Submitted URL: http://uspsggw.com/
Effective URL: https://s.id/1SXRG?a=confirm
Submission: On January 11 via manual from US — Scanned from DE

Summary

This website contacted 26 IPs in 5 countries across 18 domains to perform 58 HTTP transactions. The main IP is 193.84.85.178, located in Russian Federation and belongs to STORMWALL-AS, SK. The main domain is s.id. The Cisco Umbrella rank of the primary domain is 96991.
TLS certificate: Issued by R3 on December 21st 2023. Valid for: 3 months.
This is the only time s.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 3 193.84.85.178 59796 (STORMWALL-AS)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 2a02:2638:3::3 44788 (ASN-CRITE...)
1 13.32.110.114 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 34.120.107.143 396982 (GOOGLE-CL...)
1 141.95.98.64 16276 (OVH)
1 63.32.195.36 16509 (AMAZON-02)
2 178.250.1.11 44788 (ASN-CRITE...)
1 35.244.159.8 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
2 142.250.181.230 15169 (GOOGLE)
1 18.66.27.84 16509 (AMAZON-02)
3 4 142.250.186.98 15169 (GOOGLE)
3 5 172.64.151.101 13335 (CLOUDFLAR...)
2 3 37.252.171.52 29990 (ASN-APPNEX)
1 2a00:1450:400... 15169 (GOOGLE)
58 26
Apex Domain
Subdomains
Transfer
20 googlesyndication.com
0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 140
tpc.googlesyndication.com — Cisco Umbrella Rank: 185
170 KB
11 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 407
177 KB
10 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269
googleads.g.doubleclick.net — Cisco Umbrella Rank: 68
ad.doubleclick.net — Cisco Umbrella Rank: 199
cm.g.doubleclick.net — Cisco Umbrella Rank: 338
212 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1194
3 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 356
3 KB
3 openx.net
oajs.openx.net — Cisco Umbrella Rank: 2214
google-bidout-d.openx.net — Cisco Umbrella Rank: 2217
789 B
3 s.id
s.id — Cisco Umbrella Rank: 96991
8 KB
2 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 597
7 KB
2 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1411
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1431
12 KB
2 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1218
id5-sync.com — Cisco Umbrella Rank: 658
29 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 6
1 KB
1 truste.com
choices.truste.com — Cisco Umbrella Rank: 1586
20 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 3020
1 KB
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 894
13 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 2532
8 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 438
1 KB
1 protagcdn.com
protagcdn.com — Cisco Umbrella Rank: 136069
132 KB
1 uspsggw.com
uspsggw.com
664 B
58 18
Domain Requested by
11 pagead2.googlesyndication.com s.id
0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
11 s0.2mdn.net s.id
s0.2mdn.net
0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
7 tpc.googlesyndication.com s.id
0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
4 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
3 securepubads.g.doubleclick.net s.id
securepubads.g.doubleclick.net
3 s.id 1 redirects s.id
2 ad.doubleclick.net s.id
2 gum.criteo.com static.criteo.net
gum.criteo.com
2 oajs.openx.net 1 redirects s.id
2 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 choices.truste.com 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
1 googleads.g.doubleclick.net 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
1 google-bidout-d.openx.net oa.openxcdn.net
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 id5-sync.com cdn.id5-sync.com
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 static.criteo.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 protagcdn.com s.id
1 uspsggw.com 1 redirects
58 26

This site contains links to these domains. Also see Links.

Domain
protagcdn.com
home.s.id
Subject Issuer Validity Valid
s.id
R3
2023-12-21 -
2024-03-20
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
protagcdn.com
E1
2023-12-25 -
2024-03-24
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
oa.openxcdn.net
GTS CA 1D4
2023-11-24 -
2024-02-22
3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-15 -
2024-03-10
3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01
2023-10-08 -
2024-11-05
a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4
2023-12-23 -
2024-03-22
3 months crt.sh
*.id5-sync.com
R3
2024-01-01 -
2024-03-31
3 months crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-01 -
2024-03-01
3 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1
2023-08-18 -
2024-08-18
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.truste.com
Amazon RSA 2048 M02
2023-11-18 -
2024-12-15
a year crt.sh
www.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh

This page contains 10 frames:

Primary Page: https://s.id/1SXRG?a=confirm
Frame ID: 0B229D7FA9182461708DFD598ECEF3D2
Requests: 18 HTTP requests in this frame

Frame: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6AA5E705EC0B621570850E8432D9600E
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=s.id
Frame ID: 5D7C93BF4F8A4CB13E6DEDA0829BAF47
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 718D67889ADC0BE1FBD9F20219EB6034
Requests: 1 HTTP requests in this frame

Frame: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EA4F4787A1C12D222015A4FE738E416D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhifrsLbATAB&v=APEucNXauJUmwcJKEnRu9DHpWNnprsJIF6HroJQgGD8CwdvssPurK-at7aRiYUOsrE8Ryyi1ItnLf_qAjubBVq15Ov3xmAphnfL09EdjiyBQehmkeWvSSlWubv6VAXs32l7HgIm6k8ZxmccduOS60ZXDHou7Fa8M0sNjreJ-0F8pTLEyoBOi-fHvDtzRuEz3akgVeWcChEstQ8zmP4hSRuu5uwQggTJBsg
Frame ID: 0481DB496AB8043823D9A77EFF590A62
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Frame ID: 28CB71E101D0799BACA74779A4DE97C4
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9167C7E446F9FE0E3BDF8129F786E99D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C9002FEA1912D06C313FDC80AA9A2967
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 622981D7D7C9D5CFA0D03409772FD824
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Confirm redirect action

Page URL History Show full URLs

  1. http://uspsggw.com/ HTTP 301
    https://s.id/1SXRG HTTP 302
    https://s.id/1SXRG?a=confirm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

58
Requests

91 %
HTTPS

46 %
IPv6

18
Domains

26
Subdomains

26
IPs

5
Countries

795 kB
Transfer

2342 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://uspsggw.com/ HTTP 301
    https://s.id/1SXRG HTTP 302
    https://s.id/1SXRG?a=confirm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&rid=esp&cc=1
Request Chain 32
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEArgGfCogv0L4KkcmXyRKZ0&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEArgGfCogv0L4KkcmXyRKZ0&google_cver=1&C=1
Request Chain 33
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaAD0dcHFZ2HcqrFRAYEugAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCBCEAOsQVT28CIJKtR1SM&google_cver=1
Request Chain 34
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDptkJohKZERYkmQFB0O1_g&google_cver=1
Request Chain 35
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEzODg3ODI1ODIzNjc3MDQ1OA%3D%3D

58 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 1SXRG
s.id/
Redirect Chain
  • http://uspsggw.com/
  • https://s.id/1SXRG
  • https://s.id/1SXRG?a=confirm
13 KB
5 KB
Document
General
Full URL
https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.84.85.178 , Russian Federation, ASN59796 (STORMWALL-AS, SK),
Reverse DNS
Software
nginx /
Resource Hash
2814a8008b87fc53dc0ed19f34ee99ec3c3750b9a0867288345abfd4926bf291
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=15
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 11 Jan 2024 15:05:51 GMT
server
nginx
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding

Redirect headers

cache-control
private, max-age=15
content-length
0
date
Thu, 11 Jan 2024 15:05:51 GMT
location
https://s.id/1SXRG?a=confirm
server
nginx
strict-transport-security
max-age=15724800; includeSubDomains
output.css
s.id/@dist/
6 KB
2 KB
Stylesheet
General
Full URL
https://s.id/@dist/output.css?hc62g3vc6x93bxak
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.84.85.178 , Russian Federation, ASN59796 (STORMWALL-AS, SK),
Reverse DNS
Software
nginx /
Resource Hash
4a4e21f4670c234b7c1b19b53f3f97cbc1c4b4c99e6f51e4ebab5a1089a79152
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/1SXRG?a=confirm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Fri, 05 Jan 2024 07:22:18 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css; charset=utf-8
gpt.js
securepubads.g.doubleclick.net/tag/js/
97 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4af2ee59534771e165877474178150e44bbc779bec82aecccd3a1774e80dc382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29523
x-xss-protection
0
server
cafe
etag
470 / 19733 / 31080240 / config-hash: 1407827963928654873
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 11 Jan 2024 15:05:52 GMT
site.js
protagcdn.com/s/s.id/
463 KB
132 KB
Script
General
Full URL
https://protagcdn.com/s/s.id/site.js
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:68e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0643a303e0cef60efcda5a6d0fab59bf1bb1a926262e640142310004a6d7b0c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2749
cf-polished
origSize=475024
alt-svc
h3=":443"; ma=86400
pragma
no-cache
cf-bgj
minify
last-modified
Mon, 08 Jan 2024 15:20:20 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XD5A%2Fz%2Fr1SthCecguSFTktuLsAonNpMu17jcE%2BN2yFyncwubtr9joD5zuUiYwk4yJVguQ4yJCGVg5%2B3%2BA5ms2ofCBRxfDLxKaOkUA%2BRtzUCzW5M0pi84Iziuzci%2BiOo98YnGYWmtHIKji%2Fo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
cf-ray
843e0f75486b4db1-FRA
expires
Thu, 11 Jan 2024 15:35:52 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/
436 KB
137 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3399f73a829693c7f1b48d5165488b2794b4449ba99e71e3965416d80a19e329
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 04:28:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
38232
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
140168
x-xss-protection
0
server
cafe
etag
17101759845534740898
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 10 Jan 2025 04:28:40 GMT
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/
732 B
1 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
39893
x-jsd-version
master
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230065-FRA
x-jsd-version-type
branch
server
cloudflare
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aQNpc%2BpJzvkhZrn8M71VrWaeUEFVQmWatn1gIWENlqwYzMzFs%2F8L8ZT7S%2B8eVm3Frog4BAR8NDmV5VnTFtZiuMH1t0WI0FHVVPRjT8nfed%2FRJP8xlkccvArJ8qhf7t3NFpgXcj%2BAujHODQ1KGJg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
843e0f763c384dbf-FRA
esp.js
cdn.id5-sync.com/api/1.0/
114 KB
29 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7bf4f406f5a9bf165c21dfebea2257eab80882e23e887a24756956daac44373
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 11:20:59 GMT
server
cloudflare
x-amz-request-id
98V47QQRQBB1H96A
age
1427
etag
W/"3732dd6fc229ed015d7d7eddf157953f"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
843e0f762c815b98-FRA
x-amz-id-2
LLVA+vqa0Oh0heny89/8P0nfxp+zIdnneOaCpgIwTJSOykl2BIpgwhWBjtwGdEQ0xHXNPNef+1nKJEDhB6C52g==
esp.js
oa.openxcdn.net/
24 KB
8 KB
Script
General
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 23:37:25 GMT
content-encoding
gzip
age
142107
x-guploader-uploadid
ABPtcPrYI9WjI8qWERv8Pq3_qL_rWNQzx2w0AQ9duzs5vDQZtPMEVroiATrDFn5QEswUa23PPA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Wed, 08 Jan 2025 23:37:25 GMT
publishertag.ids.js
static.criteo.net/js/ld/
42 KB
13 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
9bec4810857c8523bd1c6966212260eabb19826bb94394bb19856f7dd92b1c32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 04 Jan 2024 12:38:38 GMT
server
nginx
etag
W/"6596a6ce-a9b8"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 12 Jan 2024 15:05:52 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/
39 KB
12 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-114.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 05:37:13 GMT
content-encoding
gzip
via
1.1 e77ae8cfd42b65dd9027fa08596c6f2a.cloudfront.net (CloudFront)
last-modified
Wed, 06 Sep 2023 15:56:57 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
age
34120
x-amz-server-side-encryption
AES256
etag
W/"e073e71ed7a44e6f9cdd72904fda5940"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
ZPtmM_FXhKXa6iXJOeUqXIcfRHVndCzZG3yZnENEKogFPIGxShz0lg==
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/
1 KB
1 KB
Script
General
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 03 Aug 2023 03:28:51 GMT
server
Google Frontend
etag
fc4e6bfe266081c4873c6f08c8298e5c
content-type
text/javascript; charset=utf-8
x-cloud-trace-context
67e89a76993ed25883a055f062551317
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1207
ads
securepubads.g.doubleclick.net/gampad/
110 KB
44 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4187391733554270&correlator=2961988870198467&eid=31080290%2C31080299%2C31080240%2C31079527&output=ldjh&gdfp_req=1&vrg=202401040101&ptt=17&impl=fifs&iu_parts=162717810%3A22766112657%2Cs.id%2Cin_content&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=468x280%7C336x280%7C320x100%7C320x50%7C300x300%7C300x250&ifi=1&didk=3656045228&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1704985552340&lmt=1704985552&adxs=566&adys=701&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&vis=1&psz=592x0&msz=592x0&fws=4&ohw=1600&ga_vid=1746997702.1704985552&ga_sid=1704985552&ga_hid=1903456198&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQYw8u7yM8xSABSAghkEhsKDGlkNS1zeW5jLmNvbRjDy7vIzzFIAFICCGQSGQoKcHViY2lkLm9yZxjCy7vIzzFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yw8u7yM8xSABSAghkEhcKCHJ0YmhvdXNlGMPLu8jPMUgAUgIIZBIUCgVvcGVueBjDy7vIzzFIAFICCGQ.&dlt=1704985551995&idt=306&prev_scp=env%3Dprod%26site%3Ds.id%26referrer%3D-%26protag_env%3Dprod%26protag_page-url%3Dhttps%253A%252F%252Fs.id%252F1SXRG%253Fa%253Dconfirm%26protag_template%3Dsite%26utm_campaign%3D-%26utm_source%3D-%26utm_medium%3D-%26utm_term%3D-%26utm_content%3D-%26protag_ref%3Dother%26protag_ref_group%3Ddirect%26protag_ref_paid%3Dfalse%26protag_segment_20m%3D45%26protag_minutes%3D05%26protag_hours%3D15%26protag_day%3D4%26protag_native%3Dnative%26protag_enable_native%3Dtrue%26pa_upr%3D0.00%26protag_upr%3D0.00%26protag_opt_u%3D0%2CX%26protag_proSlotId%3Dprotag-in_content&adks=3108647390&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b79ebd49ccbd292fcfe434c2c6b67e272b2857f1542a8496c98e3325ded7608d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
45334
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://s.id
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6AA5
6 KB
3 KB
Document
General
Full URL
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jan 2024 15:05:52 GMT
expires
Fri, 10 Jan 2025 15:05:52 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&rid=esp&cc=1
85 B
194 B
Fetch
General
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&rid=esp&cc=1
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Server
34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
143.107.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
43833f13156efe7c6c9ea817e49f2dc6be0a8cc23a714706ac3c0a5091494de6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:52 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-0ZOk4n0s6rHmZK2VPvFU+oHwMXo"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.id
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Thu, 11 Jan 2024 15:05:52 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://s.id
location
/esp?url=https%3A%2F%2Fs.id%2F1SXRG%3Fa%3Dconfirm&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
increment
id5-sync.com/api/esp/
0
220 B
XHR
General
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://s.id/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://s.id
date
Thu, 11 Jan 2024 15:05:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
map
bcp.crwdcntrl.net/6/
60 B
325 B
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.195.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-195-36.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
69224ee116924f6bac454f18aa99e451ba24d0398e61430a6b005404154baa7a

Request headers

Referer
https://s.id/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:52 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://s.id
cache-control
no-cache
x-server
10.45.1.9
access-control-allow-credentials
true
content-length
60
expires
0
syncframe
gum.criteo.com/ Frame 5D7C
14 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=s.id
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://s.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jan 2024 15:05:52 GMT
server
Kestrel
server-processing-duration-in-ticks
327682
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
pd
google-bidout-d.openx.net/w/1.0/ Frame 718D
199 B
298 B
Document
General
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e

Request headers

Referer
https://s.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
151
content-type
text/html
date
Thu, 11 Jan 2024 15:05:52 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
container.html
0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EA4F
6 KB
3 KB
Document
General
Full URL
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jan 2024 15:05:52 GMT
expires
Fri, 10 Jan 2025 15:05:52 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 0481
624 B
825 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhifrsLbATAB&v=APEucNXauJUmwcJKEnRu9DHpWNnprsJIF6HroJQgGD8CwdvssPurK-at7aRiYUOsrE8Ryyi1ItnLf_qAjubBVq15Ov3xmAphnfL09EdjiyBQehmkeWvSSlWubv6VAXs32l7HgIm6k8ZxmccduOS60ZXDHou7Fa8M0sNjreJ-0F8pTLEyoBOi-fHvDtzRuEz3akgVeWcChEstQ8zmP4hSRuu5uwQggTJBsg
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jan 2024 15:05:53 GMT
expires
Thu, 11 Jan 2024 15:05:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame EA4F
111 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
Origin
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 10 Jan 2024 21:44:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 11 Jan 2024 21:44:20 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/ Frame EA4F
7 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 00:01:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
54273
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3071
x-xss-protection
0
server
cafe
etag
10674441169935035545
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 25 Jan 2024 00:01:20 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame EA4F
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 00:01:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
54272
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9276
x-xss-protection
0
server
cafe
etag
3558958386372919956
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 25 Jan 2024 00:01:21 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame EA4F
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 22:05:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
234017
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Jan 2025 22:05:36 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame EA4F
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 13:34:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
5473
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 25 Jan 2024 13:34:40 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame EA4F
20 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 10 Jan 2024 23:10:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
57318
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 24 Jan 2024 23:10:35 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EA4F
42 B
173 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AdjCjJl8C0pxkry-yYNiOojcbw1ME4YCAnB3gpcYrgu3FlAY5MMk8KthLP1hMrDKsY1Ws0YV8wfmygvlZNQzHPdM4EmH-eBREuboE417qBP5fJ_ag
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame EA4F
205 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
148914fac032598dfa94957aee1addc57bff67ba08e902552d4aa42ae7fdf64e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 14:55:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
627
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63128
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 11 Jan 2024 15:55:26 GMT
index.html
s0.2mdn.net/sadbundle/9189209006363984106/ Frame 28CB
38 KB
6 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da2ccd06aadf511fb83918286e9154aa7d1d08a5c83d5ddf5a4d6f8d30f9bf58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
195232
allow-fenced-frame-automatic-beacons
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
6113
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 09 Jan 2024 08:52:01 GMT
expires
Wed, 08 Jan 2025 08:52:01 GMT
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
ad.doubleclick.net/pcs/ Frame EA4F
0
0
Fetch
General
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjstIP6t6oW7V2HUFWG-wXovzGflXxc2tS7j3p54YCd2iTP7Hfl53Zro6WFNZCCXe0WoHKjESlTQEi6VS5h9UAyTppbHC0uwIrihR8SI6IZRD2EZX1AHa26Z82OL1S4v6wPgNGranmL9PjNA2Uiey7Bb8ev2Vp3PSv0KCWz7aeCEamt4oYqO_C6rU9jDuYvnYTlnTl-pMfMaT_e-ka-HMtlFTA6fjz00CifFY2Zrow8Gb4daJGLHpvwkDBXrpftvcQhfXyQbH85JjbyIk3IT3XzYyuJzB_rmpT5kqZuUO81DrmWxq-vpP-8BZUNGlKIpfD4dyIYAKYIICBsomi0FVi_M_lVjNhN1r00ol8WsMB1EA2aOC8JPza1wCMttvet8em2TjKgqXGlNE7e7qtclVu0OdO_GCEs7XkPUPL439ntnBN5v5pB82DIV93X0uHFQyRLzNbpyFgRTllGqnNAx5aCvFLg1yH5Hvlh4nofKO11Vny61Fvr0PUeobxfCPUS4pglo0UYwnqzdQ2Fdr7UdeEgAXP6hgCDoS9wmDiD-W5Sd3ozrc1Z_SjFgMx_IGE3dUCKtQDBKZCS4owh9u9RKJWz_MEjFt0OyDR7BN3nwbWs84dhSWvi7Gow_vevAe4MujACQBfxPgPL-aP4ob-KTU6LlXEAytYjnaQ886gAOBLB8Z4UtpDPRXLQLII52K5K064vDsZxs3BRJzs0Cd3wox0ji7tbBbYsTaSF2gd6Y0IuCDhe34NZbeSUK2bVs_jFG29wP4lJgCkfSYOkA0w1q78XEFKzu75WjpTZhNmUUj5GAEUpYvaC39W7y9vELNjaTMNnjbHRxJaoH35SUlgBc1eCmNyaHRf8nBJAiO285u5dPZ-nbC-xgr5n7rC546AB732PTXY0sdLFbTgTYXZOa4MFoJ6aEBfmjMgHDctqWaak0Z_JFTwl-VGq_eQvWVnxW-c0NjR9TvgZxcUyiKuAiORNX8dFKPUmwNdsqKX3_h8CYacSFVRlrQp92y3q3pwLJpoNokhlTdnsB1stSzlgEu8vXVpSCFrpl8WgEOiiC6D9kJ77MkSBEto7QV0u1rhuz1z8F0-f5-kdbyMmMQ-8KhyIqCehoaFtoymXYlKhyJxktrsXkByaWMbX9QKNt-rb65cAch6aSL7XTpO4v1M6mFcQqLY-PD0ArKt2I-pYyt43TQin1YPqsq2hKQoW_t6UvZPcoQu5NGSvGUciN7hzU7IQixs_8racy1xPW4LezmFw2EFhkURioPNanxMWE50DQ2SZmvEsxT5w5Tg-ikj7Ldpbin79WCpPc54ueed6dwtt9B7qyPIUk5jFChxWhjpoYC3sEk9bwfR6RI4LbHcCVTmEpPIkrI-JTH6w&sai=AMfl-YSZqM6rFeCy7cpEnPhCA1eT6fE7C-lcXqnDIGfxnNV7U_XzeiZK3xqhqnTXPrHUjT9N3iEoPol_lXyJ8useGURevm6_ApYWSTN2LJq62z4yU40RR6XJlFnvnY4DPOWNyrL-N7l63Se5OV4r7f52vYH1qGPSP32krXo7-VdrmJdJdTtXCuNz3DZQaYsepFcFRSkF0ffXowWQ8Shd1bRXQjKEple00HpuYYX98KeLr4FCxCNUDgfLCxaqvgs3SoYMnoSkmcgK5x7v35GShZso7P2_S6aMJWP5HF3NgzvxKnfrEN4rAva2PMNbSThbV-M-qh7qvH4dTJL2ROsLxtnM26WDd8e6vVYR-zOuW1xdDinsYUQ13_nShJxEMlIxFIcvdE779XYzhxpKq5RDjCiOsIfd1HBF2qxCIHhcoDOyMNkY-jyYL_sRl3R-OyqoC0dUG6WCam_c4EySU2RfUU_kiqiZ_g0saHdaEs9m9E1cWRlY80nYe86JDZ2ECupsNuGvPewB2jQ&sig=Cg0ArKJSzHRaBUdxkiHUEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ocGUuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=46&cbvp=1&cstd=43&cisv=r20240109.06602&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 11 Jan 2024 15:05:53 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 11 Jan 2024 15:05:53 GMT
ca
choices.truste.com/ Frame EA4F
20 KB
20 KB
Image
General
Full URL
https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont2&w=300&h=250
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.27.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-27-84.vie50.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 08:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 8fc54d3acff9539327f4d7a6bf40a31e.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop
VIE50-P1
cross-origin-embedder-policy
unsafe-none
age
24412
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
7204
x-xss-protection
1; mode=block
referrer-policy
origin
server
nginx
cross-origin-opener-policy
unsafe-none
expect-ct
max-age=31536000
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, Origin
content-type
text/javascript;charset=UTF-8
cache-control
max-age=3600
permissions-policy
geolocation=(), microphone=(), payment=()
x-amz-cf-id
LGgM9AbJh42GTGVl9J_rAJRCb-RtjKY_tdmsjRP40UcbHlDgFWyxng==
expires
Thu, 11 Jan 2024 09:19:01 GMT
truncated
/ Frame EA4F
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b011b0f094192790ba1a716df36875dba6032ad8084f6c9303376ab87d1c168b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/png
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 9167
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
234017
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 08 Jan 2024 22:05:36 GMT
expires
Tue, 07 Jan 2025 22:05:36 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
rum
dsum-sec.casalemedia.com/ Frame 0481
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEArgGfCogv0L4KkcmXyRKZ0&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEArgGfCogv0L4KkcmXyRKZ0&google_cver=1&C=1
43 B
772 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEArgGfCogv0L4KkcmXyRKZ0&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhifrsLbATAB&v=APEucNXauJUmwcJKEnRu9DHpWNnprsJIF6HroJQgGD8CwdvssPurK-at7aRiYUOsrE8Ryyi1ItnLf_qAjubBVq15Ov3xmAphnfL09EdjiyBQehmkeWvSSlWubv6VAXs32l7HgIm6k8ZxmccduOS60ZXDHou7Fa8M0sNjreJ-0F8pTLEyoBOi-fHvDtzRuEz3akgVeWcChEstQ8zmP4hSRuu5uwQggTJBsg
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QCIElxHGcxCHeJROahC%2BxAA%2FXqTnW8SlBmpVrmmyO5KEnmeqfz53oZ3%2B99fHxFCIWLBevXJHf2Pj%2FBJU4iv6Oo6MrMAZbgNzsEO2bhpcb%2FmcXoatP%2FT3mv4uusHwqHagfmLriyn6pfTgVw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
843e0f7dad97912a-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BxqB5HbQr%2B3yuR38VXuHuAvfeymKuyoyQw1sEDFgGL9glS9yNrUPj91l96T5hGkobQBv3K9%2FBlV%2Bsbow4IY%2BkISc%2FrvBUkd5kYxO1luocLa7omGXyaWUVDQXvsXi%2BrWqLRx%2Fz4M3N2gqpg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEArgGfCogv0L4KkcmXyRKZ0&google_cver=1&C=1
cache-control
no-cache
cf-ray
843e0f7d7add9104-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame 0481
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaAD0dcHFZ2HcqrFRAYEugAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCBCEAOsQVT28CIJKtR1SM&google_cver=1
43 B
733 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCBCEAOsQVT28CIJKtR1SM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhifrsLbATAB&v=APEucNXauJUmwcJKEnRu9DHpWNnprsJIF6HroJQgGD8CwdvssPurK-at7aRiYUOsrE8Ryyi1ItnLf_qAjubBVq15Ov3xmAphnfL09EdjiyBQehmkeWvSSlWubv6VAXs32l7HgIm6k8ZxmccduOS60ZXDHou7Fa8M0sNjreJ-0F8pTLEyoBOi-fHvDtzRuEz3akgVeWcChEstQ8zmP4hSRuu5uwQggTJBsg
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teDIw506t7z0cSIpknkGnx11he%2FqjATnHQrX1AJnZ7Ih70qh%2ByXXg7025LzDU6AnUrZCInNye3viGGxJyDQTQj2Lckb8vdIr8hZBdj9tUA5gBdWXO%2FicjkE%2F0IDa6EHh41CDP4oD8FrCiw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
843e0f7dbdb7912a-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCBCEAOsQVT28CIJKtR1SM&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 0481
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDptkJohKZERYkmQFB0O1_g&google_cver=1
43 B
1005 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEDptkJohKZERYkmQFB0O1_g&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhifrsLbATAB&v=APEucNXauJUmwcJKEnRu9DHpWNnprsJIF6HroJQgGD8CwdvssPurK-at7aRiYUOsrE8Ryyi1ItnLf_qAjubBVq15Ov3xmAphnfL09EdjiyBQehmkeWvSSlWubv6VAXs32l7HgIm6k8ZxmccduOS60ZXDHou7Fa8M0sNjreJ-0F8pTLEyoBOi-fHvDtzRuEz3akgVeWcChEstQ8zmP4hSRuu5uwQggTJBsg
Protocol
H2
Server
37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
an-x-request-uuid
63376720-613c-4c50-a36f-83d556e78ac6
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
45.141.152.75; 45.141.152.75; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEDptkJohKZERYkmQFB0O1_g&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0481
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEzODg3ODI1ODIzNjc3MDQ1OA%3D%3D
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEzODg3ODI1ODIzNjc3MDQ1OA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhifrsLbATAB&v=APEucNXauJUmwcJKEnRu9DHpWNnprsJIF6HroJQgGD8CwdvssPurK-at7aRiYUOsrE8Ryyi1ItnLf_qAjubBVq15Ov3xmAphnfL09EdjiyBQehmkeWvSSlWubv6VAXs32l7HgIm6k8ZxmccduOS60ZXDHou7Fa8M0sNjreJ-0F8pTLEyoBOi-fHvDtzRuEz3akgVeWcChEstQ8zmP4hSRuu5uwQggTJBsg
Protocol
H2
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
an-x-request-uuid
47623a60-a105-4d5b-acb7-e5fc4474ec88
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEzODg3ODI1ODIzNjc3MDQ1OA%3D%3D
x-proxy-origin
45.141.152.75; 45.141.152.75; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
db0bae6e91cd028547a7cf9529e12809.js
s0.2mdn.net/sadbundle/9189209006363984106/ Frame 28CB
136 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/db0bae6e91cd028547a7cf9529e12809.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87ce3aed2e4d44e8e06ca7612537c91f91b8aad4221b272a7f7e149c02f23519
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:58:45 GMT
date
Tue, 09 Jan 2024 08:58:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194828
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39995
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
pagead2.googlesyndication.com/bg/ Frame 9167
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 09:51:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
18834
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15229
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 Jan 2025 09:51:59 GMT
f4474e408ad33c038ba96f2b9276c29c.jpg
s0.2mdn.net/sadbundle/9189209006363984106/media/ Frame 28CB
4 KB
4 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/media/f4474e408ad33c038ba96f2b9276c29c.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d03f0913de3fe164a746707b45840e9c28868155c845fe85e95fe8dd2a26fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:58:17 GMT
date
Tue, 09 Jan 2024 08:58:17 GMT
x-content-type-options
nosniff
age
194856
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4300
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
395d370bde56edb1a7a13cb7c151fd9f.svg
s0.2mdn.net/sadbundle/9189209006363984106/media/ Frame 28CB
4 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/media/395d370bde56edb1a7a13cb7c151fd9f.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae9ec49acaff45c6a341e9a552d546bd6fea845331c314261be35a40c37ddc7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:59:55 GMT
date
Tue, 09 Jan 2024 08:59:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194758
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1630
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
metrichpe_501_normal.ttf
s0.2mdn.net/sadbundle/9189209006363984106/fonts/ Frame 28CB
59 KB
24 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/fonts/metrichpe_501_normal.ttf
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3865c0dbe6b11b3a32b8c600acaeda70bae7b1f8287d566bcc0613c217907f2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:46:30 GMT
date
Tue, 09 Jan 2024 08:46:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195563
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24241
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
view
ad.doubleclick.net/pcs/ Frame EA4F
0
0
Fetch
General
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjstIP6t6oW7V2HUFWG-wXovzGflXxc2tS7j3p54YCd2iTP7Hfl53Zro6WFNZCCXe0WoHKjESlTQEi6VS5h9UAyTppbHC0uwIrihR8SI6IZRD2EZX1AHa26Z82OL1S4v6wPgNGranmL9PjNA2Uiey7Bb8ev2Vp3PSv0KCWz7aeCEamt4oYqO_C6rU9jDuYvnYTlnTl-pMfMaT_e-ka-HMtlFTA6fjz00CifFY2Zrow8Gb4daJGLHpvwkDBXrpftvcQhfXyQbH85JjbyIk3IT3XzYyuJzB_rmpT5kqZuUO81DrmWxq-vpP-8BZUNGlKIpfD4dyIYAKYIICBsomi0FVi_M_lVjNhN1r00ol8WsMB1EA2aOC8JPza1wCMttvet8em2TjKgqXGlNE7e7qtclVu0OdO_GCEs7XkPUPL439ntnBN5v5pB82DIV93X0uHFQyRLzNbpyFgRTllGqnNAx5aCvFLg1yH5Hvlh4nofKO11Vny61Fvr0PUeobxfCPUS4pglo0UYwnqzdQ2Fdr7UdeEgAXP6hgCDoS9wmDiD-W5Sd3ozrc1Z_SjFgMx_IGE3dUCKtQDBKZCS4owh9u9RKJWz_MEjFt0OyDR7BN3nwbWs84dhSWvi7Gow_vevAe4MujACQBfxPgPL-aP4ob-KTU6LlXEAytYjnaQ886gAOBLB8Z4UtpDPRXLQLII52K5K064vDsZxs3BRJzs0Cd3wox0ji7tbBbYsTaSF2gd6Y0IuCDhe34NZbeSUK2bVs_jFG29wP4lJgCkfSYOkA0w1q78XEFKzu75WjpTZhNmUUj5GAEUpYvaC39W7y9vELNjaTMNnjbHRxJaoH35SUlgBc1eCmNyaHRf8nBJAiO285u5dPZ-nbC-xgr5n7rC546AB732PTXY0sdLFbTgTYXZOa4MFoJ6aEBfmjMgHDctqWaak0Z_JFTwl-VGq_eQvWVnxW-c0NjR9TvgZxcUyiKuAiORNX8dFKPUmwNdsqKX3_h8CYacSFVRlrQp92y3q3pwLJpoNokhlTdnsB1stSzlgEu8vXVpSCFrpl8WgEOiiC6D9kJ77MkSBEto7QV0u1rhuz1z8F0-f5-kdbyMmMQ-8KhyIqCehoaFtoymXYlKhyJxktrsXkByaWMbX9QKNt-rb65cAch6aSL7XTpO4v1M6mFcQqLY-PD0ArKt2I-pYyt43TQin1YPqsq2hKQoW_t6UvZPcoQu5NGSvGUciN7hzU7IQixs_8racy1xPW4LezmFw2EFhkURioPNanxMWE50DQ2SZmvEsxT5w5Tg-ikj7Ldpbin79WCpPc54ueed6dwtt9B7qyPIUk5jFChxWhjpoYC3sEk9bwfR6RI4LbHcCVTmEpPIkrI-JTH6w&sai=AMfl-YSZqM6rFeCy7cpEnPhCA1eT6fE7C-lcXqnDIGfxnNV7U_XzeiZK3xqhqnTXPrHUjT9N3iEoPol_lXyJ8useGURevm6_ApYWSTN2LJq62z4yU40RR6XJlFnvnY4DPOWNyrL-N7l63Se5OV4r7f52vYH1qGPSP32krXo7-VdrmJdJdTtXCuNz3DZQaYsepFcFRSkF0ffXowWQ8Shd1bRXQjKEple00HpuYYX98KeLr4FCxCNUDgfLCxaqvgs3SoYMnoSkmcgK5x7v35GShZso7P2_S6aMJWP5HF3NgzvxKnfrEN4rAva2PMNbSThbV-M-qh7qvH4dTJL2ROsLxtnM26WDd8e6vVYR-zOuW1xdDinsYUQ13_nShJxEMlIxFIcvdE779XYzhxpKq5RDjCiOsIfd1HBF2qxCIHhcoDOyMNkY-jyYL_sRl3R-OyqoC0dUG6WCam_c4EySU2RfUU_kiqiZ_g0saHdaEs9m9E1cWRlY80nYe86JDZ2ECupsNuGvPewB2jQ&sig=Cg0ArKJSzHRaBUdxkiHUEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ocGUuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=133&vt=11&dtpt=87&dett=3&cstd=43&cisv=r20240109.06602&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: s.id
URL: https://s.id/1SXRG?a=confirm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
f4474e408ad33c038ba96f2b9276c29c.jpg
s0.2mdn.net/sadbundle/9189209006363984106/media/ Frame 28CB
4 KB
4 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/media/f4474e408ad33c038ba96f2b9276c29c.jpg
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d03f0913de3fe164a746707b45840e9c28868155c845fe85e95fe8dd2a26fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:58:17 GMT
date
Tue, 09 Jan 2024 08:58:17 GMT
x-content-type-options
nosniff
age
194856
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4300
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
7b62379d7bf7adfde5d067bd0a2517ba.jpg
s0.2mdn.net/sadbundle/9189209006363984106/media/ Frame 28CB
6 KB
6 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/media/7b62379d7bf7adfde5d067bd0a2517ba.jpg
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
28b31845737b8e6ce773e00185fe739aeef36100a614eacb4562ce5e36494ac1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 09:01:04 GMT
date
Tue, 09 Jan 2024 09:01:04 GMT
x-content-type-options
nosniff
age
194689
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5897
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
bf92c8be83eeb2dbf186eb1436ebcb5e.svg
s0.2mdn.net/sadbundle/9189209006363984106/media/ Frame 28CB
4 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/media/bf92c8be83eeb2dbf186eb1436ebcb5e.svg
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6648009549b81e81582f3fb8345dd6305ee4a232fd4eac4fd803a78cb69b0c1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:49:01 GMT
date
Tue, 09 Jan 2024 08:49:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195412
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1630
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
metrichpe_401_normal.ttf
s0.2mdn.net/sadbundle/9189209006363984106/fonts/ Frame 28CB
60 KB
25 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/fonts/metrichpe_401_normal.ttf
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
671fca35d060e3ce06bbe0848b80e47be23f3322befbeb57bbce5d46994c846b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:57:44 GMT
date
Tue, 09 Jan 2024 08:57:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194889
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26072
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
metrichpe_601_normal.ttf
s0.2mdn.net/sadbundle/9189209006363984106/fonts/ Frame 28CB
61 KB
26 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/9189209006363984106/fonts/metrichpe_601_normal.ttf
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
39c7c602e0d57a569539f7e8e0b2d75a9f5aa9bb38d59782d2011d9e35c07d77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9189209006363984106/index.html?ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 08:50:42 GMT
date
Tue, 09 Jan 2024 08:50:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195311
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26501
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 15:55:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
json
gum.criteo.com/sid/ Frame 5D7C
438 B
553 B
Fetch
General
Full URL
https://gum.criteo.com/sid/json?origin=publishertagids&domain=s.id&sn=ChromeSyncframe&so=0&topUrl=s.id&cw=1&lsw=1&topicsavail=0&fledgeavail=0
Requested by
Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=s.id
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
94383d53523892c0a41947290ad68feb7e82c8b12e1fe0eaef3db0d56799d5da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=s.id
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1141273
expires
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9167
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B2ONf0AOgZdHGF4yF_NUPtP-BwAsAAAAAOAHgBAI&bg=!T0ylTAPNAAaumcC-jpk7ADQBe5WfOCHLikL51Q0CvB5aY-4xe-OTwlTFVWVKKurNRBnF2yTlXNgJFRkosi2n3x7RVxwmAgAAAClSAAAAAWgBBwoABMM_5x2ZAvpLqgRtgL5-_FpbY9YI-ghmWbmHxKF2ZbAyZZJRrjqRwbPyJ8aAQXDjJePzKFuJgZuJtZg4wjx8IrxODzveZwaocjxj_vh2jXi-OdNCx2jZsLxQEqMGna3BPJoAHj91_NiZHzsBZYFkcXw4_u1iQ-uciTgn5rorL4oad4dt7LoOU2NnB7SQ6VMBqpk650p1nTrllar-jFP1cLQptcZ6okKygHAz5iaJQgOVS_RN9CV5EqAtHLRf5dw3FrBwRDWcBhcEXsmne92NPZN78mIULawMf67T3Oi8-raaKQVZioJE1XtMD_Q2RYd1zMIPqLnVkddTrJGibtyZZz2CsA5VHSIXft0GhgNdpXuqml5Rky_hHWTajBYtnfySeyNYNkjVPopBb3o2YHgmObBk5cjpHeVHTXpZ2iE3tVBk1IxBWrsnE3z8a83jqqp6411WQRu3sgcZtGz3fNv46rzAoxQ6B4LSPk5EPPgL42ABYAQC9_3advWWzmNdFwYTuWT0m3UrXa864_wpBtetl3V3ASqvn1jzSDurtbCyduPfIMzYHfjW5yMMouWrF-gu_1-EIuSOEw2hrUZJlQpt2bud1q7vz8ouXuUSY3nY6JKgG-GCEBMRdBxfcUJ2x80i_7js45l8m4FbkWJGRzDhsAhNXZUW7R6KcCQDSvVyIHXygQw5xpKEBJKNjgNQQFp_kXKRTZJam3nt4-VhJObJUoBeYr9vEaX0Efv2OEAdrbd7fFnFKHoUD0pLIZx3sEyc3FbiRjzRFw1mttJ-k_S89LAJXGbsk5aLyw7cYvLE64AjbdIHh5bcG60Thx-NZj6jOp3H09RJPDhCvr2LDH7xL_38QCITveKzdXqcCG-JFwvzp27z7hMh1n30OJ69-KGpD_wfsGWjVf1rb-T4dF5-8k1819ZoNfwuFzAAhaB18T6i-WMIAYlEpgpsYm_WOtPtMQixBY-MeE_ptjohYFAyzECRzeb4cz0-89ap3X_15ikUd3_lSCeQWjhSY9DetVo_ASY
Requested by
Host: 0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
URL: https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401040101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8bbc9ac2b94c5aa5ea55e687243138595554ba9d78ebb8f78fb8d9dd1601db1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:53 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12193
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401040101/pubads_impl.js?cb=31080240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 11 Jan 2024 15:05:53 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C900
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
5473
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jan 2024 13:34:40 GMT
expires
Fri, 10 Jan 2025 13:34:40 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 6229
829 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f8fb0e8f944bee90cdac8070e30a10058d44e6ea1b3828cb3042323b92da23c3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hTYxLTfrYXLWRKXWNWjOmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://s.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-hTYxLTfrYXLWRKXWNWjOmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jan 2024 15:05:53 GMT
expires
Thu, 11 Jan 2024 15:05:53 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
pagead2.googlesyndication.com/bg/ Frame C900
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 09:51:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
18834
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15229
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 Jan 2025 09:51:59 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 6229
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401040101&jk=4187391733554270&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame C900
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?_sFhYg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 15:05:53 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame EA4F
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuwkl_6A5XpvNYYXW2DCcoxPghY5MJImXWo78tDcbcCz8Hrq9pBIHoIJBAHujxQJy3lkx_v6Vs7LOIgpssJxV8nSK1i-Io8_lwJTbQm-xztpuJ2jxArHK_YjwnTvAQ5_pLpK80kjt5FTUaCeYIi2FLwDIwM&sai=AMfl-YSbsdAk07JG-ZDf_zBs3X3zBUo1Bo6j5LxqkmMMHJFrOrdde8v6b1qwTlEzp61sW91MqCyukLfgLUOe7Z9uGUctYvb6ZUfWqU6jWqd1UFHf8yktMHEeKStQ7TyRFES2AskYGVdqiuOp6c5_vZkl&sig=Cg0ArKJSzKf0EO79PyL_EAE&cid=CAQSTgAvHhf_oc6pJLWc_aAXsaPth5O-F3659BTb-xVKlycujUqfyELUGQDtsGPUMxXTYUb5wrLX4kPzsRJNcRiTJgINKJBsbw2U_XxAGgKsyRgB&id=lidar2&mcvt=1000&p=570,650,820,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240109&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3108647390&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704985552838&rpt=240&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jan 2024 15:05:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401040101&jk=4187391733554270&bg=!U1ClUB_NAAaumcC-jpk7ADQBe5WfOLT6q5u3OnSD4zwnh32cgMoN8nZbfHHjnugAM2yeh3WKh-9yazsAdUnF4B75aLkgAgAAAD5SAAAAAmgBBwoATvk4auGXrzr1A3ei772Du785lahdOBbSiHj0wCSNYSEE1iWxGu60Qp3dHjdlF_GcPYdKsa5TyedkYofy-87jhVwdTYjOOzUsmzEz0kV-TJkCrd926MZnUVqA6d7d2IbbTPMsocXInlZhYZQ5f2ujno_AQHdncTUOMzD82ab5ZaevcYNM-I0SLcvwXmmSjPqLS4X6aEVmW7gqpUniD2rADg44fg9bGa1jaZKnRjM-Vs_e0lgn-7W-EiwGxSqL09pbP_eAbXXUtEANXbEhusPgd5becuA7HhbVOT1i9C_ndVcl-Bh-E7pr77FoXRgqD9ha8SDbL_pgVDBD_Y-kCydPJQFPkKArk1fwk8yWKMU-L61aHZe6xUL-dbcsn-81pnaZGFJC2A0L3LDfJof-lDt1VknhPrmV1KybB45XEKkyr9dOmTuNUz_zNEnfM9ASKrgJCgKmPMLdqZ7yW7wbMd6ISovw4Hr--tp9N0CBuXBKZSV2hbLnrqmEEzjwKFR2FvIWGs7mB8Z49cXPsb9CwEqqTf1fe8eG097gYCf0Xu3G5hCqD0a_OxZIeG9lwUq4AIW0xbBYKJB5ZkjQ1QPbfWzQL9XVjvxA9Gg0V92EAgYy86oUMr_oTM4EzxbZp9WBJlt78PQ7jNZdvCeMBT4H-QxTIqjTyO-9bMFKkAWdWnRIU2_dA4VGDfywKKojGfFBiRMc-yrdyUbCVq21NWnO6Z6yNLpi2h6kMRJ746Yk1JQhgFiRcvzaX6Ev1YnZ1nfiX6bA-EMaScgImn8-2GxeYsvHHpesHq5j46nNYUoqvbPNIvhY-KyQLwIiyQ5hf_MhwI5kzAeW-w9AfJsC1GDs5Oi_iQz2uHHqjn_GFok71VA9nM-8FcpMfgFhi1GzoOlZH8KHB4lUj-Llzqiv0XXmMjjyV-OHDG0UhYbhu7hHY-xqTU_3pp48w0OZjlbKfcGHjPRC676q3Hl892_kHqgRAYz-EGm7jLuQdIrfsaSg2naq5KTDi8bjHcIOOYwWXo-e7jA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| documentPictureInPicture object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue object| protag undefined| google_measure_js_timing string| protag_matomo_domain string| protag_matomo_SiteID object| google_reactive_ads_global_state number| google_unique_id object| gaGlobal object| regeneratorRuntime object| ox_esp object| pbjs function| lotameIsCompatible function| sync16589_aa function| sync16589_c undefined| sync16589_d undefined| sync16589_ba undefined| sync16589_e function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ga object| sync16589_v object| sync16589_oa object| sync16589_xa object| sync16589_ya function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_w function| sync16589_ha function| sync16589_ia function| sync16589_y function| sync16589_ja function| sync16589_z function| sync16589_A function| sync16589_x function| sync16589_B function| sync16589_ka function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_J function| sync16589_K function| sync16589_L function| sync16589_la function| sync16589_ma function| sync16589_na function| sync16589_M function| sync16589_N function| sync16589_pa function| sync16589_O function| sync16589_qa function| sync16589_ra function| sync16589_sa function| sync16589_P function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_wa function| sync16589_Q function| sync16589_R function| sync16589_za function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_Aa function| sync16589_W function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_Ea function| sync16589_Ba function| sync16589_1 function| sync16589_Da function| sync16589_Ca function| sync16589_2 function| sync16589_3 function| sync16589_4 function| sync16589_5 function| sync16589_Ga function| sync16589_Ha function| sync16589_Ja function| sync16589_Fa function| sync16589_7 function| sync16589_Ia function| sync16589_La function| sync16589_Ka function| sync16589_8 function| sync16589_6 function| sync16589_9 function| sync16589_Ma function| sync16589_Na function| sync16589_Oa function| sync16589_Pa function| sync16589_$ function| sync16589_Qa function| sync16589_Ra function| sync16589_Sa function| sync16589_Ta object| lotame_sync_16589 object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_147 object| Criteo object| Criteo_identitytag_147 object| GoogleGcLKhOms object| google_image_requests

13 Cookies

Domain/Path Name / Value
.openx.net/ Name: i
Value: 10ebcbb0-3351-41fd-9128-ff86b1d97478|1704985552
.s.id/ Name: __gads
Value: ID=3183911ae35e6426:T=1704985552:RT=1704985552:S=ALNI_Mbg_OQuyZFksp2-Lbk3LODuKFx-jg
.s.id/ Name: __gpi
Value: UID=00000d3f7e5b0432:T=1704985552:RT=1704985552:S=ALNI_Maihy6kA40edsZKfF32XzPErjJJLw
.doubleclick.net/ Name: IDE
Value: AHWqTUmxJUc9fb6ggwj7riKc7RUpQFRshCeFgvTPbYGeRwfVFXZY52GLauP8YL7zaSA
.criteo.com/ Name: uid
Value: 70de24cc-cda4-417f-b96c-dc40b7325c3b
.criteo.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 2138878258236770458
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2GUec^twm!1yIE`fS1ueD1W-044)d+]Uej>r475XEclT+ENY4+xLIun/=M+2ta+2D7iwS9RFMZ9T5_m!wws5)j).d
.casalemedia.com/ Name: CMPS
Value: 3192
.casalemedia.com/ Name: CMID
Value: ZaAD0dcHFZ2HcqrFRAYEugAA
.casalemedia.com/ Name: CMPRO
Value: 3379
.adnxs.com/ Name: XANDR_PANID
Value: AXC4FUOVMTKwoRTYIMxIE2semPwdq6nxXeo3JSuLFrRDrGK_1yBZ6u5F1X5dC1qDHz6ehF-LjM0Bx2kCuFPmCq3ODOiz-7iQHVS2onLotSo.
.s.id/ Name: cto_bundle
Value: MTlIBl8lMkJlUncxQ2tKUldzJTJGUG41JTJGRHhCZjNYc0hudjhDTUlaZThxVVdqVGNtVTNndHklMkY3U001dDJVJTJGYkNCRUFTNFN6NTNqUEJNeGxqWGdRZGZUNEp2akR6RnZIeFBQQ2NIQUFvQ3lGdTJhMkowSlpKZW8zODhCdVI4cVZ5RlV4dk93ZW9GOURYOHhJdUR1d1pyRkRGamxBTG1BJTNEJTNE

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0513f35725dd58de845387f5e94f181a.safeframe.googlesyndication.com
ad.doubleclick.net
bcp.crwdcntrl.net
cdn.id5-sync.com
cdn.jsdelivr.net
choices.truste.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
invstatic101.creativecdn.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
protagcdn.com
s.id
s0.2mdn.net
securepubads.g.doubleclick.net
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
uspsggw.com
www.google.com
13.32.110.114
141.95.98.64
142.250.181.230
142.250.186.98
172.64.151.101
178.250.1.11
18.66.27.84
193.84.85.178
2606:4700:10::6816:3456
2606:4700:20::681a:68e
2606:4700:3037::6815:52fc
2606:4700::6810:5814
2a00:1450:4001:808::2006
2a00:1450:4001:809::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82f::2001
2a02:2638:3::3
34.102.146.192
34.120.107.143
34.96.70.87
35.244.159.8
37.252.171.52
63.32.195.36
0643a303e0cef60efcda5a6d0fab59bf1bb1a926262e640142310004a6d7b0c6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10d03f0913de3fe164a746707b45840e9c28868155c845fe85e95fe8dd2a26fb
148914fac032598dfa94957aee1addc57bff67ba08e902552d4aa42ae7fdf64e
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
2814a8008b87fc53dc0ed19f34ee99ec3c3750b9a0867288345abfd4926bf291
28b31845737b8e6ce773e00185fe739aeef36100a614eacb4562ce5e36494ac1
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3399f73a829693c7f1b48d5165488b2794b4449ba99e71e3965416d80a19e329
3865c0dbe6b11b3a32b8c600acaeda70bae7b1f8287d566bcc0613c217907f2c
39c7c602e0d57a569539f7e8e0b2d75a9f5aa9bb38d59782d2011d9e35c07d77
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43833f13156efe7c6c9ea817e49f2dc6be0a8cc23a714706ac3c0a5091494de6
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4a4e21f4670c234b7c1b19b53f3f97cbc1c4b4c99e6f51e4ebab5a1089a79152
4af2ee59534771e165877474178150e44bbc779bec82aecccd3a1774e80dc382
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6648009549b81e81582f3fb8345dd6305ee4a232fd4eac4fd803a78cb69b0c1a
671fca35d060e3ce06bbe0848b80e47be23f3322befbeb57bbce5d46994c846b
69224ee116924f6bac454f18aa99e451ba24d0398e61430a6b005404154baa7a
87ce3aed2e4d44e8e06ca7612537c91f91b8aad4221b272a7f7e149c02f23519
8bbc9ac2b94c5aa5ea55e687243138595554ba9d78ebb8f78fb8d9dd1601db1b
94383d53523892c0a41947290ad68feb7e82c8b12e1fe0eaef3db0d56799d5da
9bec4810857c8523bd1c6966212260eabb19826bb94394bb19856f7dd92b1c32
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
ae9ec49acaff45c6a341e9a552d546bd6fea845331c314261be35a40c37ddc7f
b011b0f094192790ba1a716df36875dba6032ad8084f6c9303376ab87d1c168b
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b79ebd49ccbd292fcfe434c2c6b67e272b2857f1542a8496c98e3325ded7608d
b7bf4f406f5a9bf165c21dfebea2257eab80882e23e887a24756956daac44373
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
da2ccd06aadf511fb83918286e9154aa7d1d08a5c83d5ddf5a4d6f8d30f9bf58
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8fb0e8f944bee90cdac8070e30a10058d44e6ea1b3828cb3042323b92da23c3