3U_3xQ"
content-type: image/svg+xml
x-cloud-trace-context: 628b8dbfe0689ccf1b791e2bc09c1a29
cache-control: public, max-age=600
expires: Mon, 04 Dec 2023 19:29:07 GMT

GET ads
googleads.g.doubleclick.net/pagead/ Frame 9AD0 0
0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 210ms
101ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231129&st=env

Requested by

Host: ffdecks.com
URL: https://ffdecks.com/polyfills.0cad0e739423c8717741.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d5891f0bfb6f13fa24c31ca5b00194ae891d7780d633fe675b4c90586a9a9c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12286
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 649E 0
180 B 77ms
77ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&adk=1812271804&adf=3025194257&lmt=1701717547&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-42971&adtest=false&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717546912&bpp=2&bdt=1138&idt=282&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x120&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=286

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8778045886587478&plah=ffdecks.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:07 GMT
expires: Mon, 04 Dec 2023 19:19:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 67ms
67ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-100822934-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-YOUR_TRACKING_ID

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa549a972314078fec775ec30b8088e804e96365216de961d9992c5c2ad361ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68955
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Dec 2023 19:19:07 GMT

GET
H2 200 landing Show response
ffdecks.com/ 11 KB
4 KB 224ms
224ms XHR
text/html 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ffdecks.com/landing
Requested by: Host: ffdecks.com
URL: https://ffdecks.com/polyfills.0cad0e739423c8717741.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 102267508e76507e7827cdb049f1ef1ea7b51e204f5b221041fc5d61891a70c3

Request headers

Accept: application/json, text/plain, */*
Referer: https://ffdecks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 47e1120b6fd6889e833c0aaf21d0473c
cache-control: no-cache
content-length: 3640

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.7.2/webfonts/ 70 KB
71 KB 17ms
15ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5f471476e1636e23b00991ae8a85d3703ada55bc6d6162472a28aa94fa64d4e

Request headers

Referer: https://use.fontawesome.com/releases/v5.7.2/css/all.css
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 279075
alt-svc: h3=":443"; ma=86400
content-length: 72112
last-modified: Fri, 22 Sep 2023 01:45:52 GMT
server: cloudflare
etag: "4b115e1153a9ea339d6a0bb284cc8ed3"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNRbKVA1vNWSZYKxpnBCgh4OvKYZKANi4zXhD4v4M0pkdYAKPcGOMTYCzuOt9isPK5Et09Cm4rEkdhQchpjUY1yCjQMOHgeJwita6cGlAXGFUnE8SmyWWAAxfC8kGl%2FnWUlvAugRSefUl%2FH%2FiKkQnCbO"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 8306662e2de4bb97-FRA

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EEE1 123 KB
42 KB 969ms
969ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=120&slotname=8532896955&adk=4054514594&adf=42665576&pi=t.ma~as.8532896955&w=1200&fwrn=4&fwrnh=100&lmt=1701717547&rafmt=12&format=1200x120&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-39531&adtest=false&fwr=0&fwrattr=true&rh=120&rw=1200&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547222&bpp=1&bdt=1448&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaopeE%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96400a6701ee04e6f684271ac7265fcceb141aa3689d74332e3158903fab38d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42803
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:08 GMT
expires: Mon, 04 Dec 2023 19:19:08 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
80 KB 67ms
67ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BQXM04CSVE&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-100822934-1&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2483cf6d1a4c9d7786b1296451c38070e384bae4abda0cddd0da48a1a029d08d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82075
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Dec 2023 19:19:07 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
203 B 71ms
70ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2032449238&t=pageview&_s=1&dl=%2F&dp=%2Flanding_page&ul=en-us&de=UTF-8&dt=%2F&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAACgCI~&jid=438703208&gjid=770519499&cid=1722332785.1701717546&tid=UA-100822934-1&_gid=1946932567.1701717546&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=2007767757

Requested by

Host: ffdecks.com
URL: https://ffdecks.com/polyfills.0cad0e739423c8717741.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ffdecks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ffdecks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-100822934-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 18:31:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2849
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 04 Dec 2023 20:31:38 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
242 B 232ms
38ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BQXM04CSVE&gtm=45je3bt0v9134935676&_p=1701717545786&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1722332785.1701717546&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&dp=%2Flanding_page&dt=%2F&dl=%2F&sid=1701717547&sct=1&seg=0&en=page_view&_fv=1&_ss=1&tfd=2182
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BQXM04CSVE&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ffdecks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 258ms
64ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Dec 2023 19:19:07 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc-.woff
fonts.gstatic.com/s/roboto/v30/ 20 KB
20 KB 54ms
54ms Font
font/woff 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc-.woff

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf14c7d7734b8f9c863b982a4e7b30d4361af8e8747f2ca8672ba58e703e96a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Origin: https://ffdecks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 08:33:18 GMT
x-content-type-options: nosniff
age: 211549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20416
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Dec 2024 08:33:18 GMT

GET
H2 200 5205778601345024_thumbnail.jpg
storage.googleapis.com/ffdecks-content-stream/ 194 KB
195 KB 578ms
285ms Image
image/jpeg 2a00:1450:4001:80f::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/ffdecks-content-stream/5205778601345024_thumbnail.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b6af4af29e1d48b627d4a5171bebc811aa3f56c466d3b95aded6a9ca7f1e076e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:13:42 GMT
age: 326
x-guploader-uploadid: ABPtcPp-SYej6LyWweo-rZNp-4gdw4q1fXfFpApwHEAsMy5tmnLJ8st9UmnkdAPu0-DG4RmAff0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198868
last-modified: Thu, 09 Nov 2023 18:35:15 GMT
server: UploadServer
etag: "a0683da7f202d414ca23e139f6eef87e"
x-goog-generation: 1699554914940171
x-goog-hash: crc32c=lmEIIw==, md5=oGg9p/IC1BTKI+E59u74fg==
content-type: image/jpeg
cache-control: public, max-age=3600
x-goog-stored-content-length: 198868
accept-ranges: bytes
expires: Mon, 04 Dec 2023 20:13:42 GMT

GET
H2 200 5205778601345024_author_image.png
storage.googleapis.com/ffdecks-content-stream/ 416 KB
416 KB 353ms
61ms Image
image/jpeg 2a00:1450:4001:80f::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/ffdecks-content-stream/5205778601345024_author_image.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b0058872210044f00d377004facbff9650611ef3c96aacca0bdd42a1a6fb8208

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:13:42 GMT
age: 326
x-guploader-uploadid: ABPtcPqA6jltKqccCJGlyYxZX_DxoQSBtOQ8Qmxzh5xAD1ZO9HMW1R7Gi9qSp8S8aswoDWfLSE4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 425670
last-modified: Thu, 09 Nov 2023 18:35:15 GMT
server: UploadServer
etag: "dc1e9f1738c311e72db5e5cb9bc02b9e"
x-goog-generation: 1699554915256962
x-goog-hash: crc32c=9XJoFQ==, md5=3B6fFzjDEectteXLm8Arng==
content-type: image/jpeg
cache-control: public, max-age=3600
x-goog-stored-content-length: 425670
accept-ranges: bytes
expires: Mon, 04 Dec 2023 20:13:42 GMT

GET
H2 200 fire.png
ffdecks.com/assets/ 301 KB
301 KB 224ms
223ms Image
image/png 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/fire.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 52a9d6e7ab843d4a4d031fdcf6751f0a8d540300359a41231cec7d5e328bf24e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:29:07 GMT
date: Mon, 04 Dec 2023 19:19:07 GMT
cache-control: public, max-age=600
x-cloud-trace-context: ab10cf297aae04b35aa3b1421e38b56b
server: Google Frontend
etag: "3U_3xQ"
content-type: image/png

GET
H2 200 wind.png
ffdecks.com/assets/ 301 KB
301 KB 227ms
226ms Image
image/png 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/wind.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 91b3521582a0345a36cf7c83e77fb162b51d0d5e07fab9725fd5a72ca40a8213

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:29:07 GMT
date: Mon, 04 Dec 2023 19:19:07 GMT
cache-control: public, max-age=600
x-cloud-trace-context: 1b0cef66803ff57857a8f39e32936d41
server: Google Frontend
etag: "3U_3xQ"
content-type: image/png

GET
H2 200 dark.png
ffdecks.com/assets/ 301 KB
301 KB 190ms
189ms Image
image/png 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/dark.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: dbd9435d4b7a67a71497a1575fafda8fa017d357030bf1872c27a08f6b37402f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:29:07 GMT
date: Mon, 04 Dec 2023 19:19:07 GMT
cache-control: public, max-age=600
x-cloud-trace-context: ab10cf297aae04b35aa3b1421e38b56b
server: Google Frontend
etag: "3U_3xQ"
content-type: image/png

GET
H2 200 ice.png
ffdecks.com/assets/ 301 KB
301 KB 191ms
190ms Image
image/png 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/ice.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 4a7ca90273cc0ea260ad2f25dbf1bc2f1c45c3fced73829dabb54dce8baa0c44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:29:07 GMT
date: Mon, 04 Dec 2023 19:19:07 GMT
cache-control: public, max-age=600
x-cloud-trace-context: 1b0cef66803ff57857a8f39e32936d41
server: Google Frontend
etag: "3U_3xQ"
content-type: image/png

GET
H2 200 water.png
ffdecks.com/assets/ 303 KB
303 KB 238ms
237ms Image
image/png 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ffdecks.com/assets/water.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 3271b8296e76d67ea7a85c7474a87e5b28ac83ef29ce401d05e029d6b1205fd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:29:07 GMT
date: Mon, 04 Dec 2023 19:19:07 GMT
cache-control: public, max-age=600
x-cloud-trace-context: ab10cf297aae04b35aa3b1421e38b56b
server: Google Frontend
etag: "3U_3xQ"
content-type: image/png

GET
H2 200 9-123L_eg.jpg
storage.googleapis.com/ffdecks-card-images-qas/ 68 KB
68 KB 569ms
277ms Image
image/jpeg 2a00:1450:4001:80f::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/ffdecks-card-images-qas/9-123L_eg.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: ef2288e5c962da21c29a6cb56f9fc6d1f295bdb7dd02c2d8e51d8573e9d5aa55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:13:42 GMT
age: 326
x-guploader-uploadid: ABPtcPpckY0jBMAluwY6nr65re50q2Y0cq-AE5jnYwRYAicYEyvqdklatmakRW6p8QJ97_4e19s
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69773
last-modified: Sat, 13 Jul 2019 00:53:26 GMT
server: UploadServer
etag: "919248b51833eaa46057f658ab395c8c"
x-goog-generation: 1562979206647509
x-goog-hash: crc32c=K062ew==, md5=kZJItRgz6qRgV/ZYqzlcjA==
content-type: image/jpeg
cache-control: public, max-age=3600
x-goog-stored-content-length: 69773
accept-ranges: bytes
expires: Mon, 04 Dec 2023 20:13:42 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4873 28 KB
13 KB 894ms
887ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2506de5c43929e92b238eb0654401edb7bb4f487a361232f7679408e15f676fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 13075
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:08 GMT
expires: Mon, 04 Dec 2023 19:19:08 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FD33 13 KB
5 KB 64ms
58ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ffdecks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 17:51:08 GMT
expires: Tue, 03 Dec 2024 17:51:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F95E 829 B
1 KB 193ms
70ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

32159adfb16e4b5887676537c8553b8cc19c224e93dd4fb87f3f40edda8ca69f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-enVBVRsqwohTvgtvaKpeJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ffdecks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-enVBVRsqwohTvgtvaKpeJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:08 GMT
expires: Mon, 04 Dec 2023 19:19:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame FD33 39 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Dec 2024 17:45:17 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FD33 0
10 B 53ms
53ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FGEbMg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame EEE1 4 KB
1 KB 262ms
60ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=120&slotname=8532896955&adk=4054514594&adf=42665576&pi=t.ma~as.8532896955&w=1200&fwrn=4&fwrnh=100&lmt=1701717547&rafmt=12&format=1200x120&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-39531&adtest=false&fwr=0&fwrattr=true&rh=120&rw=1200&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547222&bpp=1&bdt=1448&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaopeE%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 04 Dec 2023 19:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:50:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Dec 2023 19:19:08 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame EEE1 2 KB
822 B 56ms
56ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 21:48:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77432
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 17 Dec 2023 21:48:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame EEE1 24 KB
9 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 20:02:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9305
x-xss-protection: 0
server: cafe
etag: 13635642240219548939
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 17 Dec 2023 20:02:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame EEE1 3 KB
1 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5633
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 17:45:15 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame EEE1 20 KB
8 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 20:02:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 17 Dec 2023 20:02:10 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EEE1 202 KB
64 KB 132ms
131ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Dec 2023 19:19:08 GMT

GET
H2 200 7a8419aef3683f04c437bd15cecf843d.js Show response
www.gstatic.com/mysidia/ Frame EEE1 37 KB
16 KB 248ms
54ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 22:31:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 19:10:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 01 Mar 2024 22:31:34 GMT

GET
H3 200 6592766407814317453
tpc.googlesyndication.com/simgad/9993516470060876023/ Frame EEE1 57 KB
57 KB 60ms
60ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9993516470060876023/6592766407814317453

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d65905ca64ebb3c1bc89d7002c8dd36d92dd61de88eb24dbcb6dd95ab9e7f63d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 11:30:30 GMT
x-content-type-options: nosniff
age: 28118
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58025
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 10:26:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 03 Dec 2024 11:30:30 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17645155525724437471/ Frame EEE1 2 KB
2 KB 57ms
57ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17645155525724437471/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79562fdeac9ada6b914848daa2ed2a8292ccb77588d5b539566bc39ad0320a86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 21:28:23 GMT
x-content-type-options: nosniff
age: 251445
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2290
x-xss-protection: 0
last-modified: Sat, 25 Jun 2022 03:28:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 30 Nov 2024 21:28:23 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F95E 0
0 88ms
87ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231129&jk=2281852193336545&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame EEE1 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13f5d8719d96efc6095f3b034541cc7d6b40c6f5f333460ada3393ce972165b9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EEE1 15 KB
16 KB 53ms
53ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:48:28 GMT
x-content-type-options: nosniff
age: 286240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 11:48:28 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EEE1 15 KB
15 KB 58ms
58ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 21:25:42 GMT
x-content-type-options: nosniff
age: 251606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 21:25:42 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame EEE1
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CNTiXKyZuZZ7TGZuh7OsPu-uwCIzwm4hz-9nW9_4M2tkeEAEgs-7tO2CV4pCCoAegAajZydsByAEJqQLLh202Y1KNPqgDAcgDywSqBL4BT9AM_wZOjO9_YzIIEMdsC9vzXU_CfEbsOFzrWaA...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211976372346651668234%22,%22debug_reporting%22:true,%22destination%22:%22https://vindem-ieftin.ro%22,%22event_report_window...

0
0

163ms
84ms

Fetch
text/css

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211976372346651668234%22,%22debug_reporting%22:true,%22destination%22:%22https://vindem-ieftin.ro%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22460483752%22],%224%22:[%2212-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217145135559295634689%22}&andc=true

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:08 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11976372346651668234","debug_reporting":true,"destination":"https://vindem-ieftin.ro","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["460483752"],"4":["12-04"],"6":["true"]},"priority":"500","source_event_id":"17145135559295634689"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Dec 2023 19:19:08 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 04 Dec 2023 19:19:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11976372346651668234","debug_reporting":true,"destination":"https://vindem-ieftin.ro","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["460483752"],"4":["12-04"],"6":["true"]},"priority":"500","source_event_id":"17145135559295634689"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A3B 51 KB
19 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/5hpSdEAdCYypbNizbkAw91vLZEBHsYzw3rH5Fshj8SY.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 20:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 426678
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19933
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 20:47:50 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 155ms
75ms Preflight
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 19:19:08 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 103ms
101ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231129&jk=2281852193336545&bg=!f3ylfDPNAAY3kmNgF5I7ADQBe5WfOLYfKeYiN1fJ4EAKqLUqwVX4IcVQryisBcAxaQH3oLj32ITNEzUJKoVt6Gnqk1lqAgAAAKVSAAAAAWgBBwoAGkuqqxuy1fNatxjaVzZPFmn6IJXhwUy7hAcimQK_V1Ig4bluJd8cwOPdQ1I0aahFBW0nIaq1HU7Yj1oJ77n9ntbgG_cZt99Ykfg9eOicwgqoXV4T3B-qOA9YO2Wq0azGrtLnCaFebmQZMvyIb-IbQkK9kyyv0BgJNPg-xOLBvOqEpuHj0WMGpo8OBiKC-QN5NuL6TBjR0NpEK10061tN4I-wVwGrtVlsqddE-blIWQtibzgTBZ0TQ1TKhntxCdx6GFNtctp_ueR8nzDmYwEJIMSwcpya0o_oa2XuXfXQmA68Q5VEK1PzoZKXwAP86MKjHYbuYW16eE34Gofc45m3jKUbY_3Cd3AfuqofMO4G9Y7sM0hv0pi-g0KOgakNmptGbdkAjA3ZZP0FnTmKDLWX1ZCUgFuLMcHhHwQtfn_tiQQ_oVILc8rk01txQOnAiRuhefk_D2-Kwf39R6eFM8a2S7Np9ueQdGKjQXy4CjECwNALFmYrxkKwGoTSSawBNLjH-LG8klvlMZyLCyzyAyviFItPs8r2ZcV5nQHRN9Xcn0lYqCDLgh8ShG3NCA5xNS4_2v3tS5iWsjBVaEruvI7t8pxXRXVQuCBmTlNc3xTOyu3EdTPsdGifRs6qsbWVs9xmx5ZeeZqkLQD3zpFf4TkvDahcpXdtg1ZRYEtkh6wgQkWIY77dTqAK6gU4qRgU1KbCu4wdXEElLZzdhVsbAeO0On5_RZRITmCOZarfz7ayGkXTZppygGQevJOqr5BGSXu___YgodyFEM3yc3hNbMgrNT-uF_qo4lKmh-9CSXPy3P4X4LaQU-0JiywrGdIzVjlbvgmtWEJ1iq3vi9jKCglSx_HcO7O4fcTicwzM20lnwnCNB2UZ5_ehLgEc_Tk5kRugq_l9-unVkWSInVm8u8W6LCmsb0tOIYvQ_la3iUlCwjP77qf5ZNgkecDUl9nEB4z1JfsnCYjt8ZEr10S7ag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ffdecks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4873 42 B
63 B 88ms
87ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AD3_c8ynwLNte2SNU1fMOc80FOmZ9O_xTlyNYSKHlKHzwb5uw8axY-zXo_0dEJHP5B-phFWqBpwVCCq0mVEJU43a81TpEl797-dmW12j30bQsi9Q0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4873 0
20 B 89ms
88ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7431603471826148773&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4873 89 KB
31 KB 111ms
109ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 04 Dec 2023 19:19:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 4873 3 KB
1 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5633
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 17:45:15 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 4873 20 KB
8 KB 67ms
65ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 20:02:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 17 Dec 2023 20:02:10 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4873 0
0 66ms
63ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQF64jdHXOgFDBqR5_xS9dJMXMLqlnxe3eDtM9eT6eQR9QmzSLytLT6KAmb2ISoWZ4TVQshL8KoPZfRQrLNFfd85gng9w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4873 202 KB
64 KB 91ms
91ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Dec 2023 19:19:08 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7A30 624 B
242 B 96ms
95ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNUFYyCTFUIiHO-HRLuRpr10XyJYwpLg6wWy9I0_UQ4f7Sl50kLwA36E1sIcBBy2j4xf2FhJoEjhzEgOoPkrRfE91IbaQVsMw_h3vT973mRTtz9XSwUWWOHEkhXGC8RN_g9UZjdQi9022jD0J4BtjvlmepBeh4vgM2kkox_TDOhNUnMxCGg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7A30
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1

43 B
774 B

31ms
31ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNUFYyCTFUIiHO-HRLuRpr10XyJYwpLg6wWy9I0_UQ4f7Sl50kLwA36E1sIcBBy2j4xf2FhJoEjhzEgOoPkrRfE91IbaQVsMw_h3vT973mRTtz9XSwUWWOHEkhXGC8RN_g9UZjdQi9022jD0J4BtjvlmepBeh4vgM2kkox_TDOhNUnMxCGg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JnqC%2BS5q3lMMfRdQFD8UuVcwTaY2mr17%2Bpd0LY9I7j%2BEMwilmeZJDPMNUmnAip0WyhsoaB1YjMOHf0f%2FbQoPnszchTBbGKQS8fmWNFZg%2BaGbzlzCl8mc%2FKq%2BP7a2hMFw3oZ9yWVTYZQ79w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8306663a2d2e1c97-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7A30
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW4mLR8oZMPvFBWNEC-AsQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1

43 B
732 B

32ms
32ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNUFYyCTFUIiHO-HRLuRpr10XyJYwpLg6wWy9I0_UQ4f7Sl50kLwA36E1sIcBBy2j4xf2FhJoEjhzEgOoPkrRfE91IbaQVsMw_h3vT973mRTtz9XSwUWWOHEkhXGC8RN_g9UZjdQi9022jD0J4BtjvlmepBeh4vgM2kkox_TDOhNUnMxCGg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTK0FCoCyAP3iz0VUS%2Flfog816rB12N2IHdBIh%2FTEJwzRrAmf1nPPpdvb3MwGWXp7Iemory20ueLeUYinQV%2BA6oIQpLi0q6pKL5XEkHMMB0GEX8sWF5N0bQOtQIjZDRcYytG6kVolMF3cA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8306663a3d471c97-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICbpVzyFu7BC8D0f_IVeYI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7A30
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECmFjdW0-9QBbwS4zgOX40o&google_cver=1

43 B
848 B

14ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECmFjdW0-9QBbwS4zgOX40o&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNUFYyCTFUIiHO-HRLuRpr10XyJYwpLg6wWy9I0_UQ4f7Sl50kLwA36E1sIcBBy2j4xf2FhJoEjhzEgOoPkrRfE91IbaQVsMw_h3vT973mRTtz9XSwUWWOHEkhXGC8RN_g9UZjdQi9022jD0J4BtjvlmepBeh4vgM2kkox_TDOhNUnMxCGg

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
an-x-request-uuid: 6ffad209-353c-4cb7-92db-a7e459b853fe
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.131; 185.213.155.131; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECmFjdW0-9QBbwS4zgOX40o&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7A30
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQxMTM3MjMwMDU2OTE1NTQ4OA%3D%3D

170 B
243 B

47ms
47ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQxMTM3MjMwMDU2OTE1NTQ4OA%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
an-x-request-uuid: 658ae74c-7476-4956-8aca-36cec484dd5b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQxMTM3MjMwMDU2OTE1NTQ4OA%3D%3D
x-proxy-origin: 185.213.155.131; 185.213.155.131; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4873 0
20 B 88ms
88ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9353996758752&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4873 0
20 B 88ms
87ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9353996758752&version=m202309260101&ct=77&x=1&cor=7431603471826148000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4873 20 KB
14 KB 369ms
369ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHmZ8PAJosDCCM2A_kZYPSS4c_Jjq40d5E1kCw74rtpmbtfHIUbu-mvqr25VebFYFmkYwTBwkCf6atg_JPuqPY0X5Gml8yyyfW5SwBGhnnCAhV3I6qQUhQRXcknBp092_YJhfgWBjDdOnbkTSa48m4tGw263sFizUo0uNNHHilijuUnZI&cry=1&dbm_d=AKAmf-A5hmD1VAMWLtYPplyZWY6ZyRUG_tJeg39ufh731ENds6bBXjv2tfiDy8iIN4DP5moZZDcCuhIvXEIAvobXdV1UXVp5e-HuXo-ik9HTBbRraryu7KYoxVQuN7jV_pilD9hl7SY1nMNDLU0G0f-ntQCn0h9Q5cWZN8bxabIAvPiQCokotHVa23_HFwnIyWG8Ylq67Uk-8v7NJxHeI-J5tJRqLs8n_tzAnB2jqPtE6ZfE-xS8x5hsPMVZh0PvS7LvubHst2PwkBVcXv-mzCkJhK4jkK1yHrDGX85Y8Rchu_AKF-CawiNlTxuFeNvo9kcFHyvETm8R0gT3K3OdHi7ZNGlVb-mCgfzRGK802WauK6VYqBM2nYjDMH2tWNIR0qXoX4551VZIq28lJwhBN-qIjDL4eWZ9-dGGZBQXmsCXFdFkeZrYB-4KzfsqEnPAbBsVVx2MQ8vBy_-Xv_FUQ7s3PqMhnZhRYF4eA-SIhGYBPVaXdX1CQ0dTGAD1xMjdnhjCMebY-kjOvnh79aKMBQ2qLpPK01ji6HSg8NMkVo-Xcwx9QVVTzpMyMzJNjwlwpUeKWksEdua5uZnw7143PPcR-F5Aeo60h8T7CVHQjJFLXLN_wPi8HmSRhKTXPLXLu-kMnQ8DdvNyHhTyhpP64DYZmMwcQJRvhHwbrUzNnONTtE-cleNTZZXAIZOZu3xSUdDE3Pz1hRlJoYeQ7Cv91ix9taZiKLSlMkAPShwrXwzQIw884CeLne3wydH9WFSE25MRFXJ0_0VY-hi44K2K7WCeXhtUso0sI6sP80s4Zwo9CkvQ-WW_PioqCY1jHmk3fsX83VY4Hjoyf0t7C-O3ohYb1OYlqBiLVILFk6I44O0hi6AgCk30utKeMwELBMELZNDPJlWHGegreUE34dD3lRvaRMo-PDzRL7mygmkwvi_WVedSusaCoONMZPgSZP0Y2prznxS1fQpGbC6HmuVVGQusDo3FmLgESoUfhYXuwkWG86vdDuh5On8oDDH90laazSaDM4n6G4WKas87as71oj_GbVNHxfM9cIEZ5WkiwCW4iNDjAXeNIKdquf0QCkoa29Em-qzpGbzCc-whgDIvg_yCeygvP3HoUH6eJY89G1T5Ynzsb8rC8eZUXACXjC4cf0OlJdM8l_6ocS98XGUKXIm0EKK6RjXvJV6rVRoMdKUQVwTsKJALB5mQeDVqrrrUtfRHhgYodYMwsOouY2xhfsQkwBmRbxxeYzYGUh6D7XJsX0mgBufgRIocul0jYVd-SeQLLKflS-l8AmNpBm2kYT_1PgyJH2F4Ryg6kc_zocdRVHDbIac2ZdxozAueM3us51vJtjMQHERa_wBhS3mXE6rfZaiPQJKAHWBM8V3MGHxPO-8kpmNwSnifl_SQETcF_8AhwMuYbriwPK7Ds9TNktlhEjYb9ygQvbK0SQtrfxMmbrSQRFG6bXP_Hk63r4YeuQbVmcNJlIM0hU-jjHt9xW0zd-aEkVUXADXnE7YFoIgRw7eRGUT3iUL-lLeMmRoCg87eTvDw8djCCDH---p470U65HlyYycZ09YmDYvcGVUx8Z-txtEgXSBlsBOL2xhmcgoz-uXBwlTc5aJem4qhv6KvZMLpH1Iwxt77VLalktYQ9K3dLGAJoF3yV9nAOeWOk6m86xYjWh0EGRMBuKWOycomXhu3eipJFdmItrsu14-IxhrgHH35Izndbnwsf2V6wh9mVMuW6kL23vpvt0ePM6XTwz4q1eeVyHSL_gtAGnb5spBVk8cb_QttBnQBxjAzy_17TTsky7V7LuhuQ0s4jmSk9tOWGwxks10NT9Q2ZimlVhN-gh-ZOoNSglSoDvSxpMmjMLwxyWfRO6gSuquxeFJBG2oGdLGmvZ4uGTpOwgbGuSzd13X7WLAxfcmbMn5yxjUMPjgxkSjjKmhpF_nlHUuFkoSIlFWjopg_lxskFueVhDDugBpDuaOkHPj8jB3KeN6tMEL0AH1nTgKmy_mXHukrzbJ0eqpLRdcgSuzsyz2Wr7430c6ADHx2-bHZoUpSJ2mvyaFqEXTly4Kut4jmqm33AJbln-zVjV5OGd8-C0aqtMOjgx-SdH79E1GmB8XAKjb-YeqREq_U5q9ffzNmnx9ARk66OTwdLFh9l0mcQEq7SGxnkWu6-vcvEbM5TQs824tI6XevUsr2z8qdB2hAb-zRSx34aJbp_-_b9WNQ0mxXLUXBm2K46t3TzLl-hSH8t1neK_0kqoyCPke-WWen15D4AiFV7xtHY46W8Mh3Vw8Q-s4Ln_Y1Vk6v0wl2yxG1Lk1aKw2Mjy1hFLWkVBhm-SsdXb5yvXBGMCEVIFhHwDByqAAc3_Yv5eBxBc6Dzsxj4a6MjoAjiw75s-06MO09qcvBh1OE-N6i7cjAnUZ774N_NiLrayW-zX1l7oyyBvA1HDd4VxOoYGTn3i9LvXpscR-EnSWlds1MH6pACzYlUnx_eP2jF07wytaQ3sQMah-b4Pzsknuzra23PtqTu-miM0g5FzBCvsfUzi587HWc0bQokFWPWHDBzhGU6J5NmZL9PgIDnpAKMeHCpo4NXNwXw6nuDcibv9qaFXbWRN9GMA2N0LIRJapEWVm-ZHvZhXmSS-Cmn7sRH5JzICa8xFYpmOVn75XlpiPaGjRNKcJslnRMql5S7IACH3UZe0tl4lAGCJjwj9vk82oXayO46PXYRl29W88IqnoHCgcCZx-FTDSkda--JXjED2u8PWSnfhuT5oLdwkVLjrUvNuXJ7slucyO4qChS0VQQ15pGgFxOQWMuIV2D0QiKOb4uOXgUfokqf_Z6InyldaUFTgqtKB39EllQ0x-VXYKvZIR9ESqazr09jw7NoFksVoWpQHvDCbHUAMnFLZiMN4PTrbRqUNQW_4HudO-6IXPzZxUd3wmbyLQ_ja63oODWKTj1YZ72yZe1NzajB0sJtYvTUDlQb1IRsLS3TsRoaK9j-gfgtzcy-4yodlt5rsfjD1_2S3F6Y56mkcYgIN_524ak4UlPRf939T-XVnJwaaVbYiP9BKK-_g36y8-5f_WlohM4wXy6yuTJbxZ1FrVQDmbXmsdY-3odx5alp3dYPU8yaTnnb0Rlqr4IUXSNAt1JemLh995_yyDpKm6766S4NaUmSyPPvaPRh4CuR1AdRd8mdhjg-xyTJ-sftCUUPUX86ISBfbamh0I0TAUSz3HPMfOUptRkGgo_zG5cUKN1urdAqcKAeNR00BYnHlFfgqAHavCvLRGJCZXIokmAw6UWdvHui_mB6GNKEesvvS1FZTFIuEVJQ0vX8EksMP1mEQiDWOVR-ao8m8h5opd6IInQY-xjEMcUvm-v6pCk4tWHqNIJnf0_tEJbDegJ_G_gcgB2yLubFZLB_MzSaY-0RA7BFK1ap2r9FoZSh-RS3dR1hTRWH7SFhOGCGDaRj9_LWQE0hSTwMWmdNfNUKqrsIacOrIvMtli1WwDgxDUFzbtoSimf5MkvcOEYBEfGU_juMQujIMpRqSBqnXgf8tEmLonlHdtvcHqj0Es__KrK94qpXR-ucUEJiOS30C8o5p2w9ImwK0MPRz6YCvFTsEnHJQ4AtJcR4zi3rHwVVGJILpF-92PiILFmDJ567iGexC47VAvdcrY1op0CVTZy08jYoDfom90F6TmkGIpA3LjcNFfH2dW8KYI5ODdKSA7V3XaYaaEM9xbXaSpZCaORnpfL2ss2YpppLat8mZsayjTyrfhOrP6hwIKmWsyVFfhz1H2bSPH9grE&cid=CAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fffdecks.com%2F&ds=l&xdt=1&iif=1&cor=7431603471826148000&adk=250412560&idt=145&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

925744f0f312d11e89849f22cf079e639c0f0e089e5ab59dbbfac7a9c67e6c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14021
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4873 41 KB
14 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHmZ8PAJosDCCM2A_kZYPSS4c_Jjq40d5E1kCw74rtpmbtfHIUbu-mvqr25VebFYFmkYwTBwkCf6atg_JPuqPY0X5Gml8yyyfW5SwBGhnnCAhV3I6qQUhQRXcknBp092_YJhfgWBjDdOnbkTSa48m4tGw263sFizUo0uNNHHilijuUnZI&cry=1&dbm_d=AKAmf-A5hmD1VAMWLtYPplyZWY6ZyRUG_tJeg39ufh731ENds6bBXjv2tfiDy8iIN4DP5moZZDcCuhIvXEIAvobXdV1UXVp5e-HuXo-ik9HTBbRraryu7KYoxVQuN7jV_pilD9hl7SY1nMNDLU0G0f-ntQCn0h9Q5cWZN8bxabIAvPiQCokotHVa23_HFwnIyWG8Ylq67Uk-8v7NJxHeI-J5tJRqLs8n_tzAnB2jqPtE6ZfE-xS8x5hsPMVZh0PvS7LvubHst2PwkBVcXv-mzCkJhK4jkK1yHrDGX85Y8Rchu_AKF-CawiNlTxuFeNvo9kcFHyvETm8R0gT3K3OdHi7ZNGlVb-mCgfzRGK802WauK6VYqBM2nYjDMH2tWNIR0qXoX4551VZIq28lJwhBN-qIjDL4eWZ9-dGGZBQXmsCXFdFkeZrYB-4KzfsqEnPAbBsVVx2MQ8vBy_-Xv_FUQ7s3PqMhnZhRYF4eA-SIhGYBPVaXdX1CQ0dTGAD1xMjdnhjCMebY-kjOvnh79aKMBQ2qLpPK01ji6HSg8NMkVo-Xcwx9QVVTzpMyMzJNjwlwpUeKWksEdua5uZnw7143PPcR-F5Aeo60h8T7CVHQjJFLXLN_wPi8HmSRhKTXPLXLu-kMnQ8DdvNyHhTyhpP64DYZmMwcQJRvhHwbrUzNnONTtE-cleNTZZXAIZOZu3xSUdDE3Pz1hRlJoYeQ7Cv91ix9taZiKLSlMkAPShwrXwzQIw884CeLne3wydH9WFSE25MRFXJ0_0VY-hi44K2K7WCeXhtUso0sI6sP80s4Zwo9CkvQ-WW_PioqCY1jHmk3fsX83VY4Hjoyf0t7C-O3ohYb1OYlqBiLVILFk6I44O0hi6AgCk30utKeMwELBMELZNDPJlWHGegreUE34dD3lRvaRMo-PDzRL7mygmkwvi_WVedSusaCoONMZPgSZP0Y2prznxS1fQpGbC6HmuVVGQusDo3FmLgESoUfhYXuwkWG86vdDuh5On8oDDH90laazSaDM4n6G4WKas87as71oj_GbVNHxfM9cIEZ5WkiwCW4iNDjAXeNIKdquf0QCkoa29Em-qzpGbzCc-whgDIvg_yCeygvP3HoUH6eJY89G1T5Ynzsb8rC8eZUXACXjC4cf0OlJdM8l_6ocS98XGUKXIm0EKK6RjXvJV6rVRoMdKUQVwTsKJALB5mQeDVqrrrUtfRHhgYodYMwsOouY2xhfsQkwBmRbxxeYzYGUh6D7XJsX0mgBufgRIocul0jYVd-SeQLLKflS-l8AmNpBm2kYT_1PgyJH2F4Ryg6kc_zocdRVHDbIac2ZdxozAueM3us51vJtjMQHERa_wBhS3mXE6rfZaiPQJKAHWBM8V3MGHxPO-8kpmNwSnifl_SQETcF_8AhwMuYbriwPK7Ds9TNktlhEjYb9ygQvbK0SQtrfxMmbrSQRFG6bXP_Hk63r4YeuQbVmcNJlIM0hU-jjHt9xW0zd-aEkVUXADXnE7YFoIgRw7eRGUT3iUL-lLeMmRoCg87eTvDw8djCCDH---p470U65HlyYycZ09YmDYvcGVUx8Z-txtEgXSBlsBOL2xhmcgoz-uXBwlTc5aJem4qhv6KvZMLpH1Iwxt77VLalktYQ9K3dLGAJoF3yV9nAOeWOk6m86xYjWh0EGRMBuKWOycomXhu3eipJFdmItrsu14-IxhrgHH35Izndbnwsf2V6wh9mVMuW6kL23vpvt0ePM6XTwz4q1eeVyHSL_gtAGnb5spBVk8cb_QttBnQBxjAzy_17TTsky7V7LuhuQ0s4jmSk9tOWGwxks10NT9Q2ZimlVhN-gh-ZOoNSglSoDvSxpMmjMLwxyWfRO6gSuquxeFJBG2oGdLGmvZ4uGTpOwgbGuSzd13X7WLAxfcmbMn5yxjUMPjgxkSjjKmhpF_nlHUuFkoSIlFWjopg_lxskFueVhDDugBpDuaOkHPj8jB3KeN6tMEL0AH1nTgKmy_mXHukrzbJ0eqpLRdcgSuzsyz2Wr7430c6ADHx2-bHZoUpSJ2mvyaFqEXTly4Kut4jmqm33AJbln-zVjV5OGd8-C0aqtMOjgx-SdH79E1GmB8XAKjb-YeqREq_U5q9ffzNmnx9ARk66OTwdLFh9l0mcQEq7SGxnkWu6-vcvEbM5TQs824tI6XevUsr2z8qdB2hAb-zRSx34aJbp_-_b9WNQ0mxXLUXBm2K46t3TzLl-hSH8t1neK_0kqoyCPke-WWen15D4AiFV7xtHY46W8Mh3Vw8Q-s4Ln_Y1Vk6v0wl2yxG1Lk1aKw2Mjy1hFLWkVBhm-SsdXb5yvXBGMCEVIFhHwDByqAAc3_Yv5eBxBc6Dzsxj4a6MjoAjiw75s-06MO09qcvBh1OE-N6i7cjAnUZ774N_NiLrayW-zX1l7oyyBvA1HDd4VxOoYGTn3i9LvXpscR-EnSWlds1MH6pACzYlUnx_eP2jF07wytaQ3sQMah-b4Pzsknuzra23PtqTu-miM0g5FzBCvsfUzi587HWc0bQokFWPWHDBzhGU6J5NmZL9PgIDnpAKMeHCpo4NXNwXw6nuDcibv9qaFXbWRN9GMA2N0LIRJapEWVm-ZHvZhXmSS-Cmn7sRH5JzICa8xFYpmOVn75XlpiPaGjRNKcJslnRMql5S7IACH3UZe0tl4lAGCJjwj9vk82oXayO46PXYRl29W88IqnoHCgcCZx-FTDSkda--JXjED2u8PWSnfhuT5oLdwkVLjrUvNuXJ7slucyO4qChS0VQQ15pGgFxOQWMuIV2D0QiKOb4uOXgUfokqf_Z6InyldaUFTgqtKB39EllQ0x-VXYKvZIR9ESqazr09jw7NoFksVoWpQHvDCbHUAMnFLZiMN4PTrbRqUNQW_4HudO-6IXPzZxUd3wmbyLQ_ja63oODWKTj1YZ72yZe1NzajB0sJtYvTUDlQb1IRsLS3TsRoaK9j-gfgtzcy-4yodlt5rsfjD1_2S3F6Y56mkcYgIN_524ak4UlPRf939T-XVnJwaaVbYiP9BKK-_g36y8-5f_WlohM4wXy6yuTJbxZ1FrVQDmbXmsdY-3odx5alp3dYPU8yaTnnb0Rlqr4IUXSNAt1JemLh995_yyDpKm6766S4NaUmSyPPvaPRh4CuR1AdRd8mdhjg-xyTJ-sftCUUPUX86ISBfbamh0I0TAUSz3HPMfOUptRkGgo_zG5cUKN1urdAqcKAeNR00BYnHlFfgqAHavCvLRGJCZXIokmAw6UWdvHui_mB6GNKEesvvS1FZTFIuEVJQ0vX8EksMP1mEQiDWOVR-ao8m8h5opd6IInQY-xjEMcUvm-v6pCk4tWHqNIJnf0_tEJbDegJ_G_gcgB2yLubFZLB_MzSaY-0RA7BFK1ap2r9FoZSh-RS3dR1hTRWH7SFhOGCGDaRj9_LWQE0hSTwMWmdNfNUKqrsIacOrIvMtli1WwDgxDUFzbtoSimf5MkvcOEYBEfGU_juMQujIMpRqSBqnXgf8tEmLonlHdtvcHqj0Es__KrK94qpXR-ucUEJiOS30C8o5p2w9ImwK0MPRz6YCvFTsEnHJQ4AtJcR4zi3rHwVVGJILpF-92PiILFmDJ567iGexC47VAvdcrY1op0CVTZy08jYoDfom90F6TmkGIpA3LjcNFfH2dW8KYI5ODdKSA7V3XaYaaEM9xbXaSpZCaORnpfL2ss2YpppLat8mZsayjTyrfhOrP6hwIKmWsyVFfhz1H2bSPH9grE&cid=CAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fffdecks.com%2F&ds=l&xdt=1&iif=1&cor=7431603471826148000&adk=250412560&idt=145&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 263641
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTcxNzU0OTEwODA5MwogIHNlcnZlcl9pcDogMTI2MDY5MTY5CiAgcHJvY2Vzc19pZDogMjIzMjA4MDY3Mgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 4873 0
868 B 260ms
73ms Image
image/png 172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTcxNzU0OTEwODA5MwogIHNlcnZlcl9pcDogMTI2MDY5MTY5CiAgcHJvY2Vzc19pZDogMjIzMjA4MDY3Mgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNTQ4MzY3NjMzOTA0MjQxNjg2MApkZWJ1Z19rZXk6IDEyOTYyODUzNTA1ODUyODc4NzQwCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMi0wNCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMjU5NzQxCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMTIzMjAKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FkLXNydi5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9rbGljay13ZWx0LmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x7986be02ed25840e0000000000000000","13":"0x280728e6e7cb7d6e0000000000000000","14":"0xd31bd2fd9eff20050000000000000000","15":"0x620192f7bbc60d660000000000000000"},"debug_key":"12962853505852878740","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"15483676339042416860"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK wmoiqux43uzw Show response
hal9000.redintelligence.net/zone/ Frame 4873 11 KB
4 KB 183ms
13ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/wmoiqux43uzw?subid=&gdpr=&gdpr_consent=&rnd=1701717548213148&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: a08ac4606b79fbd7670cc75b07d75fd2c1f2d4c1d0769ee0b02ebcd8be0cdc99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Mon, 04 Dec 2023 19:19:09 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4145
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EEE1 42 B
64 B 89ms
88ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-CAXXAoYYa5lAZakhYOwOaySYEW2A7rwcTBUPHt6PAmjsRNvECLi9IEZD0jXtmZdtl-BiYf7Nm6wSkiMxeQlYG8Dib0YVG7JGBIcz8L06_-g-017is9QfloCivGNEPHHszAbTHsgyr4oJQC8bpBiGx93pmyPMDVlOzvzeff0qCGPsgeE13kN5LZhhZnCWZP_FlcsGktqDDP0xeD8eaKXkmwZpkhALP4QqQbdEM7v0oLsEOffEXWNfgkKufysSqc5HVZ6qtTjQuzVSxzwrlNE8Rzn6RM4jAnRBN39Oi7HFcmBpJMDKOui2uSONiqe6bnhJ2sSDt1PBSbCa-ByH47ezgdmF68FeILD37N9wLiLfm_zfBqmc5fPIrDQaPozcUmPpUuyzBWDJRxUvvBinstzJURTI0EIKRLLiuJMgXg1v8tYkVklt22I5Yv0Ax2jn_HJoHaNpmjyhiJ_ATO6vrVz27b7jioHTgsosiJfgTDVkrq1KsQir1YN0WSYo8aFP_mDTI72v9BMRVT9ykFp-mMY4KETIidOSzjGz6UqXWqt7HEv60olvF8NRwJQReQz8DurOL6aUSnPaXQnbDoQawqBzs-i_j9WCOg1R9Fu_aIpyfL--HVVzGDf990ng16OSUaZprRy603PY1Yw5bfApr6zvuW6-mMTkrXZbvc3lnSQErgp5q9jgBk3_9fX01YJ_qXlX0hfjLW1HYprZKjUhfWl-T4DdgTnP1ebtvRX5DPW0WeZI66KnpIdh8dS9BBqs_rvzz6_SoLnjI4RTFaPcTNNd3rCPi4hOs9qanBa72McKZA73zypV2Pq3zR6WnDnGndHF534-oP7xw82dsuzq5Zv3njT7isF9VLqA2rq_ZtUnLcrOJozrguEv235ZqYErykAlTF3q56AKb_ACGkn00UlkESD2m145-AYHET9eJd30WnNAJ2NlCSEhRuuD08710L0mLhb_Hp2qMfJ0udz3CYtLsP5nNLI22MwbRNM9ZAk_yTJVUddF4GDUGdcaDz-uHGvxcYRsHtsvVAZ58xHu8m7d-tJlsKkJvClP50YHNiwIapvxKTzN0NswbwPqvCw7ad-Mp074yIVIQIWYJTRg43CbfUBSvIoxFh-67_JEiR8D94c&sai=AMfl-YRdD4Qorz1Bjl7idQUzfrGE_BYT977FqBzIHPaL3YVf8F6J6ZKMsuA4K32_1XW2Xh-QbsXVX-mr7cnmrEGRkhX2jJ-pQTNoyAnTgInnJu2pH1Q6kdc1cKadEKsLK31UZg9dJ1CQuW5saBQe1AwO93__0U15lAzDGMgbM2eyvwPAT3z0diJI&sig=Cg0ArKJSzMItrVfm_8-BEAE&cid=CAQSTgDICaaN2ybMyaWZTsVWV-_8xEV8YdFVAmxeDXf5rkNrdTRXCf-hzjWC6TjIVCkBHgINe4hTv11MT-SebHIohY282IgRehH-Kim-hkDRZhgB&id=lidar2&mcvt=1000&p=0,0,120,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4054514594&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701717547227&rpt=1329&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame CDED 38 KB
13 KB 61ms
60ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 77433
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 21:48:36 GMT
expires: Mon, 02 Dec 2024 21:48:36 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900013.redintelligence.net/ Frame 4873
Redirect Chain

https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

114ms
91ms

Script
application/x-javascript

116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: HTTP/1.1
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 4b1b860cd181180de75cbc501bc5ad9cf8d47b99d8866f2558d6e50d402ddd9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Dec 2023 19:19:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 48460100218087004444994012528013
Connection: close
Content-Length: 1354
Expires: Mon, 04 Dec 2023 19:19:09 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 04 Dec 2023 19:19:09 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 04 Dec 2023 19:19:09 +0100

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame CDED 39 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Dec 2024 17:45:17 GMT

GET
H2 200 e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame C833 0
327 B 337ms
20ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=48460100218087004444994012528013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Mon, 04 Dec 2023 19:19:10 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 / Show response
adv.office-partner.de/ Frame 8FB6 930 B
923 B 59ms
6ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 04 Dec 2023 19:19:09 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 11 Dec 2023 19:19:09 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 4873 0
326 B 337ms
20ms Script
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=48460100218087004444994012528013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 0
proxy-host: pv.medialead.de

GET
H2 200 e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 4873 43 B
360 B 337ms
21ms Image
image/gif 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=48460100218087004444994012528013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 4873 43 B
702 B 205ms
153ms Image
image/gif 104.64.118.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=48460100218087004444994012528013&pv=1

Requested by

Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=7d4a8c64e2&subid=&uid=09cc131ced43e928&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=375x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9nH6LCZuZZyBDdfK7OsPscuooA-m5b2gab2TnKfJD_AuEAEgs-7tO2CV4pCCoAfIAQmpAl9oYfDXNLI-qAMByAObBKoE5AFP0OihW4QlnGkXlF7CbS59deZQflPWy0hg-OQdhcYZEEt24Yw85KcbmEA-6euWkh5q3i4-FOBLUoZ0bMcFPZyC02byWOCprNKAxUMKfa7OV_MUaFlJtCBM069zgaIra5ww47gX_zbSf8ZnZ-HMWoLC3Dy6sjp1GY4tp5kduwr89BiouSVaGBW4s8HbNcTYepsu5jaBimrafh5J1LdL_c64Umz8IZWkTxlLNb_JPIKZ9CSYHsEaJyxBaEVCa53-Z2a6_muNPCka_B_33B7TO9fV3f29DKWquOgUZNhIQ8boeM6aaLjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYg8TX77_2ggOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPADICaaNu1lD5mx_EE9oZV-41e9M4qr-S9hXoDHOp1eZUMx9YUKeCsESnXhEVSs02MzvymBbLeUlINog9hgB%26sig%3DAOD64_121KYvNiWEgThqtrbL1ihH-6D9Tg%26client%3Dca-pub-8778045886587478%26dbm_c%3DAKAmf-AAu7AO1SSXnC6AhFymRNUm0jgt7FJTEWNV5-0rrv6EG-T7comXKrwJsUDMpROCVbgBrQYqJDvR9UIrjqYy2RjuiOOYrWsyYPcfk19UnCUqcMxn_e5wQUfxhgE7Pjvi5v2wf5OgAXVZIfG6d3U8r8SgHorXggRU9FdI2cOD-qOgIyggePA%26cry%3D1%26dbm_d%3DAKAmf-BufnkSg_hKezG9_9T5Q8ih_PAL8xrqJYYTe4zc-6dzQzgS8bUgeIFERpk6XeI3Tyezk3wzhXrMrVpJwcGj3SU-0XY9jgLUtenO2nmbymoPGrKu8T8fcIlLGW3pcbE7Dw9CogRTEAUt66yiRfehwhLfHDc_j6as4B-BOXyiUQw7qjCjlsm4NTNGUuDgajB-81yyFQ6MVjreoGHiT781G6BMMxqFqdy9qhZcA0H4WLO4XLI7HZhLN9bSHqTbFBI_4BrQ_vaogseyW9Zmhpa41sjPQFTqKar39OocEdDqu6lLbF85LNpTBr4c_n-jNGWDXoT7ktDqZUFKkxatjSaekScZAKEVWM5Gm4jm-h46oiblRC4a6Knjjm8TQShlmr0JpVGmoZO0gZJmj0noYyYWGt_orTDiSNi1BKUpevRFmZ5n3KDfqqEhSaKNUU6Ze9TE9c4a7CszHgF_M2ODbhoFPlS7o4vaUXDhoO0TPEGaO0-yDKFFqcLzDOQ4xeaiZAOvCQlnsQxvve-St7n0kzMqEFjDQRHphbtNvO0BUh0gY0CmP2fDOQc%26adurl%3D&documentReferer=https%3A%2F%2Fffdecks.com%2F&ancestorOrigins=https%3A%2F%2Fffdecks.com&random=9275414078742&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.64.118.247 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-118-247.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Dec 2023 19:19:10 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CDED 0
20 B 93ms
92ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BIDKRLSZuZb3MBrHTjuwPoLKrqAgAAAAAOAHgBAI&bg=!IyClIG_NAAY3kmNgF5I7ADQBe5WfOHljEQLQHqb2aRhbjf57wATdnn2PXVH8tVX-mieJFdpce1mYq1y8WSAiocj_yHZbAgAAAHtSAAAAAmgBB5kC6aeO0cPfOYTwJgpAIHm3qzi8u8ryFApyD29ctWCRYjS8YrTBJCYVw5lv0TYqdWJD5k0Dg2pnOS18aLQRKh8k-jNpDEhFMpPmM_p_N96ijktuzrWTkkjcnZmaUi__2SxV-0EPtRVEU02RixduPPRAFwMzpNpMNJoBef5EOO-pIGN1yL6Lr6KjV_c1Db42gukIdBBA0_fvCfc_9RgUOJNHa9lUwSFeVH4SECQSVJi7FIk4b5gD9c36BEtJAQPyi-pJ2rroGOFP2PzH7aySxGeBDss2TWjpQo5WTDjhnAETanGtK4NfL6iH5lnXVITFOwCXRbpRlU23wzfcpAIXudMIIs28M0oXQkToaVV6d8lqVd_yaSDtt1IZlvqpNRd5hP2_Z1Xe7FqhZeZlp-kWC3GWNZN3wZ0qhWw9Us6i4ZFZM25I1R8w1X3XLWvM9A5GNxYXwbmkluHkq3R6MQ7aQPxtM2H5anUwwHhORMBG8ocwqLu13rA-3mI4AxuF1vhejriHUG3dKpPd3UcqOsi_vrYsphth75bK0aXq4QV5J9YroJLgb9EPVyRyjiVG9dUmOfF56qb4xRG55_VTwHy0pj6l1hK1ghJX8Eh9lPblB9_cdO9ic3F7MW5WOjc1gSRDgphssMXCGPaq51lrlYMUuwktMGw9kQxrGs6zviqsMEfsUE763GKIkRRTT-CEASZ4iDkHL7uIvqfYru4UoLLhM8UAyWArj9GxSDsAsmN554oSO-dKIyyl-2oB3Hnb16AHsz47P2sTKeWf5XhkvvTGFgadlqGKd92gs7t1rJ8UWZ1n784dGDLI2J9i9wViLd8sHZV0EnU2yQZjf4xbyhwOdXiKieEFTup5NGouSgG7TDaBW72xHvmbdUtNQooLe_oQmqSGx_6eeA10cwUDJShMyzw4zD2J5Uy43FVYUDeFVHjgsabvqBVrsulTmCB4_QbapDpKVlus8n9huSHWbmWC-ET7_YZ2NTmVzMQ0oVs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 8FB6 175 KB
63 KB 62ms
62ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d9784dbebcc9549d4fa147bbca0152aeabcd83f260ea7ae3e38ab101f165d55d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64122
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Dec 2023 19:19:09 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 8FB6 274 KB
91 KB 65ms
65ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

20f809af3c811ec2e764dfb3f57455c0b400454f0a6f35653ea8483755338091

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93094
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Dec 2023 19:19:10 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 4873 2 KB
2 KB 160ms
72ms Script
text/html 18.170.182.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=48460100218087004444994012528013&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.182.156 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-182-156.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: ad3f18c32c6930871d3506268ad5165fc483b8d90591ccdadf8ef9bca1d0a5c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
last-modified: Mon, 04 Dec 2023 19:19:10 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 04 Dec 2023 19:20:10 GMT

GET
H2

200

activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785 Show response
5994599.fls.doubleclick.net/ Frame 5FE5
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785?

391 B
327 B

82ms
82ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

8630f2a208de4606fbfc5a3f7d6f4e2fe80e394c7ff7b93dce9c0dd0fbba08e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:10 GMT
expires: Mon, 04 Dec 2023 19:19:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 19:19:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900013.redintelligence.net/ Frame 55B8 7 KB
2 KB 33ms
12ms Document
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: b1328744cc33500343364f40937e65b3f6d38637a6dac76e8a02a5a6f18edaca

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2103
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Dec 2023 19:19:10 GMT
Expires: Mon, 04 Dec 2023 19:19:10 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FA6B 1 KB
643 B 56ms
55ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30420
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 10:52:10 GMT
etag: 48472445140208031
expires: Tue, 05 Dec 2023 10:52:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4873 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 862bee7ad0d542d6e3e203c345087bfd2ba13f07fe504827a8651f7848b303ec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 55B8 5 KB
778 B 61ms
60ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 04 Dec 2023 19:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 18:30:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Dec 2023 19:19:10 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 55B8 17 KB
17 KB 40ms
14ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 3a1a3048c4b39db2e51392534e76d20ce4944479ebaa785b32bbcd5794204b8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Mon, 04 Dec 2023 19:19:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16984
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 55B8 16 KB
16 KB 38ms
13ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: acc235dcd6462d6a850307f9ca7e3262f4838f6c78ca05b7602b944a3b57e0a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Mon, 04 Dec 2023 19:19:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16512
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 55B8 11 KB
11 KB 39ms
13ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 442ffd84877d1122e8b009c0ec5d39c4508686ffcca06766d29f5d389d93ca7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Mon, 04 Dec 2023 19:19:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10942
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame FA6B 35 B
463 B 44ms
10ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPNWaRvLGPJTFkkEGHPJxrk&google_cver=1&google_push=AXcoOmSnsrIACmngjci3QnCijZazsCJH_VjDaTrLeiEjSX7EIBOSBsycrhIqPxwjQUH8PizuyAwzGHzf5mZO2HRQnE6O_2-z-Koc8g

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame FA6B
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESELy2JVq82jxwhQ0vSD-SJnY&google_cver=1&google_push=AXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELy2JVq82jxwhQ0vSD-SJnY&google_cver=1&google_push=AXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmS...

43 B
420 B

173ms
160ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELy2JVq82jxwhQ0vSD-SJnY&google_cver=1&google_push=AXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 83066642da445d81-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 49
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELy2JVq82jxwhQ0vSD-SJnY&google_cver=1&google_push=AXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRNdNq9zAhj3nGd4pqwbjD5z5mJ62QrBw29R4dkkDatty2bBobfMBOrRNks89M5kh9Grmk1eiGuQcqsrRK5ezMdiOukfmSa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 83066641a8625d81-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame FA6B 70 B
149 B 111ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEAK59T66L03oBDKG8Fe7VNk&google_cver=1&google_push=AXcoOmSLILDhfou-nRsla7WVXx6phKzxk_dfe8-iZIyLMyVal0bT69TZHZfntJjRxeUQ6ZskyWns3sbKQ8PZmysHuqq6G5HDT_YSWg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 sync
x.bidswitch.net/ Frame FA6B 43 B
146 B 373ms
7ms Image
image/gif 18.197.5.251
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFXu-RId-nIqbtFk163Y4bc&google_cver=1&google_push=AXcoOmSc1iBEOKXFcEiETF71DAzZrKSXdmaO0a50z5FhnfG69tsfkdAkxmssg0YoQap8u_aXE6Tu3pGhlfF4B880qtNR4RASSJW0cg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.5.251 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-5-251.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame FA6B 43 B
363 B 48ms
16ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTaJursvmykaYTijIsp1VdPp-ZO2SKGnVWMy2k6nIXISuXph3fLZH3ds-ec7h7GeWozf5-pQjV0q1v-aWuHU8_rfZ5ZVw0vtA&google_gid=CAESELrNLgF-bHpQ_vpYMfVF6wo&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:09 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 287759
expires: Mon, 04 Dec 2023 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FA6B
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEELKk6d8-tY-4Er4IIQ9kqk&google_cver=1&google_push=AXcoOmTQs_diTfOLGkxhhg0KDNNGD27lBZ14Bi0WAwTUXQy_lOZthFZQ2OLWjGj9V-fD5PqK0_xTG-mTqMPf...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTQs_diTfOLGkxhhg0KDNNGD27lBZ14Bi0WAwTUXQy_lOZthFZQ2OLWjGj9V-fD5PqK0_xTG-mTqMPfcWE5yIZHZw2l1p7btA

170 B
232 B

46ms
45ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTQs_diTfOLGkxhhg0KDNNGD27lBZ14Bi0WAwTUXQy_lOZthFZQ2OLWjGj9V-fD5PqK0_xTG-mTqMPfcWE5yIZHZw2l1p7btA

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTQs_diTfOLGkxhhg0KDNNGD27lBZ14Bi0WAwTUXQy_lOZthFZQ2OLWjGj9V-fD5PqK0_xTG-mTqMPfcWE5yIZHZw2l1p7btA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame FA6B
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENg1J6IcMwjo...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmSStTYJmQX_yNL6FEltVfR3vw0VckDf36yGPE1myYLP2FZMUwpsfhY0f39exjMXLo15xBQvvRZW92IjqqGSsqX_F41CWhH-Kmo
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

32ms
32ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Mon, 04 Dec 2023 19:19:10 GMT
pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame FA6B 0
50 B 57ms
56ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JaeFzKcxqUQlv_dCfg1-m_4UGh_8dKF2AvWYH2pzcKn_bATEg7sQ-hKzzVzH6y2u03MOkE7g

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:19:10 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900013.redintelligence.net/ Frame 55B8 0
150 B 34ms
12ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/viewability?s=48460100218087004444994012528013&a=347eb2a6&vb=m
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/request_content.php?s=48460100218087004444994012528013&a=2bf3c2ff
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Mon, 04 Dec 2023 19:19:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 55B8 14 KB
15 KB 59ms
58ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900013.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:17:35 GMT
x-content-type-options: nosniff
age: 95
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Dec 2024 19:17:35 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 55B8 15 KB
15 KB 53ms
53ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900013.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:48:28 GMT
x-content-type-options: nosniff
age: 286242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 11:48:28 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 4873 53 KB
19 KB 103ms
17ms Script
application/javascript 52.222.139.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=48460100218087004444994012528013&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-14.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 12:36:14 GMT
content-encoding: gzip
via: 1.1 fb6c3dd3817d7e9cad9e87d716e2024c.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 24182
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: -SO0P4_QE2YSWvYBP44Zxr1VxZfpvsr0MGI8KcGPvOJpJjf-2TJghw==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 4873 3 KB
3 KB 63ms
16ms Image
image/png 18.239.50.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1701717850&Signature=TAdJ2SUcPKF~2~~zKNKJe4WLZ8~-NH2nPAp6r7uSGNMSZwYo8H-H-TzRGkWvkT20ZkndIcC3gCPeZfJXaf2hj74WhaH526PdHbAm239WjFvLFjnhDzJ70Hcgf0qbtPjCaW8agr2WFM-ebe0bflawUyGyJsgh9YgS-4G6NVITqr~hXIYgFPz8RKI47SN7z0FUVcol7BA7gSyq~sFL3Wq9ySBDCtz49B35PqMLxmZbxOhc-Tjho2mJCJkfkLCyIyikHBNwReR~Vr2hTqNHgbtybNjHZhFen6qakaIVuvHnfOF9Jdr5JBYtqrWEUrk-KHLl~VP6tLJ~SSzZ9noiS7BxAg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=0&slotname=9451029327&adk=3039698844&adf=2454491841&pi=t.ma~as.9451029327&w=375&lmt=1701717547&rafmt=12&format=display&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-32521&adtest=false&fwrattr=false&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717547460&bpp=1&bdt=1686&idt=1&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1484697607818&frm=20&pv=1&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=324&ady=751&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=mM%7C%7CaopeE%7C&abl=CA&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.50.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-50-21.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 04 Dec 2023 04:11:36 GMT
via: 1.1 8be6e843d0ee8ff03a0a07d811ce5bf8.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P3
age: 54753
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: C_PHR5LgjnhNWlSDvhRsA2TzUTON6Edsr-5SlrycEtRejvTQMTDr8A==

GET
H2 200 dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785
adservice.google.com/ddm/fls/z/ Frame 5FE5 42 B
401 B 212ms
96ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COHK5PC_9oIDFVlXkQUdQ3oCkw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5696535592849.785?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4873 0
20 B 88ms
87ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9353996758752&version=m202309260101&ct=77&x=1&cor=7431603471826148000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 19:19:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 4873 16 B
209 B 69ms
69ms Fetch
application/json 35.177.10.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-177-10-97.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 04 Dec 2023 19:19:12 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 103ms
20ms Preflight 35.177.10.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 04 Dec 2023 19:19:12 GMT
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8778045886587478&output=html&h=120&slotname=8532896955&adk=4054514594&adf=42665576&pi=t.ma~as.8532896955&w=1200&fwrn=4&fwrnh=100&lmt=1701717547&rafmt=12&format=1200x120&url=https%3A%2F%2Fffdecks.com%2F&ea=0&region=page-42971&adtest=false&fwr=0&fwrattr=true&rh=120&rw=1575&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701717546890&bpp=10&bdt=1116&idt=287&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&correlator=1484697607818&frm=20&pv=2&ga_vid=1722332785.1701717546&ga_sid=1701717547&ga_hid=2032449238&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=249&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809003%2C44806139%2C44807763%2C44808148%2C44808285%2C44809071&oid=2&pvsid=2281852193336545&tmod=2037388370&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaopEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=300

Verdicts & Comments Add Verdict or Comment

207 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ffdecks.com/	1970-01-20 16:43:23	Name: _gid Value: GA1.2.1946932567.1701717546
.ffdecks.com/	1970-01-20 16:41:57	Name: _gat_gtag_UA_100822934_1 Value: 1
.ffdecks.com/	1970-01-21 02:17:57	Name: _ga Value: GA1.1.1722332785.1701717546
.ffdecks.com/	1970-01-21 02:03:33	Name: __gads Value: ID=6e03a8840eff6f74:T=1701717547:RT=1701717547:S=ALNI_MbgSp8x26e2o14bNGLifNn6ActRnA
.ffdecks.com/	1970-01-21 02:03:33	Name: __gpi Value: UID=00000ce2f7c25837:T=1701717547:RT=1701717547:S=ALNI_MZynQAbecOCLV_iGHp6FuADp2lBcQ
.doubleclick.net/	1970-01-21 02:03:33	Name: IDE Value: AHWqTUlp-1aSXWNOkqXgJyVQP7G5_Gcc1ohZyuwqChTPf-z1ymawE3QKzggZtO9h2zc
.googleadservices.com/	1970-01-20 18:51:33	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-21 01:27:33	Name: CMID Value: ZW4mLR8oZMPvFBWNEC-AsQAA
.casalemedia.com/	1970-01-20 18:51:33	Name: CMPS Value: 5229
.casalemedia.com/	1970-01-20 18:51:33	Name: CMPRO Value: 5229
.adnxs.com/	1970-01-20 18:51:33	Name: uuid2 Value: 5411372300569155488
.adnxs.com/	1970-01-20 18:51:33	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E><eqHo[!]tbPl1M>e)ZlrFUfJ+tGXxoa^%7v!a>PjtXQsf9^]vo.My[^Ic?2K^7)(`_3If)y3KL9D3I?+UwB)2O
.doubleclick.net/	1970-01-20 21:01:09	Name: APC Value: AfxxVi4OC4HL1RVHd1_CjKooBhbYKePQLCbAcYPXFfKG6uGpSqDG1w
.redintelligence.net/	1970-01-20 18:51:33	Name: 8lcfmzhxc8d6_uid Value: cc1fcf477e316a02
.doubleclick.net/	1970-01-20 17:25:09	Name: ar_debug Value: 1
.office-partner.de/	1970-01-21 02:17:57	Name: source Value: {"webgains_webgains":{"timestamp":1701717550058,"clickCookie":false}}
.awin1.com/	1970-01-20 16:52:02	Name: awpv11601 Value: 113440\|1701717550\|0045e310-92da-11ee-85f5-22347f548c7f
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.ffdecks.com/	1970-01-21 02:17:57	Name: _ga_BQXM04CSVE Value: GS1.1.1701717547.1.0.1701717550.0.0.0
.quantserve.com/	1970-01-20 18:51:33	Name: d Value: EHgBCQHKKoEA
.quantserve.com/	1970-01-21 02:12:11	Name: mc Value: 656e262e-52080-68f2c-b55fe
.tribalfusion.com/	1970-01-20 18:51:33	Name: ANON_ID Value: anntuJoZdUQdR2Hp9uswmO6XerZdM9qKCNV9N92qW1UN5EiBJtogWVjbXNU28sULL8mLkOSQVaI7ysZcepVoBgrqafS

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://ffdecks.com/main.e939bdf6627ea3d2b271.js Message: Specifying 'overflow: visible' on img, video and canvas tags may cause them to produce visual content outside of the element bounds. See https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md for details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
a.tribalfusion.com
ad.doubleclick.net
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cdn.track.production.webgains.team
cm.g.doubleclick.net
cms.quantserve.com
dis.criteo.com
dsum-sec.casalemedia.com
ffdecks.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900013.redintelligence.net
ib.adnxs.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
pv.medialead.de
region1.google-analytics.com
s.tribalfusion.com
storage.googleapis.com
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
use.fontawesome.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
googleads.g.doubleclick.net
104.18.36.155
104.64.118.247
116.202.48.214
142.250.181.226
142.250.186.102
144.76.91.199
15.197.193.217
172.217.18.6
178.250.1.9
18.170.182.156
18.197.5.251
18.239.50.21
185.89.211.116
2001:4860:4802:32::15
2001:4860:4802:34::36
216.58.212.130
23.35.237.56
2606:4700::6812:19ad
2606:4700:e2::ac40:8d0d
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::201b
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
2a0b:4d07:102::1
35.177.10.97
51.38.120.206
52.222.139.14
91.121.248.44
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d69f987011b221800498cf0593730105fad3e5de71631d0c314b3a4deee1da4
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
102267508e76507e7827cdb049f1ef1ea7b51e204f5b221041fc5d61891a70c3
13f5d8719d96efc6095f3b034541cc7d6b40c6f5f333460ada3393ce972165b9
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
1d5891f0bfb6f13fa24c31ca5b00194ae891d7780d633fe675b4c90586a9a9c5
20f809af3c811ec2e764dfb3f57455c0b400454f0a6f35653ea8483755338091
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2483cf6d1a4c9d7786b1296451c38070e384bae4abda0cddd0da48a1a029d08d
2506de5c43929e92b238eb0654401edb7bb4f487a361232f7679408e15f676fa
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32159adfb16e4b5887676537c8553b8cc19c224e93dd4fb87f3f40edda8ca69f
3271b8296e76d67ea7a85c7474a87e5b28ac83ef29ce401d05e029d6b1205fd2
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3a1a3048c4b39db2e51392534e76d20ce4944479ebaa785b32bbcd5794204b8f
3cc6a8b6894af08dff5be9fe2bd2b9bf4f489097f349c4efe16d04d4f1938afd
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
442ffd84877d1122e8b009c0ec5d39c4508686ffcca06766d29f5d389d93ca7d
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b
4a7ca90273cc0ea260ad2f25dbf1bc2f1c45c3fced73829dabb54dce8baa0c44
4b1b860cd181180de75cbc501bc5ad9cf8d47b99d8866f2558d6e50d402ddd9b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b98f46494a5ed245f90786bebe135e59d47bb35f3f8ecde1914c4cad05a74fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
52a9d6e7ab843d4a4d031fdcf6751f0a8d540300359a41231cec7d5e328bf24e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5e0db0c53c83dc928729ec458146a101053f806816cfc972b5cc26d606c96e8d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
79562fdeac9ada6b914848daa2ed2a8292ccb77588d5b539566bc39ad0320a86
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7f731e6d49b92b0c14ce5b442f38dbe8744d464638e3476c9a95b643c53c158a
8508ec9a8b431ce9f88a446b60d8c47edb54dccc4bc9e95f3317f792b1139632
862bee7ad0d542d6e3e203c345087bfd2ba13f07fe504827a8651f7848b303ec
8630f2a208de4606fbfc5a3f7d6f4e2fe80e394c7ff7b93dce9c0dd0fbba08e2
8d3251f4935896ec37ada153d20d0109828ad08523127f136415355b3fca2dcf
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
91b3521582a0345a36cf7c83e77fb162b51d0d5e07fab9725fd5a72ca40a8213
925744f0f312d11e89849f22cf079e639c0f0e089e5ab59dbbfac7a9c67e6c24
940b3908bf9fc263ff7a9640fd719a1a3ecca9e1224e9ce4758053fa01edbcc0
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
9562db5c80c17e215937efca8cb2395526090f3706783cf2e5bd8564efe486e1
96400a6701ee04e6f684271ac7265fcceb141aa3689d74332e3158903fab38d0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a08ac4606b79fbd7670cc75b07d75fd2c1f2d4c1d0769ee0b02ebcd8be0cdc99
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a44923c328608df86d435de04aa5760ffcd5e3d18d290b880c14a747458dccb1
a8a7f2e1118dcfab9e024b0f6b7c469192573d79e0bdcc2af49d5e3c0e3bce75
aabc81f588221c87d8e76cb6ccc67eca83e691c662dc2a0950c943bbad93f6f2
acc235dcd6462d6a850307f9ca7e3262f4838f6c78ca05b7602b944a3b57e0a2
ad3f18c32c6930871d3506268ad5165fc483b8d90591ccdadf8ef9bca1d0a5c1
b0058872210044f00d377004facbff9650611ef3c96aacca0bdd42a1a6fb8208
b1328744cc33500343364f40937e65b3f6d38637a6dac76e8a02a5a6f18edaca
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
b6af4af29e1d48b627d4a5171bebc811aa3f56c466d3b95aded6a9ca7f1e076e
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
bd1447116ecffcda7152c42b16aeb50badcccb29985863e5a42733b1294599ba
bf14c7d7734b8f9c863b982a4e7b30d4361af8e8747f2ca8672ba58e703e96a3
c92aaceb01ca9e14bf8f6e8a0db8f35a70c91557ed190d3d228037083c33d412
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
d5f471476e1636e23b00991ae8a85d3703ada55bc6d6162472a28aa94fa64d4e
d65905ca64ebb3c1bc89d7002c8dd36d92dd61de88eb24dbcb6dd95ab9e7f63d
d9784dbebcc9549d4fa147bbca0152aeabcd83f260ea7ae3e38ab101f165d55d
dbd9435d4b7a67a71497a1575fafda8fa017d357030bf1872c27a08f6b37402f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e61a5274401d098ca96cd8b36e4030f75bcb644047b18cf0deb1f916c863f126
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2288e5c962da21c29a6cb56f9fc6d1f295bdb7dd02c2d8e51d8573e9d5aa55
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6448c7348c7d90723b7204b9ccb6f59c6df3149fe7311b73eced38e8c16119a
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6a9c0657fb331ee8fe7d68848523108b855bb71bf15e7ddabb0cbd994ef03db
f97fc0f2583c4adcfe48a9e852d52af794ccf152d3e5c2e810d94d76ea4b08c2
fa549a972314078fec775ec30b8088e804e96365216de961d9992c5c2ad361ea
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

ffdecks.com Open in urlscan Pro 2001:4860:4802:32::15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

120 Requests

92 %HTTPS

46 %IPv6

27 Domains

38 Subdomains

35 IPs

7 Countries

4570 kBTransfer

8263 kBSize

22 Cookies

5 Outgoing links

Page URL History

Redirected requests

120 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ffdecks.com Open in urlscan Pro
2001:4860:4802:32::15 Public Scan

Screenshot
Live screenshot

Full Image

120
Requests

92 %
HTTPS

46 %
IPv6

27
Domains

38
Subdomains

35
IPs

7
Countries

4570 kB
Transfer

8263 kB
Size

22
Cookies

120 HTTP transactions
2 data transactions