urlscan.io logo urlscan.io
SecurityTrails logo

x.gd Open in urlscan Pro
172.67.140.193  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://x.gd/KFRMi
Effective URL: https://x.gd/view/unsafe/KFRMi
Submission: On November 29 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 22 IPs in 3 countries across 14 domains to perform 93 HTTP transactions. The main IP is 172.67.140.193, located in United States and belongs to CLOUDFLARENET, US. The main domain is x.gd.
TLS certificate: Issued by GTS CA 1P5 on November 17th 2023. Valid for: 3 months.
This is the only time x.gd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

21    172.67.140.193 (United States)

ASN13335 (CLOUDFLARENET, US)
x.gd
1    2a04:4e42::282 (United States)

ASN54113 (FASTLY, US)
polyfill.io
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
19    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
8    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
3    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
13    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    54.78.201.127 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-201-127.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
2    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
4    142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net
cm.g.doubleclick.net
5    172.64.151.101 (United States)

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
4    37.252.171.52 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    173.194.76.156 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f156.1e100.net
bid.g.doubleclick.net
1    2600:9000:20ab:6c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
5    2600:1f18:1aca:4282:714c:c683:9f35:610d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
6    2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f134.1e100.net
ad.doubleclick.net
Apex Domain
Subdomains		 Transfer
32 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
428 KB
21 x.gd
x.gd
437 KB
15 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
bid.g.doubleclick.net — Cisco Umbrella Rank: 802
ad.doubleclick.net — Cisco Umbrella Rank: 154
115 KB
8 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 898
static.adsafeprotected.com — Cisco Umbrella Rank: 587
dt.adsafeprotected.com — Cisco Umbrella Rank: 570
107 KB
6 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
253 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
3 KB
4 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
3 KB
3 gstatic.com
www.gstatic.com
17 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
3 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2462
21 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 212
128 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
90 KB
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1329
633 B
93 14
Domain Requested by
21 x.gd 2 redirects x.gd
19 pagead2.googlesyndication.com x.gd
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
fw.adsafeprotected.com
www.googletagservices.com
13 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
8 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
6 s0.2mdn.net x.gd
s0.2mdn.net
googleads.g.doubleclick.net
5 dt.adsafeprotected.com googleads.g.doubleclick.net
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
4 ib.adnxs.com 3 redirects googleads.g.doubleclick.net
4 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
3 www.gstatic.com googleads.g.doubleclick.net
3 fonts.googleapis.com googleads.g.doubleclick.net
2 ad.doubleclick.net x.gd
2 www.google.com 1 redirects tpc.googlesyndication.com
2 www.googletagservices.com googleads.g.doubleclick.net
2 fw.adsafeprotected.com 1 redirects googleads.g.doubleclick.net
2 www.google-analytics.com x.gd
www.google-analytics.com
1 static.adsafeprotected.com googleads.g.doubleclick.net
1 bid.g.doubleclick.net googleads.g.doubleclick.net
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com x.gd
1 polyfill.io x.gd
93 21

This site contains links to these domains. Also see Links.

Domain
chrome.google.com
Subject Issuer Validity Valid
x.gd
GTS CA 1P5		 2023-11-17 -
2024-02-15		 3 months crt.sh
polyfill.io
Certainly Intermediate R1		 2023-11-12 -
2023-12-12		 a month crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2023-03-29 -
2024-04-27		 a year crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M02		 2023-05-09 -
2024-06-07		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 15 frames:

Primary Page: https://x.gd/view/unsafe/KFRMi
Frame ID: C9CA3A4FBA4FDC4D54AFE674E7625326
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 44F42BAE7A5424D0E85CE11E1ACE91AC
Requests: 1 HTTP requests in this frame

Frame: https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Frame ID: AEE5FDA0FEFEB71BE0AB68AED605F1CE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2737572314184878&output=html&adk=1812271804&adf=3025194257&lmt=1698861239&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FKFRMi&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701280555082&bpp=3&bdt=1335&idt=232&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6758261253955&frm=20&pv=2&ga_vid=214230436.1701280555&ga_sid=1701280555&ga_hid=1274128731&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078019%2C31078297%2C31079722%2C44807749%2C44806141%2C44807763%2C44808148%2C44808284%2C44809072&oid=2&pvsid=2370430761763432&tmod=1057006290&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=240
Frame ID: D649A653D246E41772DD4806666D8956
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 1A11F8474611EB04A1234A767BAA7290
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 319D47B774B14390AE764E74A4BC0C76
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNX14d9MfJ3jkZVPYn2WxTsiHbRHoX24TlQazTNKTro7gIjmTf8OLg9CUe29sO598Cl__W2x9Q1weEzm6AkRYRvXCXJIMqY4fpZKruxHdEurzF1Smvv-4gzdZeKDjBVTf3pvPZf2avqPE_eaM1v4PYN-NnSg9dmD_o9_1fiMogZg2E8Vhv4
Frame ID: 054D3F7A20BB1FD240A11947E1B962F5
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Noto%20Sans%20JP%3A400&text=%E3%81%98%E3%82%8B%E9%96%89
Frame ID: DD01A10A95FF5FAF16EC6BA1FAFF3ED3
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CA62CF1F8CF3A5F928FB5DAEEB4EE2AD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
Frame ID: C08CA1FBFEA3F625F931847F3554C9B5
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: EA13C83ADE16A500451B8668A71B36DF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6A7983AD723F5CB936F6BE7446C1321A
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/index.html?ev=01_250
Frame ID: 3A006EB6A15CBFF5C16F68B6E2EDA62A
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 13957FD77B5A1AD2189B56FF5812B57D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 93E92EF92514ABA082231E6238C93513
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Warning | URL Shortener X.gd

Page URL History Show full URLs

  1. https://x.gd/KFRMi HTTP 301
    https://x.gd/view/unsafe/KFRMi Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

93
Requests

94 %
HTTPS

67 %
IPv6

14
Domains

21
Subdomains

22
IPs

3
Countries

1741 kB
Transfer

4496 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://x.gd/KFRMi HTTP 301
    https://x.gd/view/unsafe/KFRMi Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://x.gd/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Request Chain 43
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&C=1
Request Chain 44
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWd7LKjE1.Te-8Q-uLeq6AAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&google_hm=2
Request Chain 45
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEH---QsbNu4X4LVau2w4t1M&google_cver=1 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH---QsbNu4X4LVau2w4t1M%26google_cver%3D1
Request Chain 46
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIwNzY1NDk5NDY3NTk1ODYwNQ%3D%3D
Request Chain 59
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 62
  • https://fw.adsafeprotected.com/rfw/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20122942208&bidurl=https://x.gd/view/unsafe/KFRMi&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iu0aQIYluvdtPHVxMI9Rmo&adsafe_url=https%3A%2F%2Fx.gd&adsafe_type=y&adsafe_url=https%3A%2F%2Fx.gd%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2737572314184878%26fa%3D1%26ifi%3D3%26uci%3Da!3&adsafe_type=d&adsafe_jsinfo=,id:5e3eef1d-8a7f-ceb7-40ec-8a215e020855,c:vnStDI,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66f6d74bff-pd2kg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:19,oid:8c00b89c-8ee0-11ee-a8fa-727631a743f8,v:19.8.461,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_xappb=

93 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request KFRMi
x.gd/view/unsafe/
Redirect Chain
  • https://x.gd/KFRMi
  • https://x.gd/view/unsafe/KFRMi
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21a570dfff252ca49aae56d195f93e37047314d36f7b5621424836cc25843aba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82dcb9633b8839e0-FRA
content-encoding
br
content-type
text/html
date
Wed, 29 Nov 2023 17:55:53 GMT
last-modified
Wed, 01 Nov 2023 17:53:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIz2ONK2mV68HXDRHthVeCXBmz%2BvWmjElW6ve3AwevKcXlvL8UaQ%2FbEpNr3SZlA9QuF2Zv58jgiy0qH3sF9l77BOW2Nhe%2FysZEQd343pHNeTTp9r8tNS"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, max-age=0, no-cache
cf-cache-status
DYNAMIC
cf-ray
82dcb95f4e1439e0-FRA
content-type
text/html; charset=UTF-8
date
Wed, 29 Nov 2023 17:55:53 GMT
location
/view/unsafe/KFRMi
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ICKM%2FcdOIW0OVrm7NW6RFFh4JrYPGwtgQE39TwlAbfZXM9ioqMb20lAy2pXXVGAZvzcOcWRGJXls1twghzZ0wG0lGHdaxuEd3y95hBJoyjYXZkj3kaIR"}],"group":"cf-nel","max_age":604800}
server
cloudflare
polyfill.min.js
polyfill.io/v3/ 		101 B
633 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?features=URLSearchParams,Object.fromEntries,Object.keys,Object.values
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 29 Nov 2023 17:55:53 GMT
age
797017
detected-user-agent
Chrome Mobile WebView/119.0.6045
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=2
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
120
referrer-policy
origin-when-cross-origin
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
normalized-user-agent
chrome/119.0.0
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges
bytes
timing-allow-origin
*
js
www.googletagmanager.com/gtag/ 		268 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-K53RX1V2LY
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5c1f9d35dd732f0a44e7ef0b8571f387fdaa7b6062d1a085419b678c9465bf35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91474
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 29 Nov 2023 17:55:53 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2737572314184878
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d068108dd8dcc3efd65d6457d37ffcfd5ea5f76e44d65e6d54ab08416d08f2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Origin
https://x.gd
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:53 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52644
x-xss-protection
0
server
cafe
etag
11180658443701873366
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:55:53 GMT
daeb648.js
x.gd/_nuxt/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/daeb648.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9f3f599c8c620303e3ecb3ef4efc57020d6abfde96b1863afee551fcd5d430

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:54 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-9dc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fav0yzwpSffKA2PM%2BrqbUSRhherMmokOZkxkfn2bAC0jf5zuxkljCGiwkpH0vJfXtrvM78B3mJ%2F8IEXPs7qXDnOCV38JwI0dOwxQgf183hkf1Gxvje2h"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9650b87bbec-FRA
alt-svc
h3=":443"; ma=86400
64c8103.js
x.gd/_nuxt/ 		191 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/64c8103.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39488b5646fd7a7ba52a4e1a67c4655730f91b93c6681524e4c581090fabb716

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:54 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-2fb77"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDuw6YLnqCqHxyi3F6En5Tve%2BUyGFaQTwAXtcRrZMCwXQPD82AqAtQQ1M5mFavR2MmrCwglP0DOUqfRqg24%2F12OdPF%2B7XiEDYRG0nuoTAjdZT3IvOR32"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9650b89bbec-FRA
alt-svc
h3=":443"; ma=86400
55d6948.js
x.gd/_nuxt/ 		122 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/55d6948.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9d63d94d11e65be863b3a754ace1b9f2fa71e5e874d7b0ad2ca3e9a831cf3fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:55 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-1e87c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEwoEdYj6QtjjqREnrho90uqgF1NyswLoAOJFQ%2BdpRQtt0kIeSLV9tzwou%2F0Ve5CqlsqWoVRqNvQJYO3od9%2BCbLSCtArMU9sAjlwgjh8X%2FMRM1MvrGK6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9650b8cbbec-FRA
alt-svc
h3=":443"; ma=86400
849cc5d.js
x.gd/_nuxt/ 		706 KB
264 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/849cc5d.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f37fb29719b441eb569ded27a94e405544d3afc1d312167aeb6a3489f4962ae9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:54 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-b0830"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwlAUeMI3V6ROMWnb03ByagcQCP8CN1kTCI02bFL1GjwH%2FQYRbT68KrpajV3NtlK%2BkcWbl1niKNUpVIY%2F8Vp678ilS0n9LDyvUDn1qTPpF%2FVE%2FwC6Bez"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9650b8ebbec-FRA
alt-svc
h3=":443"; ma=86400
5015cbf.js
x.gd/_nuxt/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/5015cbf.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c90d4af4915ff3986649148829d4e4515d61e91b6a4471c9a2cf5c6849776b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:55 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-4291"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnZh%2BLb09baIgwejeLezD8%2F%2FRyxRKYwGTSh3BKLH7ugB5sXk3QwqkyMDGWL%2FMRqJ1u6sZd4gScmYMAIACimEbGsTkMPIzIINRohb8ihkCNUCi49H4wkK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb96d3821bbec-FRA
alt-svc
h3=":443"; ma=86400
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 		397 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2737572314184878
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e9f3470bdfeca4ae148cf2b067558d515d4020453c1c1f61ae4a157d505df7a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:55 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137282
x-xss-protection
0
server
cafe
etag
4617321294700537492
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:55:55 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 44F4 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2737572314184878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5871
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 16:18:04 GMT
etag
16674218716276178799
expires
Wed, 13 Dec 2023 16:18:04 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
main.js
x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/ Frame AEE5
Redirect Chain
  • https://x.gd/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16fb588f02bc378d838d0fd3d9912a3059db287d7275263e14a202db352427bf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:55 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJLcfGPg%2FLFgptqtemLxrDzY2lBjYv%2FY8fSUxkOh9xFuwbsAGuWbULyDdXs116hbqWxyYs6jhpjvwg%2Bk9vp1zzTc1G9Efh12Fhp1P3Ib5lWDfB4d7Mw1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
82dcb96da8c6bbec-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Wed, 29 Nov 2023 17:55:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDDuNnbBhGr074iTc7QQXz9qnGI0Cz%2BFHMWEqnl1EQqWPR%2F1AyjNV81lj9H46REztIWlFoBZOjW%2BI0wxtdsD5wv6OrKUlOxZ4mQUpH2A8REn8i8yncS0"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
82dcb96d787abbec-FRA
alt-svc
h3=":443"; ma=86400
82dcb9633b8839e0
x.gd/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame AEE5 		0
526 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.gd/cdn-cgi/challenge-platform/h/g/jsd/r/82dcb9633b8839e0
Requested by
Host: x.gd
URL: https://x.gd/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 29 Nov 2023 17:55:55 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEBurU2PUPnih8nxact1IQFrL3B8ebXFmoxV2SymhSKpg2RHLTuSUBxWDlrvbL4MZKaQYJYIcEYfBKvQjrK1kmY%2By%2F72P7Eph2bguTlX2r5qdpyOuqn%2F"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82dcb96e49afbbec-FRA
alt-svc
h3=":443"; ma=86400
ads
googleads.g.doubleclick.net/pagead/ Frame D649 		240 KB
64 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2737572314184878&output=html&adk=1812271804&adf=3025194257&lmt=1698861239&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FKFRMi&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701280555082&bpp=3&bdt=1335&idt=232&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6758261253955&frm=20&pv=2&ga_vid=214230436.1701280555&ga_sid=1701280555&ga_hid=1274128731&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078019%2C31078297%2C31079722%2C44807749%2C44806141%2C44807763%2C44808148%2C44808284%2C44809072&oid=2&pvsid=2370430761763432&tmod=1057006290&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=240
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4434cd171e26af96309258c00db412d732eebeead23c7703e50906e7e5dc6d2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
65028
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:55:56 GMT
expires
Wed, 29 Nov 2023 17:55:56 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/55d6948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 29 Nov 2023 17:49:38 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
377
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 29 Nov 2023 19:49:38 GMT
collect
region1.google-analytics.com/g/ 		0
247 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-K53RX1V2LY&gtm=45je3b81v9102618407&_p=1701280555848&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=214230436.1701280555&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEAE&ngs=1&_s=1&sid=1701280555&sct=1&seg=0&dl=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FKFRMi&dt=URL%E7%9F%AD%E7%B8%AE%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9%20X.gd&en=scroll&_fv=1&_ss=1&epn.percent_scrolled=90&tfd=3098
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K53RX1V2LY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://x.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo.svg
x.gd/img/icon/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.gd/img/icon/logo.svg
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
336951503a0ffc84310fb5345be5eaa6f9d8a2bdfad0dae493cf3abce96b425f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290ac-67c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGUS9oMs7dV02LWWiRmHCj9X%2F1OrEEa03S5MHFQcOBt%2FbjDZ7tc28L8gwsWk2AcFfHkIcaqIt0pJ%2F%2F7vUuw8kPp3o%2FZgtvFmlSg7tCrY5ldEr8pZ3ns5"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
82dcb9726f64bbec-FRA
alt-svc
h3=":443"; ma=86400
settings.svg
x.gd/img/icon/ 		587 B
785 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.gd/img/icon/settings.svg
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a9ff32d85258ef227ddc9a6763db635f084caaaaded2d4b28bb98ea0b1253c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b7-24b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y46X3XveM8z5cNM2uEfZopBNADuoBHE6Z7ILGGur43MqSHu7Qko6Z6%2FuQuy0NFTO1ZgoHXCIZuTm4O99X7GaaoyfnpErsalmd24bnO24wBF25YijdifQ"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
82dcb9726f67bbec-FRA
alt-svc
h3=":443"; ma=86400
auth
x.gd/api/V1/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.gd/api/V1/auth
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/64c8103.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d22f23627d7246a166137a961dc64170ac0ba89c18f4d7e33d120b2a883a02bd

Request headers

Accept
application/json, text/plain, */*
Referer
https://x.gd/view/unsafe/KFRMi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h1yvHb1zyN%2F2C2zWQXvvd%2FRH8xiAWmRLHCE1R0AIAf%2ByPnb4llzTJAugM%2Fr0aHun%2BCoQD7Goc%2FfoezCm6IjPEp5Md5kjlf5ZOCSX8iGuxjjSLRn1emzm"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
cache-control
no-store, max-age=0, no-cache, no-cache
xacas
Rg2VUOxhkNyBaOypkJ0KDMjRUZ2VaZmCkZaZaZjWHPmeUAkAUZ0FUAzZEOiKXN3VUOjpkJaKzf
cf-ray
82dcb9727f7abbec-FRA
alt-svc
h3=":443"; ma=86400
178999a.js
x.gd/_nuxt/ 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/178999a.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a932604416230684537f03bc523f1b5da6b10b7ee5be83e8b451f0bd8a59acd0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-daed"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awRygZctDR8j5gUoBMlNyREiaVP2Fz3uaS1NmSk2qyAR7%2B%2BuXDGkHSVy%2BFkkw6tcVekHKz5jMcadRovfngz43cgR1lheJnUyFLASMGED8S8XGyxfsOJa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fb8bbec-FRA
alt-svc
h3=":443"; ma=86400
56264b2.js
x.gd/_nuxt/ 		32 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/56264b2.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
899af7118726b26033f0cfcd94aa35343a8855b928a40cadc16c1a0ce5419997

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-802d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5oLIE0G2vbcLW06fsI%2BGqTF0xAnkV3UC9pNlWFDHX%2BkAlwVEELxRCWAn6AJwiicaz5LJHBHGW9qnj1lJfMMJtu1yJMIhF4G6a%2BDipqdKdzNv%2BveboW%2Bm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fbabbec-FRA
alt-svc
h3=":443"; ma=86400
57c82bd.js
x.gd/_nuxt/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/57c82bd.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c6a5bb37520d3802bf344e433669d6f795ca3f003e7564e4ae82db7714429bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-6c94"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DvYjlCe1ilCcHNYBByKI8BSHKw%2FotxTv4rWlQ0diy%2BdV7XkF7uKodKOu2sD1kElQg3uW4Ng9yWVAqzgh4vJa1KpKQ1aA7rt4e2XvPD0bKI%2FL1nJhBoVY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fbbbbec-FRA
alt-svc
h3=":443"; ma=86400
18ff7cd.js
x.gd/_nuxt/ 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/18ff7cd.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b7fc41884f9369db038e9beb5a7c7bf2d754a1032e3c67a9b5e5fbd530cad07

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-74d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCRn7C9rx532gdbc%2FikTwE%2FsLEQ1b18Zj0OL6gfdXXc346cDn8FVgFbikMoBUBxp6dkOAuSPX2FjO1YCBez3Oj3wZBN7U63o63ParyjmaYkatNthpaOX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fbdbbec-FRA
alt-svc
h3=":443"; ma=86400
15b80ae.js
x.gd/_nuxt/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/15b80ae.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
943e9b87328e617dc5dde0f272231be8ac51d8f3d54ae169b47b4b87093e03bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-338c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XuR2d%2BjvEWzyA4jkCP6z59yHm%2FnWOE7DiBpArgAGxZ38Uje9JN4398Iu8O9ez%2BWtM6yQ%2FbKogXNiySUvEsQmd%2BA6r3CeNctAtIXoG4IhSD1ujUat7s%2Fs"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fbfbbec-FRA
alt-svc
h3=":443"; ma=86400
4248dea.js
x.gd/_nuxt/ 		27 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/4248dea.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8ed9cfdb3caea0b6f5cfa91df5aa6f1861e760115db0cc1901c90fb69069609

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-6ce1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ul0llwWyBb4Kqy5sDXCDExPI87KubOUKBcU1K6Mxav1p8UERneA2pJFY4xZQ%2F3UpMBvSLDJBup6QmQFPHRXM7cG4AJ91ejl19cDFuKaeg2MMU%2FkDUucz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fc0bbec-FRA
alt-svc
h3=":443"; ma=86400
c33eb82.js
x.gd/_nuxt/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/c33eb82.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
563a21af7d066a5ed2d05357428e1b96508f9c9e23a39b560ab9fa8fe92f1591

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/view/unsafe/KFRMi
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-47fa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=japtBI8cY9QG%2Buzr4d9Dgt9Zx4HRmQBahCr7uGP91vlIj9Ji5G%2FLR1aTE4c%2FzonHC%2FZWHppcZP5SSY1ZTaZUnCoxszNaIndSbR%2B6Y1akGEki8R93qO2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dcb9729fc1bbec-FRA
alt-svc
h3=":443"; ma=86400
collect
www.google-analytics.com/j/ 		3 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1274128731&t=pageview&_s=1&dl=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FKFRMi&dp=%2Fview%2Funsafe%2FKFRMi&ul=en-us&de=UTF-8&dt=Warning%20%7C%20URL%20Shortener%20X.gd&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABEAAAACAAI~&jid=869871125&gjid=479809425&cid=214230436.1701280555&tid=UA-154998386-2&_gid=1776907300.1701280556&_r=1&_slc=1&z=228311901
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://x.gd/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://x.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 		160 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
221da66e36e898a365bde9873223eeb63539a18dae9f4ecde31e90f1bb106a1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55853
x-xss-protection
0
server
cafe
etag
1427650917797119087
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:55:56 GMT
info
x.gd/api/V1/ 		78 B
488 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.gd/api/V1/info
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/64c8103.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e48df3857bfd7f796133deda147f01e73bd63b5b73457861c2d968c6c2e1378d

Request headers

Accept
application/json, text/plain, */*
Referer
https://x.gd/view/unsafe/KFRMi
xacas
{"s":"5571ba462e14a6ce7e8ebc63b0ec56a4","t":1701280556}
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7hIPb%2BiT7F8IFfNuUM3OhJKXybT3ao4ubaZaRwNKSAioISGPiHCmILeM1MVRKEclWQoHDdqLmnfxn9nMQ9ES8xyJLBkiKgT%2FDvmaNHRKG1Pw6wNn0S1"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
cache-control
no-store, max-age=0, no-cache, no-cache
cf-ray
82dcb9762ca0bbec-FRA
alt-svc
h3=":443"; ma=86400
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 1A11 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
75939
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Nov 2023 20:50:17 GMT
etag
16674218716276178799
expires
Tue, 12 Dec 2023 20:50:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 319D 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
75939
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Nov 2023 20:50:17 GMT
etag
16674218716276178799
expires
Tue, 12 Dec 2023 20:50:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
css2
fonts.googleapis.com/ Frame 1A11 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 16:30:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:55:56 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1A11 		205 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:28:44 GMT
x-content-type-options
nosniff
age
1632
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 28 Nov 2024 17:28:44 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1A11 		604 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:31:31 GMT
x-content-type-options
nosniff
age
5065
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 28 Nov 2024 16:31:31 GMT
fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 1A11 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 23:27:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
66535
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6702
x-xss-protection
0
server
cafe
etag
11213825687312121238
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 23:27:01 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 1A11 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 03:59:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
50183
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8781
x-xss-protection
0
server
cafe
etag
9666818975682992898
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 03:59:33 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 054D 		624 B
246 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNX14d9MfJ3jkZVPYn2WxTsiHbRHoX24TlQazTNKTro7gIjmTf8OLg9CUe29sO598Cl__W2x9Q1weEzm6AkRYRvXCXJIMqY4fpZKruxHdEurzF1Smvv-4gzdZeKDjBVTf3pvPZf2avqPE_eaM1v4PYN-NnSg9dmD_o9_1fiMogZg2E8Vhv4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:55:56 GMT
expires
Wed, 29 Nov 2023 17:55:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 319D 		92 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32789
x-xss-protection
0
server
cafe
etag
17194431578830737671
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:55:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 319D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AqEXxHX-sCTQDVd7Ms8hu32VJ2VpqwKJQl8p1aHzi5S73gKu2-vKciLwDKcNLL9qfGy-Q0rNvB-k-7Uyv5Gz5oBoj2Sv7U1C4J1sKzSu20NeMReUU
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 319D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=355402137168217447&x=1&ct=76
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adj
fw.adsafeprotected.com/rjss/bgd/1474271/76103297/xbbe/creative/ Frame 319D 		263 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20122942208&bidurl=https://x.gd/view/unsafe/KFRMi&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iu0aQIYluvdtPHVxMI9Rmo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.78.201.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-78-201-127.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
676683a0ef65d0f571f3712693d00456c87255ba844256f80f67a4bdd86f3496

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 319D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 12:41:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
18877
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 12:41:19 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 319D 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 23:16:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
67138
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 23:16:58 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 319D 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65070
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700193896630564"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:55:56 GMT
rum
dsum-sec.casalemedia.com/ Frame 054D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&C=1
43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNX14d9MfJ3jkZVPYn2WxTsiHbRHoX24TlQazTNKTro7gIjmTf8OLg9CUe29sO598Cl__W2x9Q1weEzm6AkRYRvXCXJIMqY4fpZKruxHdEurzF1Smvv-4gzdZeKDjBVTf3pvPZf2avqPE_eaM1v4PYN-NnSg9dmD_o9_1fiMogZg2E8Vhv4
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WeZMo%2FK3FdDOe5AD1MRMeQx60PdpQozhC%2Fgatb%2BoOd4jk2NIs%2FQ8C2ss2iRyaVu0eylGKOYg3Q6HfYQnZBpLgeCZp2e2SLL3N9MVroEHNvb%2FUcq9v%2FcH8H2BgVUMuTqkA0BJCXw1N0R%2B0w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82dcb978790e71af-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WUXSbAMSgUx80zRy%2BrWXh23gIgNq%2B5RW1DyzgGCFGFY1LrVONbREdLoW6ZhyeQmWk85MOEPs013ik6%2FH%2FzSM0stbNaCdzEND7%2FrAbyB7IwrK9If0nHKFHNyT4KGtlc10HpMX4UnZCKc%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&C=1
cache-control
no-cache
cf-ray
82dcb9782cf230e7-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame 054D
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWd7LKjE1.Te-8Q-uLeq6AAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&google_hm=2
43 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNX14d9MfJ3jkZVPYn2WxTsiHbRHoX24TlQazTNKTro7gIjmTf8OLg9CUe29sO598Cl__W2x9Q1weEzm6AkRYRvXCXJIMqY4fpZKruxHdEurzF1Smvv-4gzdZeKDjBVTf3pvPZf2avqPE_eaM1v4PYN-NnSg9dmD_o9_1fiMogZg2E8Vhv4
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNjvGPoBNfImoGDMscAlTbKXQwlsDsW18RQ9veXfNUoqsIcYgcX0Zb0Qi1CP%2BkWvfqC57aL992e4k1FJfeEHAJn%2FBI3AKkSJK6Jno8Lb%2BfdbtvDw%2B%2BsQAooqucCs%2FuA3WV2hoTC72TCDEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82dcb978b94971af-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYaU_SUwXin0yNwmuerwaU&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bounce
ib.adnxs.com/ Frame 054D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEH---QsbNu4X4LVau2w4t1M&google_cver=1
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH---QsbNu4X4LVau2w4t1M%26google_cver%3D1
43 B
897 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH---QsbNu4X4LVau2w4t1M%26google_cver%3D1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNX14d9MfJ3jkZVPYn2WxTsiHbRHoX24TlQazTNKTro7gIjmTf8OLg9CUe29sO598Cl__W2x9Q1weEzm6AkRYRvXCXJIMqY4fpZKruxHdEurzF1Smvv-4gzdZeKDjBVTf3pvPZf2avqPE_eaM1v4PYN-NnSg9dmD_o9_1fiMogZg2E8Vhv4
Protocol
H2
Server
37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
an-x-request-uuid
5d8b87ad-ee62-49fd-91e8-8ab74b4fc564
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
84.19.175.183; 84.19.175.183; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
an-x-request-uuid
902f8053-9cfd-4733-8afe-71c60a102da5
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH---QsbNu4X4LVau2w4t1M%26google_cver%3D1
cache-control
no-store, no-cache, private
x-proxy-origin
84.19.175.183; 84.19.175.183; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 054D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIwNzY1NDk5NDY3NTk1ODYwNQ%3D%3D
170 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIwNzY1NDk5NDY3NTk1ODYwNQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNX14d9MfJ3jkZVPYn2WxTsiHbRHoX24TlQazTNKTro7gIjmTf8OLg9CUe29sO598Cl__W2x9Q1weEzm6AkRYRvXCXJIMqY4fpZKruxHdEurzF1Smvv-4gzdZeKDjBVTf3pvPZf2avqPE_eaM1v4PYN-NnSg9dmD_o9_1fiMogZg2E8Vhv4
Protocol
H2
Server
142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
an-x-request-uuid
59b307fb-9716-437b-800f-e5a16a5e1d40
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIwNzY1NDk5NDY3NTk1ODYwNQ%3D%3D
x-proxy-origin
84.19.175.183; 84.19.175.183; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
css
fonts.googleapis.com/ Frame DD01 		249 B
341 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto%20Sans%20JP%3A400&text=%E3%81%98%E3%82%8B%E9%96%89
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0bb5af18639dfc54932f4340945c1dceeb1e5aac5933b578f2ab597f29137599
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 17:55:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:55:56 GMT
css
fonts.googleapis.com/ Frame DD01 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 16:25:58 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:55:56 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DD01 		2 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
7467
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 15:51:29 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame DD01 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 07:50:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
36308
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 07:50:48 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame CA62 		143 B
166 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2079
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:21:17 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DD01 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 12:41:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
18877
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 12:41:19 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DD01 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 23:16:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
67138
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 23:16:58 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame DD01 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65070
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700193896630564"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:55:56 GMT
a6de5423b7c632060e8f86136bd5d27a.js
www.gstatic.com/mysidia/ Frame DD01 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:09:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
114401
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15478
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 14:10:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 26 Feb 2024 10:09:15 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 319D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2646854507007&version=m202311060101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 319D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2646854507007&version=m202311060101&ct=76&x=1&cor=355402137168217500
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 319D 		16 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CwcYrRhDohaj28CRb2C15UHJV5QVZVv_doynpZ722WTRaPZ7-GT6jFcAvhT1X3A2QPsYtZeuFIp3RNBx9bOqXYNdwMUTjPnMnyqBiJ7dmpRDd82vDt98HeLESFcxFjWZ2DjhoaKKA2hvJ7ErB4qK0cWQilkaLyFX_f3GCj6Pe-Qh6zrOg&cry=1&dbm_d=AKAmf-Dc2plr1HZL6xrk45l-_9yEODpRjaJjiWD2Smb9dRwDtp-Aw77_mH2FcDGRTATFciKXNOtO_3hfldT4jweOdLLXZyr0HSMstWM-4YMt9Q7G2tMtszMBYBTPUMNxnZ5XE2FmZmdZ9luStOkxsGxfiHotgcvhlDccfcChgEfsFv876v0wsuBlQnOJrWztq2HhF8FyitFXdupdo_e4JkURvzWSKOTlKAN1JlXHv5GtvwBe-eQfywCkIiQfshwV_89NjndDcVXPfHIgqt9eEglKCIGiiWvaccsXEWskyNvK_-cBHF1KcPg08P8GOpfbrwD4LLHqvECkasNxtCjTWGzCc83pas5Wq3EAup9oK_oj76tFIJQOfb5v8tU5dGDE52TlkTYFNOS76fjkTY0OcbtKyoJH8Ju50Y9KXxhA2WvTa72qWqbHjnvss1swg0KvOzqSpBm60fU9auWMoz7U_t3i9A5cxsureuL9RfXL_PExCHCNpuRmYcXJs1U2kONb0m8lLfR-jaSIgINmWcsUbDWtPJvDnTLrEak5NUGCy2VYse5JG_h2B_hrEOBVDxdppRyyCmDxtgWHDgNhMjWlojabAsbKNy7bBowDxazjFLF3nrEB2hGxjOExfPkIJxwsPLwds20jRSyUnvA29EhOM_CkitDSlRjMVvhl7LJXElW-geaOH5xLSwsK_sOjy4YO3nJXkViJjCsaaSzGHT7MeCQ-g2uNRDhYt5NjLmZup-zhT91YtQFG9BoQ-sQj9bMW0f9Km_BAA7ThTmYtSNNgihQCDwq-v9bdrEbwdhDwgM0U35p8YUkoEcf6tAHvuw_Hp6aMYpkh-_U3AwppCGMZEgyGJ0tk59E1N5BkCRlZuuWBzgiU2AL84yNm02fzcDk4SZ2GFeTySkYlbFckpxU3iXM40Bd96zy0eq-U8sSbLwnRHrm254iriSSreHuUDbJsrbmIohKLwnsr1gZCjd7GknOjHeZynCSRmgsfHe_mIclLxqRwROcM5HOXwAnxa7io9zaKGW1YPrDnvIrEQyZNGyYRe61l_MCwgcksLJSwhDWNdduSO7equ1DiAj6tJ2Esro105Dm6bwLwZl4slBp_CSSzrkoheG6MYx-zBujO7JIp6xtov_oUE4kR9GkOADp0mUsEBKG_2unDifpKT8dvxf_ZFgMRfIb4HWOx_FNU-vlAjkrxWv7vhY-rxL1-H-20LvUYvLELXxKWuS5771DRqZ2YEyVksaFjeXUDP0euiw3GAR_H6nPERPXPr_MIaJYyQZoPEuUl1TXHjAd2T5qz2_aFAqkzIPkfO5La-D5Y81CPZqsqYyLiuFAJdjfIXrHQsNgTbSDdFUg9MEgrT16lCqsD0dsVV_wULqyChX-X4LEsY7-LRiMbhACKDGgsYtGsIYAbie7FtgClZOrHy3Yq8zZgKZcQckE0Ps_3SX7xAusw5QuU9gugOgcLkQ_7rUZZIaeEumhlYRDVuuHQ7oWoapX6TiwZF9fFHb5F4SKUe9HXc9uQPoMFz8Vi3mOJJlkaKHbKa0Z0YYuTvAH46cElB2n1sSTYdJRY_NgkIX5ZnIHuhAZENr3-L3bdESkIKh8Bf34pkhOpsrIoHzsFpw5Bd0y1DGU1dADc3DKYSaEYp7cbydmRo9xqxeGWKFAO5l9IQuCAgp5rBajmU9RBOdYEa-c5xcuZAmgp8yX6oeDUqzq2KmK2MfKBoSq1oglJekYtWJ7LvSpXHzeWNBeLMEaCmFWgWVt9kMOV-bw2biU0K99L8InJFHA_5OtOwIcM-5BZGR5v5VmkXK_vpU_IZEbFrOVDtZtUxJcFqdyhI3qACj6wIhdmsEazmd3SEaQCJZje22uXh_VOp8V0qVrxlsloc-dsbkYVlYFmqtwDFF6ax1i-E3-1q-WS5uVVQazckjBd0Dh4dyicinzJufeQSEoSOyQbp7CgUYRrh55wno8hz7Slu3EgfOJv1IFynUd6JZ4nM-vBPP0WS1U-aTMM8rU9Mte3zBPPyprb94tMvYK6Z5iA_1y1XPy9aJzZ4p37tQZwh1pP9UhC3f3mVt0Ex2JdtCsdUEhWqXtVG2kEKSnbBbaZBlbccjIJ45a2JxdLD3HKpavFJ7hVeSSOFixc656gnGvcHyVqn77raPguWK8Shz648zQRZPxrYinIJ8b1NQkff0bNp5krX7VUIVKH05JjJg-ytkJsdq5rW1eNh1924mXEF9OQCaZOZuD8EZPxDwPIa_yKJgVObhVxwSGYVlAswS0hJptdq73vHpwtdKLkGIdiENs0PDJHVCjn0eAvmFBYxbrrAoqW3wgmJR6R226syHhpzk_1I4-K5FiBo0i6fz0gwrgp3YsN4i2MQ-jaJ7D8fopJkx9F0dUFSQtqi_EGeO7V1NocWrNSkoaMuFPcCy6a7ul2aD5m-6GyZ8_KWA_O53Gi3lDUpsuLuFWzGqP9nv1E_C-xxqhD_uWy1duAFZwEfPtcUwM0ALBt1_E2G7Uyxpawy7inNiu5-rz0B-ggHduDxzwIsdK6WNML8Bvdl2b2TQcbdlF7AN3JB-trVqTjCx0m6DtLXeSPCLnNFd3brjOIZATHuuOZHTJ356Ki_P71EQNqA8uJatx5H_dSR6b48d0OMur7oS7JcGRBtGnqPiISUcZiAoWIpvJiS-wCQKsNnQjw32vj2kz0XLhaf1tLdJ0ylYq12jcPkTx-ZPW6wleUF2nCakqhpBVuN6bvW_ywGpgiOHJ0TSzvb-q7H8_oI_Kf2mFwKrstfgEHp9N2yWNxyqC_KZ_ydAyVn6XIwvDU2oyO8d61V-pJX76R54xVBV81_Kr-lv40SBUXkA_mexHeTwM4oTIx_t4jpT-00vEYAG8FlAA-R2vhXw9lHyGNZg650wmDt9z43AXGUS_lsXv-U5SimXKefCwEs2jpiqUzjCrC94fBlTc8jOaoMDZ1jJyL8hKuxdqKI-zCZdUc5iVfz-xxoGRUog&cid=CAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgB&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fx.gd%2F&ds=l&xdt=1&iif=1&cor=355402137168217500&adk=532903677&idt=120&cac=0&dtd=14
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e927d2f2837477e9450dae0b7d822a7425f5ba56996f118b991aaf7e84d8be1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12420
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame CA62
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:55:56 GMT
expires
Wed, 29 Nov 2023 17:55:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:55:56 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
pagead2.googlesyndication.com/bg/ Frame C08C 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 23:16:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
499179
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15097
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 22 Nov 2024 23:16:17 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 319D 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CwcYrRhDohaj28CRb2C15UHJV5QVZVv_doynpZ722WTRaPZ7-GT6jFcAvhT1X3A2QPsYtZeuFIp3RNBx9bOqXYNdwMUTjPnMnyqBiJ7dmpRDd82vDt98HeLESFcxFjWZ2DjhoaKKA2hvJ7ErB4qK0cWQilkaLyFX_f3GCj6Pe-Qh6zrOg&cry=1&dbm_d=AKAmf-Dc2plr1HZL6xrk45l-_9yEODpRjaJjiWD2Smb9dRwDtp-Aw77_mH2FcDGRTATFciKXNOtO_3hfldT4jweOdLLXZyr0HSMstWM-4YMt9Q7G2tMtszMBYBTPUMNxnZ5XE2FmZmdZ9luStOkxsGxfiHotgcvhlDccfcChgEfsFv876v0wsuBlQnOJrWztq2HhF8FyitFXdupdo_e4JkURvzWSKOTlKAN1JlXHv5GtvwBe-eQfywCkIiQfshwV_89NjndDcVXPfHIgqt9eEglKCIGiiWvaccsXEWskyNvK_-cBHF1KcPg08P8GOpfbrwD4LLHqvECkasNxtCjTWGzCc83pas5Wq3EAup9oK_oj76tFIJQOfb5v8tU5dGDE52TlkTYFNOS76fjkTY0OcbtKyoJH8Ju50Y9KXxhA2WvTa72qWqbHjnvss1swg0KvOzqSpBm60fU9auWMoz7U_t3i9A5cxsureuL9RfXL_PExCHCNpuRmYcXJs1U2kONb0m8lLfR-jaSIgINmWcsUbDWtPJvDnTLrEak5NUGCy2VYse5JG_h2B_hrEOBVDxdppRyyCmDxtgWHDgNhMjWlojabAsbKNy7bBowDxazjFLF3nrEB2hGxjOExfPkIJxwsPLwds20jRSyUnvA29EhOM_CkitDSlRjMVvhl7LJXElW-geaOH5xLSwsK_sOjy4YO3nJXkViJjCsaaSzGHT7MeCQ-g2uNRDhYt5NjLmZup-zhT91YtQFG9BoQ-sQj9bMW0f9Km_BAA7ThTmYtSNNgihQCDwq-v9bdrEbwdhDwgM0U35p8YUkoEcf6tAHvuw_Hp6aMYpkh-_U3AwppCGMZEgyGJ0tk59E1N5BkCRlZuuWBzgiU2AL84yNm02fzcDk4SZ2GFeTySkYlbFckpxU3iXM40Bd96zy0eq-U8sSbLwnRHrm254iriSSreHuUDbJsrbmIohKLwnsr1gZCjd7GknOjHeZynCSRmgsfHe_mIclLxqRwROcM5HOXwAnxa7io9zaKGW1YPrDnvIrEQyZNGyYRe61l_MCwgcksLJSwhDWNdduSO7equ1DiAj6tJ2Esro105Dm6bwLwZl4slBp_CSSzrkoheG6MYx-zBujO7JIp6xtov_oUE4kR9GkOADp0mUsEBKG_2unDifpKT8dvxf_ZFgMRfIb4HWOx_FNU-vlAjkrxWv7vhY-rxL1-H-20LvUYvLELXxKWuS5771DRqZ2YEyVksaFjeXUDP0euiw3GAR_H6nPERPXPr_MIaJYyQZoPEuUl1TXHjAd2T5qz2_aFAqkzIPkfO5La-D5Y81CPZqsqYyLiuFAJdjfIXrHQsNgTbSDdFUg9MEgrT16lCqsD0dsVV_wULqyChX-X4LEsY7-LRiMbhACKDGgsYtGsIYAbie7FtgClZOrHy3Yq8zZgKZcQckE0Ps_3SX7xAusw5QuU9gugOgcLkQ_7rUZZIaeEumhlYRDVuuHQ7oWoapX6TiwZF9fFHb5F4SKUe9HXc9uQPoMFz8Vi3mOJJlkaKHbKa0Z0YYuTvAH46cElB2n1sSTYdJRY_NgkIX5ZnIHuhAZENr3-L3bdESkIKh8Bf34pkhOpsrIoHzsFpw5Bd0y1DGU1dADc3DKYSaEYp7cbydmRo9xqxeGWKFAO5l9IQuCAgp5rBajmU9RBOdYEa-c5xcuZAmgp8yX6oeDUqzq2KmK2MfKBoSq1oglJekYtWJ7LvSpXHzeWNBeLMEaCmFWgWVt9kMOV-bw2biU0K99L8InJFHA_5OtOwIcM-5BZGR5v5VmkXK_vpU_IZEbFrOVDtZtUxJcFqdyhI3qACj6wIhdmsEazmd3SEaQCJZje22uXh_VOp8V0qVrxlsloc-dsbkYVlYFmqtwDFF6ax1i-E3-1q-WS5uVVQazckjBd0Dh4dyicinzJufeQSEoSOyQbp7CgUYRrh55wno8hz7Slu3EgfOJv1IFynUd6JZ4nM-vBPP0WS1U-aTMM8rU9Mte3zBPPyprb94tMvYK6Z5iA_1y1XPy9aJzZ4p37tQZwh1pP9UhC3f3mVt0Ex2JdtCsdUEhWqXtVG2kEKSnbBbaZBlbccjIJ45a2JxdLD3HKpavFJ7hVeSSOFixc656gnGvcHyVqn77raPguWK8Shz648zQRZPxrYinIJ8b1NQkff0bNp5krX7VUIVKH05JjJg-ytkJsdq5rW1eNh1924mXEF9OQCaZOZuD8EZPxDwPIa_yKJgVObhVxwSGYVlAswS0hJptdq73vHpwtdKLkGIdiENs0PDJHVCjn0eAvmFBYxbrrAoqW3wgmJR6R226syHhpzk_1I4-K5FiBo0i6fz0gwrgp3YsN4i2MQ-jaJ7D8fopJkx9F0dUFSQtqi_EGeO7V1NocWrNSkoaMuFPcCy6a7ul2aD5m-6GyZ8_KWA_O53Gi3lDUpsuLuFWzGqP9nv1E_C-xxqhD_uWy1duAFZwEfPtcUwM0ALBt1_E2G7Uyxpawy7inNiu5-rz0B-ggHduDxzwIsdK6WNML8Bvdl2b2TQcbdlF7AN3JB-trVqTjCx0m6DtLXeSPCLnNFd3brjOIZATHuuOZHTJ356Ki_P71EQNqA8uJatx5H_dSR6b48d0OMur7oS7JcGRBtGnqPiISUcZiAoWIpvJiS-wCQKsNnQjw32vj2kz0XLhaf1tLdJ0ylYq12jcPkTx-ZPW6wleUF2nCakqhpBVuN6bvW_ywGpgiOHJ0TSzvb-q7H8_oI_Kf2mFwKrstfgEHp9N2yWNxyqC_KZ_ydAyVn6XIwvDU2oyO8d61V-pJX76R54xVBV81_Kr-lv40SBUXkA_mexHeTwM4oTIx_t4jpT-00vEYAG8FlAA-R2vhXw9lHyGNZg650wmDt9z43AXGUS_lsXv-U5SimXKefCwEs2jpiqUzjCrC94fBlTc8jOaoMDZ1jJyL8hKuxdqKI-zCZdUc5iVfz-xxoGRUog&cid=CAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgB&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fx.gd%2F&ds=l&xdt=1&iif=1&cor=355402137168217500&adk=532903677&idt=120&cac=0&dtd=14
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
431449
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 18:05:08 GMT
adj
bid.g.doubleclick.net/xbbe/creative/ Frame 319D
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowh...
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqg...
73 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_xappb=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Server
173.194.76.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ws-in-f156.1e100.net
Software
cafe /
Resource Hash
0a857615bfeb6dcd9ddb7280c94c86d0df0be887f89bbdf4d654cd0a3d96d5e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25822
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
server
nginx
x-server-name
app03.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_xappb=
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame EA13 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ab:6c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 3ab47e7bb911be04b665845f18319950.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P3
age
8070529
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
c2Ev1f1n8bA5PC-xz5T4RsXdE7R3zfdpwaxtcJdPzceg5uBHeuLdXw==
dt
dt.adsafeprotected.com/ Frame 319D 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=5e3eef1d-8a7f-ceb7-40ec-8a215e020855&tv=%7Bc:vnStE8,pingTime:-3,time:45,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:45,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B37~0%5D,as:%5B37~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:714c:c683:9f35:610d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
server
nginx
x-server-name
dt20.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 319D 		43 B
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=5e3eef1d-8a7f-ceb7-40ec-8a215e020855&tv=%7Bc:vnStE9,pingTime:-6,time:46,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B38~0%5D,as:%5B38~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&tpiLookup=ao:x.gd*&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:714c:c683:9f35:610d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
server
nginx
x-server-name
dt21.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 319D 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=5e3eef1d-8a7f-ceb7-40ec-8a215e020855&tv=%7Bc:vnStEd,pingTime:-2,time:50,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:544,beZ:545,mfA:548,cmA:549,inA:550,inZ:553,prA:553,prZ:558,si:563,poA:564,poZ:586,cmZ:586,mfZ:586,loA:590,loZ:592,ltA:593,ltZ:593%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:50,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:20,sinceFw:29,readyFired:false%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:714c:c683:9f35:610d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
server
nginx
x-server-name
dt06.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 6A79 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
311837
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 26 Nov 2023 03:18:40 GMT
expires
Mon, 25 Nov 2024 03:18:40 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 6A79 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 15:18:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
9476
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Nov 2024 15:18:01 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6A79 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BxvigLHtnZeyxM5WdjuwP25uHgA4AAAAAOAHgBAI&bg=!FRalFlnNAAZxrfrxUa07ADQBe5WfOG99EJMpdozgHxR34_S4_BVi5o7ZwgEobQh2VpgGm_D4jy-6WnsIDJ9Vrh94fPzpAgAAAD1SAAAAAmgBB5kC1-qzIxPJg2Qs_beboyesA5o88sxHcTYuopbvkkWdff_o8lr-d69q19d4boQHLaqpWFZ0Xnxs-Gsq-8xOhRrWfrrTs-KqumtwnCPxGbGNukocOfRZ_SMhz_D6GiO1GHmWqWraQcr8bdOu_cQ2Af6gjcgL4bHQJOQdcbv5QnvoNjZYC2QDU-5mnV8O8xa_70zdazu2XdLNEnlmICQsruzZK96oKxhhLfRzRQxa6gmSD-LsN3PsIAnnrHIjQQ4cdNFQHQCp63D8Ecx_BcGzI4QGWsZHNPihNyROmHoQr3jal_1hho0uS-F4yg2HTkeX8jWTInkmjoiLUS_rKJYqO93DRt8fdJMQwJ-F96ahXA51GOSg7-2oUs0Wll5y1HsRcQdrSYbY5OnviLqpweLWvRPt2TEePCihejw-vMhOOrbks_W1q-s6je9YfnxYRkBRu_jvhGH4JmlwnIfaRoyp6wQdh4eqiOBAUweL2Y3a1Kp4JXw6MGmHSLWjkY-nRD2CIkeJyN388Xs0R7JfD7YVT_z64Q6S3NB1QW3aCXcEmasMwKDaHXXy0FLGaE0YhLGUWAwQlcZg7O_gTezY009mZJQyer0tNOGvBm2CfXeOkvQ3aYkCzvIx8gaYohVo_3Xn15uAfKbFEHY5sAYmn8cyHPw1_15SRtgFKziOAhzi3E3MdKfk5-413QOOnVD_7QME4UljOcMgxrIITwUxoOR6ZFAl9f1biqI3IhqTe86iWkulF4yYi-RM4WICWbKYbPM1x6sIxJGJCsoy1Y3o6rr_4SZvYBAxjwI-78CZ8nooqeiHa4K7XYbhK7lU7q7LaS9MGgN-gV00yd_FCm-mF8NYYCInVdrdWz9KoqyIziauA8_pNm3SKvdm641hESiBx2auxCxdibbeYfg9Dcf5l7Sls6ts6w-loKhCZywnykDKwvYrwUSBnQ4DGzKOYx3EHaCLHe4yrEXf-KzQx5E
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 319D 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 06:30:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41146
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 30 Nov 2023 06:30:11 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 319D 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20122942208&bidurl=https://x.gd/view/unsafe/KFRMi&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iu0aQIYluvdtPHVxMI9Rmo&adsafe_url=https%3A%2F%2Fx.gd&adsafe_type=y&adsafe_url=https%3A%2F%2Fx.gd%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2737572314184878%26fa%3D1%26ifi%3D3%26uci%3Da!3&adsafe_type=d&adsafe_jsinfo=,id:5e3eef1d-8a7f-ceb7-40ec-8a215e020855,c:vnStDI,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66f6d74bff-pd2kg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:19,oid:8c00b89c-8ee0-11ee-a8fa-727631a743f8,v:19.8.461,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 02:35:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
55256
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 02:35:01 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 319D 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-C36zeFXi_RmzkR0Ji2D949XqmYZL4bksAI9DQrCN2nHQKLMCrVowhExKx42dYNZV9FQ2-mTEfMXpVqgOMRN4tQKasTbCVMDx9KWheCw4xmJHu6xYZk86tlY8-2aWtmR2_QE5Q6TrNQuCoyAW7eampQqZSctjvRtYGDqgSvpbADk24pZfcS-RQAoCZ_4MGPypIuCJ0yUaQqvMBLGQ9tBR4zUV20c36aHRtE9zGNDxJQUF2h_Wc57BCy7EpelbDnwC0DxYpAqQlsob28SQyfB_4xrBXvkBXc5Y52Xndu6KIlJZDvTJuR8O_8HIICwbOQa9S928N15aCsE_BPgVVAvaqi-1iSjBk4yN11UiUqWxVLjRzrZe9Co8DpXW-lW7wL8y9GRGGjBBI-bmrpHls2FNrP73RFxxmPq-p_TTVBvjGgAkYlCuAJwRp3HLXKLzVZY_uh9jDHWYwL8DFxAN-gYnl_xtcu88u3QheF4OHz7I3dbxQGG-6nVjDdPuErm6RAY2Z1Bm5BYqp4CVZXcsJIk1m0GFP_Gi0HJZuUQ0ZucIuQTcK4ODMjN6ppunAyuYWS7uNDzD0NGvdwKJmcPN_39YF0gItr0wLcxl-d6nbdzPRziXtwcw11W3_6OffgED3CkwAL0hTRnOULi1uRiENoB-Utks9Y9DAA_tWxvGll1BkpKVe9GyZybwY6mroXogIjjfjZQcRYnh4SZDWDBkR9oXrzQLSCMHYtLDvoOIUXBgEtGmjfdtKGridEED3ggEF2K42mtKESAekfhFyNBNEAUwxmgKny9W4H1GZZJLxGgbu7_3Qbu7WF2cYZT5ELwODRIdGjST5NMAgkPiD02hO6EGgz-DNQXOJ8do19NufE4ZY52QlxuYsNt6r4ea3yH97O1E-RUBVGvd_ptMIV1r6Yw1mG166GLCu8JGb4lOATm_hkr1gqscOM2unf_sVyAbpHcGhgPF6uja8GQKeQf618ovdxf26nPncCZL3rKB2fn6UrcwpOwhHm7Jrx4LuRGLIiCcOVxVM1OAtwx8DVOwwTQWbFCKubJrUQTyjqAPu2PNKhC-R5X26g-fXrZZy2db05GcuhUTPV_-ZhrISNqqGsdZqhzavi1ZaiUNrl36ywLgDFlqd7hoRu6RJ92VQkqHtDLzDe7WPIL-ft50pWFu3Eel_wSr9SdCMSmgCxwm9Mz9sOtmcPpnzWmhbKi8CzAk_izllqCDr9_yIBbFzO3-43Nqxr-T0iPpuabtbLESOakkHs0JEJw7WOGwgstSJhZzaSAlNNTY0CE5q3k0R3JdDfxj9qHbD7ay9MFMspSY6Ew3ll04-CZ9sPzU-S_3aof77rjvYtHftVO7vt3grxj3yfQ5P3z5P9tsFcK6Rosk5h6FChWsb0wWKFcwCTag3KNOX-bBdDDFmzSJ0TmIu57n_87Hle2frjukm_aNJTtgitha_FS6It4Kg9WrX5Jae1aO0VapUJkEdYemliGg4DOw8eUxT8fQK8dH9By7728nkQoTUySqgRWRacNc3gwKzrQP0aIynVog7P_V_xd157GcJVF7aBkPvmXZwesCekAZn6MWUab7RF4nkzoouTjhjpIMIfBcmP_0fKz4wO4hnNqOtd2So-JBzLYIpidN5VPFtzuhUx54R1b_sDFM_Fh6694cEWl1ykJyiasGMIYY6ShI8FkYcLdW5dxS80rouzb4gFcsCkDLBixomiFuDX9sah0ZlhwpbC3RMiraaMi5mmkuB0a9ZLYCfnRJQQMRlfZ1OW2hF6yM-kB1Tia69btLicioPWi8BMw6x1NVZc31H9dssIqI7WHNiiNME01uN-4VYlHFlZs_o0ODtaBhCno7oq-7oGmhVQE2Jw0q1zxzBffMq9uzgnK_A3OqaUGqhpjIFCug4NNZmNQVFbpLQ6vI42zcxqor4nHKNFZMMIdz-6horUuwzayalhZHHgWtRYel1y27CsisH8IN8iQJHgmM7RnyOO2r2hGwvR1xM3t8otU8G4r3Wquj5ti3yDBoT2GgHxzIWtofdBdNj26PMKSASrZxPdDPBYeTHjrKdFEzsYxhv2ERtEwQ_O5CQtNlEu02sEIrafc6ogN-Tlc6dRhE1eEElf8TYVWJA778-ythgfrzsANk2vgQPYicP1cVYVyJ2NSr8WbRo04NRLWCcBrfAPMVt1Wgt5Y__eVZ28xA0W-JFotxFcoHWs-q3p1b00Q7az2CRmBA8-I6YlLCS90NDQexYxtoS2zYTgkW1L48SALqHu1mJfoBYPvalcj7FBv7k6K0uMyi-jF68qOqR_8sRl-JMn6rBtOCCRtOXof6JvcOKQjlILyGBchu958NZrWJXX18oX5oDLtc8Tnmj90LKLiSFDOfgEL-GmSU4e2JzVCJLpYQdkJH7MM4s1SCKT5yNgBWYRDyYKVuIFQLJKWjQbRf6DCsQJ2vWBluW1IVQomDis1pbM5fqJoLsuJJt0MjtJymCOJpXNEA2Q2XpSGPfFXG9MxWhRvzc6XOO_GG_OD6deUnXi4AjmJv5dfcaeIr7_WfucqhJpsruk9G6w4ueum6bPxo0n5zZ3HclUZijku8cYPgRFFjfrJCDg-aQwU5x2mO2O3gZROgj0CW8gyVgnsZzD0aKNeudjd1NjVCN8wzxdDNkys_lwx_SH1KoICfAxmaBUC4vxcZSuHV2XCyP7zQRbzQOnNXVhkVfc3iOA0M1xvQhiXBBvP-cZEtPTNA2vCDd7y3Tu-OEqKGA3agbSIQuMVNT-LHJ7GBer8hKuiEBLHte7wOB3es_DMJpFYA7V-COhKYI2jQx3xNBwHGS4QjgDwxxiKNF1JFwawxnYEkRX95HeLU5ZKJKWF1uC34qLf-Y31L7nKHHF2Wd-5fjQfhXp6GT7bf7QCOr36lvyH6F2CIkJHVhE60JP4Bs2k78lIcb57rT55wmOSyg8hRJT1nnf3nniEMAGcYunTIoUPAjvtCjUZVuOphzt_w7U9VQl-sVs4rDHPLTBeVc3H0gmAQn8i98I9Y_LJX8bE4fiDMx7ISHDNsG70wFIQQ06kpdjvPLwRWlrYD_YMY32uLht6bAqdew0y7DoMz_QBCnkYeN4v2YCsqYO4Om3reygEBFDgXVq-AtQrXCs4AykfBN9o-WX7ftRE_qwweT9Cv41daZa-iVm9cgPmWnI-i1uZgPLevgAwEkFUyng7U3LuyBveCkbj2mATtQPVUugV04vz1DxEkCrMJOBsIFm5dQydokH2d__pwxFSkYmkOXty4uSdA3TbjEi7euXFByOF8R4f7CMnoCnr9i8fRzMuS0_bUgW_1iPZaoqij-r8KxBI16PAlzI8yLu9eRZf9_1Jm6rUISAQtTSRStCi7bOyPzQjyz889f1SzVdFMadO0asVxkLGo1S3EZS5vdXGbEVztL5LIoFR7p4p5-xNN8lGuJ-qWV4rOyRa0R3444YtURF3h3Q7dCkkzYIGh2fSjeJeYtzR1oLi9O9SA1LF6I_yWwBy_Zq97sFepyRIJVr7nqSQRUzfy2ryEl7lD1EFhhfN4xBGiJXhRoWpU-ckFpLFZ88BMor0ERA3HtIr6oxUSuHAHhehKRJndXHzicqTnspLOp0w7E0OE8sohbCAU0GgNqQKk7B-8lIuqjB6hSQms9xZE5oiE5A06EnorlZ4LY6U1t33zlQ_IUmuq55uqCltexgzatVfRXqV_Kb_4qnBQ43LWPHF70hnRvTBL1XU9tpu6xDIpbTannqyul5kqipjtN5zgaKBhGyyBpUCAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgBYAE&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20122942208&bidurl=https://x.gd/view/unsafe/KFRMi&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iu0aQIYluvdtPHVxMI9Rmo&adsafe_url=https%3A%2F%2Fx.gd&adsafe_type=y&adsafe_url=https%3A%2F%2Fx.gd%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2737572314184878%26fa%3D1%26ifi%3D3%26uci%3Da!3&adsafe_type=d&adsafe_jsinfo=,id:5e3eef1d-8a7f-ceb7-40ec-8a215e020855,c:vnStDI,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66f6d74bff-pd2kg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:19,oid:8c00b89c-8ee0-11ee-a8fa-727631a743f8,v:19.8.461,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 04:49:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
47168
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11874
x-xss-protection
0
server
cafe
etag
3876053170955424897
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 04:49:49 GMT
truncated
/ Frame 319D 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cea536faed343328bdfc32470c3ff6ee754453e081bac7853c23124d956aefa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/ Frame 3A00 		253 KB
163 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2d76d4eb560f3f07393988e9f8f8425791f26d0438483c222ff53c73b9900be4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
593477
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
166451
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 21:04:40 GMT
expires
Thu, 21 Nov 2024 21:04:40 GMT
last-modified
Fri, 05 May 2023 12:38:54 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
ad.doubleclick.net/pcs/ Frame 319D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjstM8LPJWEJr4199c9lmDra5FP-fgXdl1aprxl-LX-nEvIG1Kx-lasUi7hluR0V1DxLa8R2u1iLIpTZhvDihT5K2EVoZq3s8BNCNcSwXTUMKmoa-_uq5IIarCBlVdsS-fmI3f8OjSoOMiRdGHjll1z5JGk_2eqOxWXoTqA8XbmTJUqjvI2KvmUzbrhM8kqu-mdgmZAhP1jnOUCqQUIc&sai=AMfl-YR7bOMYoM4GItvKRBFFUBskFuEmaqzt4Nvw3gXhbFfqzcX2p44K_SjMGMFX4J2G20aDEQCpZ7Fodps8lXlii8Z8e1DyDqfTFE9JafSGfCtvIeTCH9WqQCel7pMk681VpPhPzNT9fxZDJNW1bht3mSYlOg&sig=Cg0ArKJSzN5fhxaAmdUZEAE&uach_m=%5BUACH%5D&cry=1&crd=aHR0cHM6Ly9jaXNjby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=108&cbvp=1&cstd=107&cisv=r20231109.73101&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f134.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame 319D 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=5e3eef1d-8a7f-ceb7-40ec-8a215e020855&tv=%7Bc:vnStKi,pingTime:-10,time:427,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE5OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1701280557578%7C%7Cd5d58ea6b25ad5a229796111641c5dd3%7C%7C9d9fcb00733e98b40e93b73c4ea99695%7C%7C4db1399869b9c2bacc682c7abe7c1272%7C%7Cf8d6b4a81d4b6cee183d11a4e6358b62%7C%7Cbd4a18705616b73d1ce1ee6891938382%7C%7C8ce7fbade7ab75b18f7c3d3bc47a3f41%7C%7Cc115bfd582174c14a08a859b2590b081%7C%7C1663701684%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:714c:c683:9f35:610d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
server
nginx
x-server-name
dt22.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
truncated
/ Frame 3A00 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
truncated
/ Frame 3A00 		71 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0dfe1f9ce8410e9cd1eb921153319aa98dd53d12a6e4fb0efca81ab345bda814

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
view
ad.doubleclick.net/pcs/ Frame 319D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjstM8LPJWEJr4199c9lmDra5FP-fgXdl1aprxl-LX-nEvIG1Kx-lasUi7hluR0V1DxLa8R2u1iLIpTZhvDihT5K2EVoZq3s8BNCNcSwXTUMKmoa-_uq5IIarCBlVdsS-fmI3f8OjSoOMiRdGHjll1z5JGk_2eqOxWXoTqA8XbmTJUqjvI2KvmUzbrhM8kqu-mdgmZAhP1jnOUCqQUIc&sai=AMfl-YR7bOMYoM4GItvKRBFFUBskFuEmaqzt4Nvw3gXhbFfqzcX2p44K_SjMGMFX4J2G20aDEQCpZ7Fodps8lXlii8Z8e1DyDqfTFE9JafSGfCtvIeTCH9WqQCel7pMk681VpPhPzNT9fxZDJNW1bht3mSYlOg&sig=Cg0ArKJSzN5fhxaAmdUZEAE&uach_m=%5BUACH%5D&cry=1&crd=aHR0cHM6Ly9jaXNjby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=236&vt=11&dtpt=128&dett=3&cstd=107&cisv=r20231109.73101&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/KFRMi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f134.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
LogoLockup_Vert_RGB_white.png
s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/ Frame 3A00 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/LogoLockup_Vert_RGB_white.png?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320c83a2ecf5473795e1137deb93090208180cdb0cf8e7f6dad1a1f1aef35770
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:10:39 GMT
x-content-type-options
nosniff
age
2718
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1502
x-xss-protection
0
last-modified
Fri, 05 May 2023 12:38:54 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 28 Nov 2024 17:10:39 GMT
iStock-1086808322.jpg
s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/ Frame 3A00 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/iStock-1086808322.jpg?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f92f0adaf2370f83fcdb0a2001f2d1fd3192982ddade3c9e7853735c78accd3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 13:33:09 GMT
x-content-type-options
nosniff
age
102168
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24431
x-xss-protection
0
last-modified
Fri, 05 May 2023 12:38:54 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Nov 2024 13:33:09 GMT
LogoLockup_Vert_RGB_white.png
s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/ Frame 3A00 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/LogoLockup_Vert_RGB_white.png?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320c83a2ecf5473795e1137deb93090208180cdb0cf8e7f6dad1a1f1aef35770
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:10:39 GMT
x-content-type-options
nosniff
age
2718
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1502
x-xss-protection
0
last-modified
Fri, 05 May 2023 12:38:54 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 28 Nov 2024 17:10:39 GMT
iStock-1086808322.jpg
s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/ Frame 3A00 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/iStock-1086808322.jpg?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f92f0adaf2370f83fcdb0a2001f2d1fd3192982ddade3c9e7853735c78accd3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/699028630855374914/EMEA-DEU_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-GenericUnifiedExperiencesPromov1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 13:33:09 GMT
x-content-type-options
nosniff
age
102168
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24431
x-xss-protection
0
last-modified
Fri, 05 May 2023 12:38:54 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Nov 2024 13:33:09 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c0ec389b15141e692e0ee2ca9bacf831b40c11711387b4d0e57f81fbbc82d97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12272
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame 319D 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=5e3eef1d-8a7f-ceb7-40ec-8a215e020855&tv=%7Bc:vnStMF,time:574,type:e,im:%7Bpci:%7Btdr:535%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:574,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B566~0%5D,as:%5B566~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:119,fm:tX1tQ6j+11%7C12%7C13%7C1411%7C1412%7C15*.1474271-76103297%7C151,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:20,sis:266%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:714c:c683:9f35:610d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:57 GMT
server
nginx
x-server-name
dt05.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2737572314184878&plah=x.gd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 29 Nov 2023 17:55:57 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1395 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
18029
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 12:55:28 GMT
expires
Thu, 28 Nov 2024 12:55:28 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 93E9 		829 B
998 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2e5d804bf1d416ad6e8756f878eff4678bd702eef77af8bf8d0318cb52e38509
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce--3ovRIJmx-xabSsRc8WMhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce--3ovRIJmx-xabSsRc8WMhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:55:57 GMT
expires
Wed, 29 Nov 2023 17:55:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 1395 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 15:18:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
9476
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Nov 2024 15:18:01 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 93E9 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=2370430761763432&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 1395 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?p2BgYg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:55:57 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 319D 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9cfu7aKwVLu5QS8-aZE1i5WQi89jfYgAFcMA1efrK71Jh60KlbaNXskgYprC9HGeRM7Dba6ajh2k2vN0AKgjbNDO1hY7phiYQZciugEFeWugJbYnq5PLeeFKFnFDtrzgu1GUr2YKnKg9A&sai=AMfl-YTP9uagfPZcB_KW3LMVEqajjZrUX4SsZZxYFDb5B-RFwgX01z-HfRytQxkX2fn7OdntSWbbeln4alNL34ti6cPAmwCnnkhAB19b-5sgtXs6tiumHBEvgGV78-MvEXi0Upsbf_sE3pH4OrWmy_Uapsuj1hhzKHvCJaw&sig=Cg0ArKJSzDXQctCAHaN-EAE&cid=CAQSTgDICaaN0dxszpuPLvvCkxtQflTE6YZsRPQ8wekyGo2D96ZgA6ZxSHAOLJcPijr-7UrfIv8BDcM2vz7rmrr3bZj5BTW07O0AZSG59z8N5BgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=832,1000,1000,1000,1000&tos=832,168,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701280556607&rpt=825&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=2370430761763432&bg=!HxylHFPNAAZxrfrxUa07ADQBe5WfOAehyRaV_t1k5wXBeY_meyeFQCndV6EyiplyN388ZJOK5PZp8vyqLiVOKwHFbITwAgAAAEFSAAAAAmgBB5kCrCcKQlncJeyu5VA-x5vdE4vacfnN3_tFuwe8n2gnCdQD4fzHmQ11IUH-NkFyCBuXf4wtRWllUj6y1AY3Ugkj8CmPPK8Uwl5weBbLelWDfQJGnHbNzQyIb9qQfqNKV_HrUsI6x6TMgLj9oMTbck-FF0B7SVPSEkxaSKx1HsPpX_IFheslYkAoCB7BgDQThI7Vx_4fKOxblCH2CyfcWmNFMUSpjlF-Iv3bfJC1jer1e4_TRHiI2jnUCK3M12TzC_kPNmKmR7-821DICwcNg3M3vaS7ARv5VEJTozDrar5I0zy-eOPTTy4oupp0GEw3qSf3ge6nn20N6Wmgi2yvhXigC3fFgY5DxmR5WvJnLfn-Vc5au9kO8OY8ik0JRk_S_JKi61E_-wGMv0ntZGDXKWzkjDNmeogEpMM-iMqn1nUPJXet4HOIBrllLtFj1I-tsbg5Hz7oLOPXvvqUcoLSfvQlTxaPNf1pwDc42CkZfGX8qO_u8-O6eTaAm4V0yzFhxyRdZbrXyxgXK5rebNx_1KmZi3HZidvgcV0vt89o01WpEnby3QBClhlrGT2DeZObVQonWIJmRurbvv5FpZ_XODw4vTPeFMOyg5sLTaj-GjnBSl_qCF7NximN9OeKJZWnf8bxExC1yvR8dvwsKm80tNum8s4crdRWxcx1OCbQpDdnq7haDEQGEQTXqqpLJ69QuLf4qcEY4RUhBVDil2XogU4BZMiefqSKPlGoN4KoXLnj8z-blhtOUEkO9sJjdk7VJmiUkgm6OaQxx24SeS9MgmnXpJSb_jsys1id8o7M3HDgKK8lJ0EEAXrhF5P3DLt6YTaaJV6T1seHi2RRQ8jp9fdTwLQuOl0kIwzL5r5l-7qY_u29WgX_KQi5FuQV4ccruEFstey7QexfCzKZKAvsrQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 319D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2646854507007&version=m202311060101&ct=76&x=1&cor=355402137168217500
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:55:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| documentPictureInPicture object| adsbygoogle boolean| __abg_called object| __NUXT__ object| google_tag_manager object| google_tag_data object| dataLayer object| webpackJsonp function| _0x283bb5 function| _0x2831cf function| _0x51c973 function| _0x1dd6c8 function| _0x4df6e6 function| _0x1712 function| _0x1a47 function| _0x54d5eb function| installComponents object| __core-js_shared__ object| core object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| onYouTubeIframeAPIReady function| google_sa_impl number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| $nuxt function| ga object| gaplugins boolean| ga-disable-UA-154998386-2 object| gaData object| google_llp object| googletag object| GoogleGcLKhOms object| google_image_requests

16 Cookies

Domain/Path Name / Value
.x.gd/ Name: cf_clearance
Value: 2u1OWSWnnM5wZWqz0gw7wwsVXLtNdIxadEKjK3iFEcU-1701280555-0-1-cc87b02a.c079816d.10ed6872-0.2.1701280555
.x.gd/ Name: _ga_K53RX1V2LY
Value: GS1.1.1701280555.1.1.1701280555.0.0.0
x.gd/ Name: si
Value: t192cvcn
.x.gd/ Name: _ga
Value: GA1.2.214230436.1701280555
.x.gd/ Name: _gid
Value: GA1.2.1776907300.1701280556
.x.gd/ Name: _gat
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUnzo1oo6rkWgTweg3vema5MVRbWgXNhn9hjuEW_R2MwYzUpV2Znz5k9MLOy
.x.gd/ Name: __gads
Value: ID=62fe2cc05c41d217:T=1701280555:RT=1701280555:S=ALNI_Mbg2-RhfU4Mo2I1r6HDkja-Ir4i8g
.x.gd/ Name: __gpi
Value: UID=00000ce1a8381ef1:T=1701280555:RT=1701280555:S=ALNI_Mayq0gAnxtpvdaivoOWBLJGM7DcEA
.casalemedia.com/ Name: CMID
Value: ZWd7LB.a1AFnD3o4vo5YAQAA
.casalemedia.com/ Name: CMPS
Value: 3323
.casalemedia.com/ Name: CMPRO
Value: 3323
.adnxs.com/ Name: uuid2
Value: 6417592178508059343
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E?`h3kD3!]tbPl1M>e)ZlrFUfJ+tGXxou^0+^QIO]a1<ZHuwAGW:/aSm]S^NCXJJ)$aB3If)y3KL9D3I?+Zj2!%*
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: APC
Value: AfxxVi4Nt4SaSPpt3t-WtvM9nr53E9g7sRDOOAXIzg8EN4Z-rD4ikA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
bid.g.doubleclick.net
cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
polyfill.io
region1.google-analytics.com
s0.2mdn.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.gd
142.250.74.194
172.217.16.134
172.64.151.101
172.67.140.193
173.194.76.156
2001:4860:4802:34::36
2600:1f18:1aca:4282:714c:c683:9f35:610d
2600:9000:20ab:6c00:8:48e:53c0:93a1
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2006
2a00:1450:4001:810::200a
2a00:1450:4001:81c::2001
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:831::2003
2a04:4e42::282
37.252.171.52
54.78.201.127
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0a857615bfeb6dcd9ddb7280c94c86d0df0be887f89bbdf4d654cd0a3d96d5e4
0a9ff32d85258ef227ddc9a6763db635f084caaaaded2d4b28bb98ea0b1253c9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9f3f599c8c620303e3ecb3ef4efc57020d6abfde96b1863afee551fcd5d430
0bb5af18639dfc54932f4340945c1dceeb1e5aac5933b578f2ab597f29137599
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0dfe1f9ce8410e9cd1eb921153319aa98dd53d12a6e4fb0efca81ab345bda814
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16fb588f02bc378d838d0fd3d9912a3059db287d7275263e14a202db352427bf
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d068108dd8dcc3efd65d6457d37ffcfd5ea5f76e44d65e6d54ab08416d08f2b
1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87
21a570dfff252ca49aae56d195f93e37047314d36f7b5621424836cc25843aba
221da66e36e898a365bde9873223eeb63539a18dae9f4ecde31e90f1bb106a1c
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2c0ec389b15141e692e0ee2ca9bacf831b40c11711387b4d0e57f81fbbc82d97
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d76d4eb560f3f07393988e9f8f8425791f26d0438483c222ff53c73b9900be4
2e5d804bf1d416ad6e8756f878eff4678bd702eef77af8bf8d0318cb52e38509
2f92f0adaf2370f83fcdb0a2001f2d1fd3192982ddade3c9e7853735c78accd3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
320c83a2ecf5473795e1137deb93090208180cdb0cf8e7f6dad1a1f1aef35770
336951503a0ffc84310fb5345be5eaa6f9d8a2bdfad0dae493cf3abce96b425f
39488b5646fd7a7ba52a4e1a67c4655730f91b93c6681524e4c581090fabb716
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4434cd171e26af96309258c00db412d732eebeead23c7703e50906e7e5dc6d2d
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6a5bb37520d3802bf344e433669d6f795ca3f003e7564e4ae82db7714429bd
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563a21af7d066a5ed2d05357428e1b96508f9c9e23a39b560ab9fa8fe92f1591
5c1f9d35dd732f0a44e7ef0b8571f387fdaa7b6062d1a085419b678c9465bf35
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
676683a0ef65d0f571f3712693d00456c87255ba844256f80f67a4bdd86f3496
7b7fc41884f9369db038e9beb5a7c7bf2d754a1032e3c67a9b5e5fbd530cad07
899af7118726b26033f0cfcd94aa35343a8855b928a40cadc16c1a0ce5419997
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
943e9b87328e617dc5dde0f272231be8ac51d8f3d54ae169b47b4b87093e03bb
9c90d4af4915ff3986649148829d4e4515d61e91b6a4471c9a2cf5c6849776b4
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a932604416230684537f03bc523f1b5da6b10b7ee5be83e8b451f0bd8a59acd0
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
cea536faed343328bdfc32470c3ff6ee754453e081bac7853c23124d956aefa7
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d22f23627d7246a166137a961dc64170ac0ba89c18f4d7e33d120b2a883a02bd
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48df3857bfd7f796133deda147f01e73bd63b5b73457861c2d968c6c2e1378d
e8ed9cfdb3caea0b6f5cfa91df5aa6f1861e760115db0cc1901c90fb69069609
e927d2f2837477e9450dae0b7d822a7425f5ba56996f118b991aaf7e84d8be1d
e9f3470bdfeca4ae148cf2b067558d515d4020453c1c1f61ae4a157d505df7a0
ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f37fb29719b441eb569ded27a94e405544d3afc1d312167aeb6a3489f4962ae9
f9d63d94d11e65be863b3a754ace1b9f2fa71e5e874d7b0ad2ca3e9a831cf3fa