i.afly.pro Open in urlscan Pro
2606:4700:3033::ac43:9eb0 Public Scan

Software

nginx/1.21.3 /

Resource Hash

7ab21d61a70932e08653fc275fffbb17e3461587e7c5d64bf61ec477bb0f94b9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 212a6baf-374f-4acc-ad3d-d1e6e992519a
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://i.afly.pro
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 25 B
398 B 114ms
24ms XHR
application/json 216.52.2.39
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.24.0
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 2434b3be5380af0cc01443ad799f334ea5c10321f461b7f1e5639578e916dfbb

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://i.afly.pro
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 25

POST
H2 204 mvo Show response
tag.1rx.io/rmp/239524/0/ 0
158 B 87ms
36ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/239524/0/mvo?z=1r&hbv=7.24,2.1
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
357 B 80ms
51ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

server-13-224-191-98.fra2.r.cloudfront.net

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://i.afly.pro
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
293 B 53ms
33ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 513651258988d56dbc496cb061d32c4d16ec52ab49ba83902cd3d0a60a80ce0c

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 55ms
35ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: d12508cc3048b59f2e1d050c8ff5d4e22ecf14d20583f826a39fcfd7137db18a

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 55ms
34ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: aff3024c69e9d6afdbec8aea869f14fc5586676a21eb07dd55161c8c3a623287

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 56ms
36ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 6d21793170869d33803ea47f283acdf9764f04f24f25a921edc961e51c27c43b

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 55ms
34ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: c8b853c79c23ab5c496eee7fe28ec07505ce70546f29ecc943d826c259d06fe1

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 56ms
35ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: bf0f4fdad8d1bccf58b3b8a16ab0dc34e88bc8771bafd95ad2113d7eaff2c519

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 54ms
35ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e8a8a75e3875fa843abd7f1d066a8cf2f993df3ff4f22167bdddadc71e980e1d

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 56ms
36ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: f0fc17dc5d32fcae01ea0141951fe7927cdcbdb84aec52f0f4b679d3b3aabb14

Request headers

Referer: https://i.afly.pro/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
content-length: 66

POST /
prebid.smilewanted.com/ 0
0

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 15 KB
2 KB 352ms
228ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 28b07822f9bd19d39c1d6bb624b9755465e116af9aecc76f3c8ff937c4e04350

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://i.afly.pro
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 1254

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 97ms
38ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUQWX43D
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: eca73a81521b40909fe4a84a2a9cdbac793d0cf8d320d08abdac4c2317abf80f

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Sun, 11 Dec 2022 00:50:02 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 9FB1 43 KB
22 KB 70ms
31ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf2oGkUAAAAAPnWjjWViiU1xARFdo28x_ugoDrc&co=aHR0cHM6Ly9pLmFmbHkucHJvOjQ0Mw..&hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2&size=normal&cb=dxhhc8qt5xck

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c3c61bf6b6e7e5dd65654211f7d50f36acc5cce8ccfa3c9557fa51ec01416972

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UtI40ZIULeCxKH9Gf-rAdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22980
content-security-policy: script-src 'report-sample' 'nonce-UtI40ZIULeCxKH9Gf-rAdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 385 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK favicon.ico
storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/js/ 15 KB
15 KB 102ms
27ms Image
image/x-icon 145.239.139.16
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/js/favicon.ico
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.139.16 , France, ASN16276 (OVH, FR),
Reverse DNS: ip16.ip-145-239-139.eu
Software: /
Resource Hash: fb20da3761f50927006a6f6303ae6fceec0b3cb5f4c532ba5845bcd5392112d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
X-Openstack-Request-Id: txf14c2eee1d894722ac006-006395293a
Last-Modified: Sun, 31 Jan 2021 12:57:34 GMT
Etag: 7bf4f6782dee3b520a65ff84286e3691
Content-Type: image/x-icon
X-Timestamp: 1612097853.12655
Accept-Ranges: bytes
Content-Length: 15086
X-Trans-Id: txf14c2eee1d894722ac006-006395293a

GET
H/1.1 200
OK large-poster.jpg
content1.avplayer.com/60095c900c0799791c46d8d4/videos/631a0c74c080af4ad20201d2/ 17 KB
17 KB 79ms
18ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content1.avplayer.com/60095c900c0799791c46d8d4/videos/631a0c74c080af4ad20201d2/large-poster.jpg
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: 9f66145fbaf681859fb04fc4cdedf358806d85dd27355199545b97db90d48829

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
X-GUploader-UploadID: ADPycdu6OLRy9HOaZJEOFFS6BlXcj4Mpvf8M5ia9FtmtWX9VbxPKv_snVqJHAV1d3OO-e4hBh9-GTTPcRxdqyrOF6t0BwlLblYUG
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 16959
Last-Modified: Thu, 08 Sep 2022 15:38:37 GMT
Server: UploadServer
ETag: "0ee97d2dcd219d582aee0cecbb70cafd"
x-goog-generation: 1662651517684609
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=SZ/7Cg==, md5=Dul9Lc0hnVgq7gzsu3DK/Q==
Access-Control-Expose-Headers: Content-Type, range
Cache-Control: public, max-age=2592000
X-HW: 1670719802.dop234.fr8.t,1670719802.cds003.fr8.shn,1670719802.dop234.fr8.t,1670719802.cds137.fr8.c
x-goog-stored-content-length: 16959
Accept-Ranges: bytes

GET
DATA 200
OK truncated
/ 480 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 1121 425 KB
115 KB 66ms
9ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/2/v/avcplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8a7babb87daae57db009ee805060960339a04391c0ae55491041e8360a5c348f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvSgKQW8Kxld6zU7f21_zkb3QRdameJSRH4L-0CBOkSGt257vcIej_0xBoveUkyUlMSCzcbE7BL0qwZSZdGhdUDIQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 116427
last-modified: Sun, 04 Dec 2022 11:44:22 GMT
server: UploadServer
etag: "5648139f7b5a48bcb4cea1d2ffeeead0"
vary: Accept-Encoding
x-goog-generation: 1670154262270598
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=iXwvkA==, md5=VkgTn3taSLy0zqHS/+7q0A==
access-control-expose-headers: Content-Type
cache-control: public, max-age=600
x-goog-stored-content-length: 116427
accept-ranges: bytes
expires: Sun, 11 Dec 2022 01:00:02 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
330 B 129ms
43ms XHR
application/json 3.248.87.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.87.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-87-83.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 6d75fd4a321933e79a78769d3626b12ffec531aeeffee0a0424afafffa937ed8

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache
x-server: 10.45.8.50
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/313490/ 11 KB
5 KB 60ms
10ms XHR
application/json 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/313490/config.json?cb=https%3A%2F%2Fi.afly.pro%2FLclT
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4b1e8a5385fb796e7f60205ccdd124cbef87527ea2de79e1f70b8fc1d3816342

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

expires: Tue, 13 Dec 2022 00:50:02 GMT
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
last-modified: Fri, 09 Dec 2022 12:01:13 GMT
server: nginx
etag: W/"63932389-2ac7"
content-type: application/json
access-control-allow-origin: https://i.afly.pro
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
457 B 52ms
51ms XHR
text/javascript 13.224.191.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fi.afly.pro%2FLclT&pid=fvhGNJTWI09LQ&cb=1&ws=1600x1200&v=22.1201.834&t=1900&slots=%5B%7B%22sd%22%3A%22gpt_unit_%2F21939239661%2C22305556653%2Fapl%2Finter_0%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F21939239661%2C22305556653%2Fapl%2Finter%22%7D%5D&schain=1.0%2C1!adapex.io%2Cs1083%2C1%2C9a6889a2-8d51-4fba-8048-6a0bf7fe4e67%2C%2C&pubid=1ad7261b-91ea-4b6f-b9e9-b83522205b75&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.191.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: G8W9AH8C7DKJNG2YA78X
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: kUvUoxTXpFVo4-QAvl2xnpLg3zLGn-Wiqu1wSuvjF082-9_oXFdXzQ==

GET
H/1.1 200
OK / Show response
ghb.aplhb.adipolo.com/geo/ 135 B
401 B 160ms
21ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/geo/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/19337/hbw_release_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5c6f327934b4ce78ed67858bbc3b1d80a8a5c0c1d9a3d7eb3218186f536920dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Server: Adtelligent
Content-Type: application/json
Access-Control-Allow-Origin: https://i.afly.pro
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 135

GET
H/1.1 200
OK tracking Show response
ghb.aplhb.adipolo.com/adunit/ 43 B
429 B 159ms
21ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/adunit/tracking?event=11&type=0&client_id=323303&site_id=10647&pbjsv=v6.25.4&full_page_url=https%3A%2F%2Fi.afly.pro%2FLclT&adid=inflsd.jo&features=81952&vpbv=R098&lifecycle_tte=1168
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/19337/hbw_release_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Server: Adtelligent
Content-Type: image/gif
Access-Control-Allow-Origin: https://i.afly.pro
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 43

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/ Frame 9FB1 52 KB
24 KB 35ms
10ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf2oGkUAAAAAPnWjjWViiU1xARFdo28x_ugoDrc&co=aHR0cHM6Ly9pLmFmbHkucHJvOjQ0Mw..&hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2&size=normal&cb=dxhhc8qt5xck

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 03:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 249593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24262
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 01:21:32 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Dec 2023 03:30:09 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/ Frame 9FB1 403 KB
161 KB 42ms
17ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d64e243770a7345b699907f77f5e6789584278786ffa215802150dab0ee1d7a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 19:20:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 164801
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 01:21:32 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 19:20:47 GMT

GET
H2 200 j.html Show response
p.jcontentcdn.com/prebidlink/19337/ Frame 5FC9 1 KB
888 B 88ms
22ms Document
text/html 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.jcontentcdn.com/prebidlink/19337/j.html?i=11595
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: d35b5fd65497ae8d66b6e52bbad869c48bf379174ab0175f10e5d760741cbdcd

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=172800
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 11 Dec 2022 00:50:02 GMT
etag: W/"620bee41-43d"
expires: Tue, 13 Dec 2022 00:50:02 GMT
last-modified: Tue, 15 Feb 2022 18:17:37 GMT
server: nginx

GET
H2 200 hadron.json Show response
id.hadron.ad.gt/v1/ 47 B
266 B 211ms
211ms XHR
application/json 35.84.249.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=405&sync=0&domain=i.afly.pro&url=https://i.afly.pro/LclT
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fi.afly.pro%2FLclT&ref=&_it=amazon&partner_id=405
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.84.249.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-84-249-238.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 28e022f1741e645a4539af7365a303fc03cec07496025972ad357640b9038b2a

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
server: nginx/1.20.0
vary: Origin
content-type: application/json
access-control-allow-origin: https://i.afly.pro
cache-control: public,max-age=30
access-control-allow-credentials: true

OPTIONS
H2 200 hadron.json
id.hadron.ad.gt/v1/ Frame 0
0 1322ms
404ms Preflight
application/json 35.84.249.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=405&sync=0&domain=i.afly.pro&url=https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.84.249.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-84-249-238.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://i.afly.pro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://i.afly.pro
cache-control: public,max-age=30
content-encoding: gzip
content-type: application/json
date: Sun, 11 Dec 2022 00:50:03 GMT
server: nginx/1.20.0
vary: Origin

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
397 B 63ms
21ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

efa7ab9bd9ca1bf1d4b19faf9d96e180c8f5571e9929d31b44c40ea2700c109d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 34 B
205 B 86ms
21ms XHR
application/json 2001:41d0:701:1000::31d2
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://lbs.eu-1-id5-sync.com/lbs/v1
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2001:41d0:701:1000::31d2 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 80dd912c989fd882021d32f3f993a6288434833fb47f07cce2aa58313cd7b051

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
content-length: 34
vary: Origin
content-type: application/json

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 84ms
19ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=i.afly.pro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 79ms
28ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=i.afly.pro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
632 B 440ms
439ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=3017939782253410&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=21939239661%3A22305556653%2Capl%2Cinter&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=2327846384&didk=1130328153&sfv=1-0-40&ists=1&fas=8&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200&sc=1&cookie_enabled=1&abxe=1&dt=1670719802209&lmt=1670719802&dlt=1670719801591&idt=195&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8c5787ac268c19f5978a8dfd4bc1b0a73439e02b882e1b1af142670044658e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6630 6 KB
3 KB 90ms
19ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
14 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022120501.js?cb=31071221

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5eadb3853810c64a037b947f6355ca7f98036d56bfb46ee9f51a01f881259ed6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 12:06:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 391403
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14011
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Dec 2023 12:06:39 GMT

GET
H2 200 / Show response
serv.modoro360.com/api/adserver/tag/4/ 28 KB
4 KB 453ms
162ms XHR
application/json 107.23.15.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://serv.modoro360.com/api/adserver/tag/4/?AV_TAGID=6140a5a747e57404ec5977fe&AV_PUBLISHERID=615083ec2eec7c62d8776ba2&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fi.afly.pro%2FLclT&AV_CHANNELID=626e835dcbc46b5e674a35a9&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=4&pce=1&npx=1&AV_DETDOMAIN=i.afly.pro&AV_DADPOS=1&AV_TAG=6140a5a747e57404ec5977fe&AV_TEMPLATE=60bceb5ae580aa6950275314&d36=6.2.66&responsive=1&sver=3&avtoken=802246&omv=1.0.1&AV_D65=Test1&clsid=cd4199bc-9219-4b3a-870e-3c207d76ab37&rando=83&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=1670719802250&AV_CGUID=01ftrvrvyj4bm5fq8f05&AV_CGUIDLIST=01ftrvrvyj4bm5fq8f05,01ftrvrvyj4bm5fq8f06,01ftrvrvyj4bm5fq8f04&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.15.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-15-42.compute-1.amazonaws.com
Software: /
Resource Hash: 707419de86453ae41145aabbb7567e5f3d15f4802af42fafea8f5fa7a97e2f6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache
access-control-allow-credentials: true
expires: Tue, 29 Nov 2022 11:03:22 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 100ms
100ms Image
text/plain 34.235.173.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?r=i.afly.pro&sn=&ic=0&tgt=0&app=&wi=600&he=338&test=4&d36=6.2.66&apppkg=&fv=1&proto=https&d65=Test1&clsid=cd4199bc-9219-4b3a-870e-3c207d76ab37&rando=83&pid=615083ec2eec7c62d8776ba2&cid=626e835dcbc46b5e674a35a9&stagid=6140a5a747e57404ec5977fe&stplid=60bceb5ae580aa6950275314&e=inventory&vi=100&cb=1670719802248
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.173.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-173-110.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
DATA 200
OK truncated
/ Frame 9FB1 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9FB1 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 9FB1 2 KB
2 KB 11ms
11ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 191393
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 15 Dec 2022 19:40:09 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9FB1 15 KB
15 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 19:21:27 GMT
x-content-type-options: nosniff
age: 365315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Dec 2023 19:21:27 GMT

GET
H2 200 hbw_master_307825_11595.js Show response
p.jcontentcdn.com/prebidlink/y19337/ Frame 5FC9 82 KB
28 KB 15ms
15ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.jcontentcdn.com/prebidlink/y19337/hbw_master_307825_11595.js
Requested by: Host: p.jcontentcdn.com
URL: https://p.jcontentcdn.com/prebidlink/19337/j.html?i=11595
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1bdf528178167b1c27d20d46edea75e0dc508ff63ca33063183667c435d2dffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/prebidlink/19337/j.html?i=11595
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 02:28:31 GMT
server: nginx
etag: W/"63914bcf-147c8"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=172800
expires: Tue, 13 Dec 2022 00:50:02 GMT

POST
H/1.1 200 579.json Show response
id5-sync.com/g/v2/ 216 B
620 B 311ms
266ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/579.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

7c7239de9d4c0dca23b63ec3ea0a06f4ffa9579c9945ae22acd6a04e73f94ab8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 9FB1 102 B
134 B 24ms
23ms Other
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d4dc0c66eadd4b3167ccb395964b88ea5717313ab053efc1618af0064cb7f3fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf2oGkUAAAAAPnWjjWViiU1xARFdo28x_ugoDrc&co=aHR0cHM6Ly9pLmFmbHkucHJvOjQ0Mw..&hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2&size=normal&cb=dxhhc8qt5xck
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sun, 11 Dec 2022 00:50:02 GMT

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1023 B 49ms
16ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1498731
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pavMm2t8CfAuc0wUEO27D09%2FAa1ah7Aw5iAXEpGWUzd%2BRi4DMzCnPYpbpQXMuFpC9hFzJQwmG%2BqxhpNenyzc4UMF82AV%2Bm6yvz429B7aNS0M05dxYC52umw4ok%2FrJG8QiLIkilvq1KlKh08p"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 777a394cdd469024-FRA

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 45ms
17ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=i.afly.pro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 329ms
28ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=i.afly.pro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
15 KB 810ms
810ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=627721193012860&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=21939239661%3A22305556653%2Capl%2Canchor%2Canchortop&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=2&adks=2186292215&didk=79127245&sfv=1-0-40&ists=1&fas=2&prev_scp=hb_rfBid%3D0&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200&sc=1&cookie_enabled=1&abxe=1&dt=1670719802341&lmt=1670719802&dlt=1670719801591&idt=195&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9ea034b26158ffc3387e4cc3874498ac8baee0126ab5060aa326d2cd301197f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14831
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK csyncs Show response
ghb.aplhb.adipolo.com/ 690 B
678 B 22ms
22ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/csyncs?aid1=628406
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/19337/hbw_release_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: df2c2a1ae55f534df8d038970b5a7d78a608a277d3312c3c95f78808e7a362a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://i.afly.pro
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 373

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 141ms
56ms Preflight 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://i.afly.pro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://i.afly.pro
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
357 B 10ms
9ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ec2-35-158-153-223.eu-central-1.compute.amazonaws.com

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://i.afly.pro
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 245ms
89ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 244ms
88ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 277ms
121ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 274ms
119ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 245ms
90ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 244ms
89ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 243ms
89ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 245ms
90ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 272ms
118ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 273ms
120ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 270ms
117ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 274ms
121ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 272ms
119ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 273ms
120ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 273ms
120ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 269ms
117ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 259ms
107ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 260ms
108ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 274ms
122ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 272ms
121ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 274ms
122ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 273ms
122ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 269ms
118ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 258ms
107ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 267ms
116ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
365 B 267ms
118ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 pb Show response
ad.360yield.com/ 0
364 B 257ms
108ms XHR
text/plain 54.75.133.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.133.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-133-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
548 B 67ms
14ms XHR
application/json 35.158.153.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.25.4&referrer=https%3A%2F%2Fi.afly.pro%2FLclT&tmax=2000&gdpr=false

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.158.153.223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
accept-ch: sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness
x-auction-status: 7, 7, 7
content-type: application/json; charset=utf-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
173 B 57ms
17ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 c Show response
prebid.a-mo.net/a/ 23 KB
12 KB 143ms
143ms XHR
application/json 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: b44cce793a4245db5dfdda8afdace946563d1ea796434b105f92ae86e3fb2974

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
server: envoy
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://i.afly.pro
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 119
content-length: 11611

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 69 KB
24 KB 255ms
255ms XHR
application/json 216.52.2.39
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.25.4
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: c93c3277716802fece27d56be6ad49056a1088d39fc666b421240cfa17aee7ee

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://i.afly.pro
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
405 B 223ms
126ms XHR
text/plain 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 922 B
589 B 20ms
20ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: f3fd96eb51bb4209f8c41784079265d0385086a4c64e2216fc88de8eeb77df58

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://i.afly.pro
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 284

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
307 B 33ms
33ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.25.4&cb=3177851460

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
357 B 10ms
10ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://i.afly.pro
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 prebid Show response
mp.4dex.io/ 0
281 B 78ms
37ms XHR
text/plain 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
x-err: Parsing the Prebid Request. adrequest and manager domains do not match
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 777a394d4f469c0d-FRA
expires: 0

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 334 B
657 B 216ms
119ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=24558&site_id=425696&zone_id=2416802&size_id=15&alt_size_ids=16&gdpr=0&eid_pubcid.org=e3b4cceb-1ed1-43d0-92bf-3725ec0d25e1%5E1&rf=https%3A%2F%2Fi.afly.pro%2FLclT&tg_i.pbadslot=%2F21939239661%2C22305556653%2Fapl%2Faplmcm%2Fsticky%23stick&tk_flint=pbjs_lite_v6.25.4&x_source.tid=987cae40-63fe-47da-b2ac-8cdc2e9dc08a&l_pb_bid_id=111c2b86505c141d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21939239661%2C22305556653%2Fapl%2Faplmcm%2Fsticky%23stick&slots=1&rand=0.742499857699328
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 4c9baf9b0cc021807f0db24d2d587a312581675d52ccc4db6ef56d286f9134e9

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://i.afly.pro
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 334
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 334 B
880 B 215ms
118ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=24558&site_id=425696&zone_id=2416802&size_id=15&alt_size_ids=16&gdpr=0&eid_pubcid.org=e3b4cceb-1ed1-43d0-92bf-3725ec0d25e1%5E1&rf=https%3A%2F%2Fi.afly.pro%2FLclT&tg_i.pbadslot=%2F21939239661%2C22305556653%2Fapl%2Faplmcm%2Fsticky%23stick&tk_flint=pbjs_lite_v6.25.4&x_source.tid=beb908a4-4a4b-4007-ab22-949557ebb7b5&l_pb_bid_id=112a3de68fc603c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21939239661%2C22305556653%2Fapl%2Faplmcm%2Fsticky%23stick&slots=1&rand=0.43049595877980074
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 1670858f5ca70df15d7683da87a34f65f538bb49558b489ed8b79ad014cf67ca

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://i.afly.pro
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 334
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 23 KB
10 KB 216ms
119ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=24558&site_id=425696&zone_id=2416802&size_id=2&alt_size_ids=43%2C55%2C117&gdpr=0&eid_pubcid.org=e3b4cceb-1ed1-43d0-92bf-3725ec0d25e1%5E1&rf=https%3A%2F%2Fi.afly.pro%2FLclT&tg_i.pbadslot=%2F21939239661%2C22305556653%2Fapl%2Faplmcm%2Fsticky%23stick&tk_flint=pbjs_lite_v6.25.4&x_source.tid=bd097871-aa9c-4dab-adc5-04a59c01da4a&l_pb_bid_id=11361ebd6011bd6c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21939239661%2C22305556653%2Fapl%2Faplmcm%2Fsticky%23stick&slots=1&rand=0.22757016605989167
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 8637194d759c865e593a2c71185822a6e31ed636be99b4624370bffaed4a9d17

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://i.afly.pro
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 71 KB
19 KB 274ms
274ms XHR
application/json 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

41abb6f709fb6d78246f06f3ff35b63d5a1a855cb3193425b74d654f4e94ffe8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7c871195-e110-4e33-a996-20165b1cacdc
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://i.afly.pro
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 35 KB
10 KB 220ms
199ms XHR
application/json 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

dad0477af74f6490ce4376c4c4a4325a5ec0439db8e48ad835206200a9989cf2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 12c6fb95-0290-40dc-a854-58db37449dee
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://i.afly.pro
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 112ms
73ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fi.afly.pro%2F&domain=i.afly.pro&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://i.afly.pro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 11 Dec 2022 00:50:01 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 439857
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
246 B 292ms
116ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00002PIxPJAA1&gdpr=0
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://i.afly.pro
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fi.afly.pro%2F&domain=i.afly.pro&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=En64bnxRV2VBSFErOHhucmVVU0kvRGFza05nWjNRRnkwWTRSajNFRm5QdklscWJ0MTdCVGU4anRHTGhIYVB5NWRuc29vQkRERkhKREZlQ1NWbHJRNkhJZU84ZkV6bTJkQUlPajNQd044RWxvV2loRGo1T0pFOE42N0FFM1...

351 B
645 B

50ms
16ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=En64bnxRV2VBSFErOHhucmVVU0kvRGFza05nWjNRRnkwWTRSajNFRm5QdklscWJ0MTdCVGU4anRHTGhIYVB5NWRuc29vQkRERkhKREZlQ1NWbHJRNkhJZU84ZkV6bTJkQUlPajNQd044RWxvV2loRGo1T0pFOE42N0FFM1dBRzdIYWI5QWk0VnpvSmdUSzlDbHdVQ0xIMWRtUGVOT3RZNW5xbDdLVy82YldXbDZzbDB1dUdvZy8xbUFKNnNTeDVGdXhyOWd6b0c5RjY1UUxuQUIvUHVHbEFsR2pwRTY2TEt0K05hWVJzb3E1dnlONU93PXw&cppv=2

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

339eb68a8c04e56a059d96a509bb2b2eae40dc1e64887bf360dccbe9307cbe53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1277146
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=En64bnxRV2VBSFErOHhucmVVU0kvRGFza05nWjNRRnkwWTRSajNFRm5QdklscWJ0MTdCVGU4anRHTGhIYVB5NWRuc29vQkRERkhKREZlQ1NWbHJRNkhJZU84ZkV6bTJkQUlPajNQd044RWxvV2loRGo1T0pFOE42N0FFM1dBRzdIYWI5QWk0VnpvSmdUSzlDbHdVQ0xIMWRtUGVOT3RZNW5xbDdLVy82YldXbDZzbDB1dUdvZy8xbUFKNnNTeDVGdXhyOWd6b0c5RjY1UUxuQUIvUHVHbEFsR2pwRTY2TEt0K05hWVJzb3E1dnlONU93PXw&cppv=2
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 642400
content-length: 0
expires: 0

POST
H/1.1 200 prebid Show response
id5-sync.com/api/config/ 135 B
539 B 33ms
10ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ec2-107-20-117-210.compute-1.amazonaws.com

Software

Resource Hash

480613f771d4b2960ecbcbf9f0a8435d009d8f5fd10ab14bba1b1018762708e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 204 any Show response
idx.liadm.com/idex/prebid/ 0
308 B 340ms
107ms XHR
text/plain 107.20.117.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idx.liadm.com/idex/prebid/any?resolve=nonId

Requested by

Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

107.20.117.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-credentials: true
trace-id: 375aec3a557e4b7a
vary: Origin
request-time: 3

GET
H2 200 id Show response
id.crwdcntrl.net/ 43 B
313 B 55ms
46ms XHR
application/json 3.248.87.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.87.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-87-83.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache
x-server: 10.45.17.215
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
442 B 173ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_paw&pvsid=3525168356520184&vrg=2022120501&nw_id=21939239661%5C%2C22305556653%2C22181265%5C%2C22305556653&nslots=17&eid=31070873%2C31071221&pub_url=https%3A%2F%2Fi.afly.pro%2FLclT&sig=0&req=0&req_cnt=10&dm=8

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 950ms
949ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=3674250949563309&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=3&adks=1523605918&didk=404881636&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_cs%3Dcurrent%26hb_bd%3D1%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.08%26hb_adid%3D197c4f4f460c49c1%26hb_bidder%3Dappnexus%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802455&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=125&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1110x0&msz=1110x0&fws=0&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

293152635fa791b295466f3c400cf78c91d35f9047f315eed36ba24b829573d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10985
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 1046ms
1045ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=1061953325984184&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=4&adks=785132224&didk=3858777700&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_cs%3Dcurrent%26hb_bd%3D1%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.04%26hb_adid%3D19888c99fc9ee8bc%26hb_bidder%3Dappnexus%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802458&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=236&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1110x0&msz=1110x0&fws=0&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fc3268f6a9335d331a9466e2fe01915f6300219654f12fd5608ba4543cebd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12287
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
13 KB 443ms
442ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=264092647468433&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=5&adks=1707760928&didk=410203450&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_cs%3Dcurrent%26hb_bd%3D1%26hb_cache_path%3D%252Fpbc%252Fv1%252Fcache%26hb_cache_host%3Dprebid.ams3.adnxs-simple.com%26hb_adomain%3Dgi-de.com%26hb_format%3Dbanner%26hb_source%3Ds2s%26hb_size%3D300x250%26hb_pb%3D0.09%26hb_adid%3D193afc1f753f085e%26hb_bidder%3Dappnexus%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802460&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=950&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1090x0&msz=1090x0&fws=0&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aada13f383f0cba0deb5e0638d2f8d91cdc5406f3e1f4b690ee20f3064f351e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12850
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
13 KB 1919ms
1918ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=3099308806000672&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=6&adks=510315225&didk=2197107884&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_cs%3Dcurrent%26hb_bd%3D1%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.08%26hb_adid%3D200350db90eebde3%26hb_bidder%3Dappnexus%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802462&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=1104&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1090x0&msz=1090x0&fws=0&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b7b5125741c719d54ac99d760bc64c5817ec2e2992b46df921933debbbd66c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13151
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
11 KB 848ms
847ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=2599046939301348&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=7&adks=4222408376&didk=3576619187&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_cs%3Dcurrent%26hb_bd%3D1%26hb_cache_path%3D%252Fpbc%252Fv1%252Fcache%26hb_cache_host%3Dprebid.ams3.adnxs-simple.com%26hb_adomain%3Dhttps%253A%252F%252Fwww.milkandsons.com%26hb_format%3Dbanner%26hb_source%3Ds2s%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_adid%3D1955c5cd868e5134%26hb_bidder%3Dappnexus%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802464&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=1163&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1090x0&msz=1090x0&fws=0&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c77415f59b950d9d2e4fa344cc9c036d3419a2d29f9f984dba9b62ee94ecd45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11134
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
11 KB 638ms
637ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=3762498168278059&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=8&adks=3745352453&didk=2932927003&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_bd%3D0%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802467&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=1298&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1090x0&msz=1090x0&fws=0&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb22807847091b0ea6503ed46438a91ab27c2e6e5ab15709ef914c2f30a66113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11129
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 384ms
383ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=3600548684696180&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=9&adks=1814348294&didk=2818731921&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_cs%3Dcurrent%26hb_bd%3D1%26hb_cache_path%3D%252Fpbc%252Fv1%252Fcache%26hb_cache_host%3Dprebid.ams3.adnxs-simple.com%26hb_adomain%3Dhttps%253A%252F%252Fwww.milkandsons.com%26hb_format%3Dbanner%26hb_source%3Ds2s%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_adid%3D196a8ca1866f23ef%26hb_bidder%3Dappnexus%26anh%3Dfalse%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802470&lmt=1670719802&dlt=1670719801591&idt=195&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=0x0&msz=0x0&fws=128&ohw=0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27392f3e49298b577d09402d3d95980286a7e527f13791b6666a70a8bbf64579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11006
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
13 KB 1141ms
1140ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=1673083719908959&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=22181265%3A22305556653%2Cafl_300s_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=10&adks=1416071099&didk=3104936616&sfv=1-0-40&prev_scp=refresh_count%3D0%26amznbid%3D2%26amznp%3D2%26hb_bd%3D0%26anh%3Dtrue%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s&sc=1&cookie_enabled=1&abxe=1&dt=1670719802473&lmt=1670719802&dlt=1670719801591&idt=195&adxs=650&adys=616&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=334x-1&msz=334x-1&fws=516&ohw=1600&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f5708fb2c0cce8450ecd6493cec701549f9f4e8dea172260eb43e28198a6c6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12815
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 95D9 7 KB
1 KB 57ms
57ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2&k=6Lf2oGkUAAAAAPnWjjWViiU1xARFdo28x_ugoDrc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fe75fc3f32453d09dd2300f81ba62f8dbe94bacb0f9e10c4c293e513b29080cf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-m7PrywzKRjd1yQ0GUrwFiQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1114
content-security-policy: script-src 'report-sample' 'nonce-m7PrywzKRjd1yQ0GUrwFiQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 hb_307825_11595.js Show response
player.adtelligent.com/prebidlink/ex19337/ Frame 5FC9 272 KB
84 KB 106ms
14ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Requested by: Host: p.jcontentcdn.com
URL: https://p.jcontentcdn.com/prebidlink/y19337/hbw_master_307825_11595.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 208ff0c0151dc5bb986477f371be8a81a2ab7eb9df718c9071b4166340f72aca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

expires: Tue, 13 Dec 2022 00:50:02 GMT
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 02:28:31 GMT
server: nginx
etag: W/"63914bcf-44059"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ Frame 5FC9 135 B
408 B 129ms
25ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: p.jcontentcdn.com
URL: https://p.jcontentcdn.com/prebidlink/y19337/hbw_master_307825_11595.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5c6f327934b4ce78ed67858bbc3b1d80a8a5c0c1d9a3d7eb3218186f536920dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Server: Adtelligent
Content-Type: application/json
Access-Control-Allow-Origin: https://p.jcontentcdn.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 135

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ Frame 5FC9 43 B
434 B 43ms
43ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=307825&site_id=11595&full_page_url=https%3A%2F%2Fi.afly.pro&adid=infm2i.8v&features=16416&vpbv=N104&lifecycle_tte=338
Requested by: Host: p.jcontentcdn.com
URL: https://p.jcontentcdn.com/prebidlink/y19337/hbw_master_307825_11595.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Server: Adtelligent
Content-Type: image/gif
Access-Control-Allow-Origin: https://p.jcontentcdn.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 43

GET
H/1.1 400
Bad Request 8d39819b61aa03f45b0ece15913fb28c.gif Show response
sync.kiviads.com/ Frame 3436 20 B
197 B 506ms
174ms Document
text/plain 80.77.87.114
NATCOWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.kiviads.com/8d39819b61aa03f45b0ece15913fb28c.gif?puid=[UID]&redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D739302%26extuid%3D%5BUID%5D
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/19337/hbw_release_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 80.77.87.114 Clifton, United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: /
Resource Hash: c1e253200f916f76ff84eed9148f10f19670158475f152653d064f4c6127558d

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/plain
Date: Sun, 11 Dec 2022 00:50:02 GMT
Keep-Alive: timeout=5
Transfer-Encoding: chunked

GET 981e2a0ec1c40493e59b139b8db4f728.gif
cs.admanmedia.com/ Frame 2814 0
0

GET
H/1.1

200
OK

csync
sync.adtelligent.com/
Redirect Chain

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=ec35e14d-6c9a-4f84-9461-80bb32e7758f

0
404 B

282ms
145ms

Image
text/plain

62.149.1.122
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=ec35e14d-6c9a-4f84-9461-80bb32e7758f
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Server: 62.149.1.122 Vyshhorod, Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:01 GMT
Server: Adtelligent
Etag: 05f93899ba7b34ea
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=ec35e14d-6c9a-4f84-9461-80bb32e7758f
date: Sun, 11 Dec 2022 00:50:02 GMT
cache-control: no-store no-transform
server: nginx
content-length: 166
content-type: text/html; charset=utf-8

GET
H/1.1 204
No Content pixel
ap.lijit.com/ 0
277 B 131ms
33ms Image
text/plain 216.52.2.39
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 11 Dec 2022 00:50:02 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
397 B 36ms
36ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

cd0adddfdb51cce8cadbeaac323ed4fbb370c40b681b585b99b7f1589f53ea51

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 74 KB
23 KB 114ms
32ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:02 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 279117
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7NHFg6R6XHYjvLzkDKQO7L08I7%2FDy2dU0V2mpzeQLUBfz%2Be%2BgRQJpMMU5W6jtMiShyBxMRG0rAgAoVM2%2BM5RXwJVQmOvG2rj12grw%2BcMV1sDqY45Y2A%2FYiN7CkZVirxbumSDJgEPS0aCV%2BN"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 777a394e2d705bf1-FRA

POST
H/1.1 200 579.json Show response
id5-sync.com/g/v2/ 216 B
620 B 78ms
15ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/579.json

Requested by

Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

Resource Hash

f477a9fc7904a614a60138cc02e957c66b6791094ad510e8dbbdac9658e43636

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/ Frame 95D9 52 KB
24 KB 33ms
32ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2&k=6Lf2oGkUAAAAAPnWjjWViiU1xARFdo28x_ugoDrc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 03:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 249593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24262
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 01:21:32 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Dec 2023 03:30:09 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/ Frame 95D9 403 KB
161 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=pn3ro1xnhf4yB8qmnrhh9iD2&k=6Lf2oGkUAAAAAPnWjjWViiU1xARFdo28x_ugoDrc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d64e243770a7345b699907f77f5e6789584278786ffa215802150dab0ee1d7a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 19:20:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 164801
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 01:21:32 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 19:20:47 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 76ms
21ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 11 Dec 2022 00:50:01 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 242706
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3C79 6 KB
3 KB 29ms
12ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET

cookiesyncendpoint
servs.modoro360.com/ Frame 6967
Redirect Chain

https://csync.loopme.me/?pubid=11455&gdpr=1&gdpr_consent=&redirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D56%26auid%3D1670719802608-9...
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=56&auid=1670719802608-938354041707-007695-012-004366&key=7496e889-19a0-40e3-b483-5ea432934857&gdpr_consent=nul...

0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 740E 15 KB
6 KB 53ms
10ms Document
text/html 88.221.168.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D1%26auid%3D1670719802608-938354041707-007695-012-004366%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=72588
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sun, 11 Dec 2022 00:50:02 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Sun, 11 Dec 2022 20:59:50 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58543/ Frame 7FA9 0
0 67ms
12ms Document
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/9.1.10.25 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
date: Sun, 11 Dec 2022 00:50:02 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H2

200

cookiesyncendpoint Show response
servs.modoro360.com/ Frame 2A2E
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1581&r=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D22%26auid%3D1670719802608-938354041707-...
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1670719802608-938354041707-007695-012-004366&key=82609186-5397-473c-98e8-74fca7cd7644

0
37 B

370ms
114ms

Document
text/plain

34.192.116.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1670719802608-938354041707-007695-012-004366&key=82609186-5397-473c-98e8-74fca7cd7644
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.116.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-116-159.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sun, 11 Dec 2022 00:50:03 GMT

Redirect headers

access-control-allow-origin: *
content-length: 0
content-type: text/plain
date: Sun, 11 Dec 2022 00:50:02 GMT
location: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1670719802608-938354041707-007695-012-004366&key=82609186-5397-473c-98e8-74fca7cd7644
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

cookiesyncendpoint Show response
servs.modoro360.com/ Frame 8B3A
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D200%26au...
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1670719802608-938354041707-007695-012-004366&key=OPTOUT

0
200 B

352ms
113ms

Document
text/plain

34.192.116.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1670719802608-938354041707-007695-012-004366&key=OPTOUT
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.116.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-116-159.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sun, 11 Dec 2022 00:50:03 GMT

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html
date: Sun, 11 Dec 2022 00:50:02 GMT
etag: OPTOUT
expires: 0
location: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1670719802608-938354041707-007695-012-004366&key=OPTOUT
pragma: no-cache

GET
H2 204 services
sync.technoratimedia.com/ Frame DB2E 0
0 320ms
125ms Document
text/plain 150.136.25.38
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1670719802608-938354041707-007695-012-004366&cb=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D3%26auid%3D1670719802608-938354041707-007695-012-004366%26key%3D%5BUSER_ID%5D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.136.25.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://i.afly.pro/
age: 0
date: Sun, 11 Dec 2022 00:50:02 GMT
server: nginx
via: 1.1 varnish
x-varnish: 407904755

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 0C97 0
0 15ms
15ms Document
text/plain 216.52.2.39
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D18%26auid%3D1670719802608-938354041707-007695-012-004366%26key%3D%24UID
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Date: Sun, 11 Dec 2022 00:50:02 GMT
X-Sovrn-Pod: ad_ap7ams1

GET

cookiesyncendpoint
servs.modoro360.com/ Frame 02CD
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D10%26auid%3D1670719802...
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=10&auid=1670719802608-938354041707-007695-012-004366&key=luqK0ymDkFoa&ev=1&us_privacy=1---&pid=562704

0
0

GET
H2 400 sync Show response
t.adx.opera.com/pub/ Frame 1BF4 0
413 B 87ms
20ms Document
text/plain 82.145.213.8
NO-OPERA

General

Check archive.org

Show headers Download Go to

Full URL: https://t.adx.opera.com/pub/sync?pubid=d803647ecdd74c26863bfc1198f6567b&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1670719802608-938354041707-007695-012-004366%26biddername%3D128%26pid%3D59c9148628a0612da3689288%26key%3D%24%7BOPERA_UID%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 82.145.213.8 , Norway, ASN39832 (NO-OPERA, NO),
Reverse DNS: n-sysadmin-jumpbox-03.feednews.opera.technology
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods: POST, GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: nginx

GET
H2 204 /
onetag-sys.com/usync/ Frame 943C 0
0 10ms
9ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=57e618150c70d90&gdpr=1&gdpr_consent=&us_privacy=1---

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync Show response
vid.vidoomy.com/ Frame 7A2D 49 KB
18 KB 254ms
58ms Document
text/html 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.vidoomy.com/sync?gdpr=1&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D133%26auid%3D1670719802608-938354041707-007695-012-004366%26key%3D%7B%7BVID%7D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
date: Sun, 11 Dec 2022 00:50:02 GMT
etag: W/"61c991db-c5bc"
last-modified: Mon, 27 Dec 2021 10:13:47 GMT
server: CDN77-Turbo
x-77-cache: MISS
x-77-nzt: AcO1qhF6ZXmh
x-77-nzt-ray: 4c1562244042fc533a29956327348237
x-77-pop: frankfurtDE
x-accel-expires: @1671756602
x-cache: MISS

GET
H2 200 avpb7.12.0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 1121 174 KB
55 KB 9ms
9ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: cb03fcc9956e8131df0a0a936e702552d0be3539e1a2abbdb999d20a72de57f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsVIlp2Gkggej8KMiZqbk-IWSNqvUvpa_lA-eVkod4VJha8uvhdfOqnccyLl6qUkWbXXJB71z0t-5XSMwOvZhgURw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 55951
last-modified: Sun, 04 Dec 2022 11:44:22 GMT
server: UploadServer
etag: "311c348753cb3987619bfca54c2e12b3"
vary: Accept-Encoding
x-goog-generation: 1670154262795348
x-goog-hash: crc32c=u0N1Sg==, md5=MRw0h1PLOYdhm/ylTC4Ssw==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=600
x-goog-stored-content-length: 55951
accept-ranges: bytes
content-type: application/javascript
expires: Sun, 11 Dec 2022 01:00:02 GMT

GET
H2 200 avpb7.12.0a4.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 1121 64 KB
21 KB 16ms
15ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a4.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: c44be4b987d3b9a0394a04ecca2176548dee3a9282afd93aae45cfc3b03c82b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvs7j32Hjnh7QUb3bf1Rq2pEMANPdl0PKMaaHGMn5UUSa1Nygf2SEmSaQUOXxkwuxp7PH6m-lp6jyBj9EqhCP00Zk2Gipl9
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 21043
last-modified: Sun, 04 Dec 2022 11:44:23 GMT
server: UploadServer
etag: "de602b491255392639ea85e376689669"
vary: Accept-Encoding
x-goog-generation: 1670154262969432
x-goog-hash: crc32c=+2F/Gg==, md5=3mArSRJVOSY56oXjdmiWaQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=600
x-goog-stored-content-length: 21043
accept-ranges: bytes
content-type: application/javascript
expires: Sun, 11 Dec 2022 01:00:02 GMT

GET
H2 200 avpb7.12.0a6.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 1121 53 KB
17 KB 16ms
15ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a6.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 4d2d2f2900b4534d42501a7ba6a4d94f110c1c4d0dcfd5ff3da9d88c9382c0f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycds63MileT9cVzKqmR4yO2KX1tEpHoxIL-91jRGJg2ru35-7zC1KWJUzyMn1gsoRPoHoU632jm60Ak7IROw_Idj02g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 16350
last-modified: Sun, 04 Dec 2022 11:44:23 GMT
server: UploadServer
etag: "44ae0143a6eccaddfec5cb1ceb79da43"
vary: Accept-Encoding
x-goog-generation: 1670154262970558
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=73kp9A==, md5=RK4BQ6bsyt3+xcsc63naQw==
access-control-expose-headers: Content-Type
cache-control: public, max-age=600
x-goog-stored-content-length: 16350
accept-ranges: bytes
expires: Sun, 11 Dec 2022 01:00:02 GMT

GET
H2 200 sync
x.bidswitch.net/ 43 B
145 B 76ms
9ms Image
image/gif 52.58.96.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=&user_id=1670719802608-938354041707-007695-012-004366&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.96.67 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-96-67.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1670719802608-938354041707-007695-012-004366%26biddername%3D24%26pid%3D59c9148628a0612da3689288%26key%3D%24%7BBSW_UUID%7D
x.bidswitch.net/check_uuid/ 43 B
146 B 76ms
8ms Image
image/gif 52.58.96.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/check_uuid/https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1670719802608-938354041707-007695-012-004366%26biddername%3D24%26pid%3D59c9148628a0612da3689288%26key%3D%24%7BBSW_UUID%7D?gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.96.67 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-96-67.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK d300x250.html Show response
storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/Angler/ Frame 2F4F 493 B
842 B 25ms
24ms Document
text/html 145.239.139.16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/Angler/d300x250.html
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.139.16 , France, ASN16276 (OVH, FR),
Reverse DNS: ip16.ip-145-239-139.eu
Software: /
Resource Hash: ca830ba631f8617e72c2e327e34724158c8ee48d204f5bc0325a93f2edce8ecf

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 493
Content-Type: text/html
Date: Sun, 11 Dec 2022 00:50:02 GMT
Etag: ea2a3c0e700c363fcaaa41f823d4e63c
Last-Modified: Fri, 04 Jun 2021 09:36:53 GMT
X-Openstack-Request-Id: tx2f6231fcd7a149bb96e63-006395293a
X-Timestamp: 1622799412.88096
X-Trans-Id: tx2f6231fcd7a149bb96e63-006395293a

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/307824/ Frame 5FC9 2 KB
1 KB 8ms
8ms XHR
application/json 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/307824/config.json?cb=https%3A%2F%2Fi.afly.pro
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7d19701f0f99a1f6585dcd7bfb44b34c52823c6c12d259f89fccdf8773457e57

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

expires: Tue, 13 Dec 2022 00:50:02 GMT
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
last-modified: Fri, 09 Dec 2022 12:01:12 GMT
server: nginx
etag: W/"63932388-850"
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: max-age=172800
x-proxy-cache: HIT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 5FC9 0
179 B 22ms
21ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://p.jcontentcdn.com
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 5FC9 15 B
364 B 13ms
12ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 5FC9 1 KB
1 KB 346ms
314ms XHR
application/json 54.36.238.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.238.155 , France, ASN16276 (OVH, FR),
Reverse DNS: ip155.ip-54-36-238.eu
Software: /
Resource Hash: b23e341eb70c5ed8c622e07915e1b2b8299511a64b33af41b4140a8b4bc9cb34

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1193
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 5FC9 0
218 B 27ms
27ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.25.4&cb=67472350732

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://p.jcontentcdn.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 5FC9 0
409 B 57ms
57ms XHR
text/plain 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 30ms
30ms Preflight 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://p.jcontentcdn.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://p.jcontentcdn.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 29ms
28ms Preflight 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://p.jcontentcdn.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://p.jcontentcdn.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 5FC9 0
409 B 60ms
59ms XHR
text/plain 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 5FC9 0
218 B 26ms
26ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.25.4&cb=41564428745

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://p.jcontentcdn.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 5FC9 1 KB
1 KB 86ms
60ms XHR
application/json 54.36.238.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.238.155 , France, ASN16276 (OVH, FR),
Reverse DNS: ip155.ip-54-36-238.eu
Software: /
Resource Hash: 5ed0e659dbdfbc0be7c6e7fca0477493598d868fcae65415ca8b6e40fd807450

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1192
expires: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 5FC9 0
179 B 18ms
16ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://p.jcontentcdn.com
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 5FC9 15 B
364 B 10ms
9ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 5FC9 15 B
364 B 9ms
9ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 5FC9 0
179 B 16ms
16ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://p.jcontentcdn.com
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 5FC9 1 KB
1 KB 84ms
61ms XHR
application/json 54.36.238.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.238.155 , France, ASN16276 (OVH, FR),
Reverse DNS: ip155.ip-54-36-238.eu
Software: /
Resource Hash: cf1dd12832bac16240c760c4af00fbe86a263329dbecbafe6bbedc12852fa3c1

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1192
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 5FC9 0
218 B 27ms
27ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.25.4&cb=27437981724

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://p.jcontentcdn.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 740E 0
42 B 331ms
12ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=92402832&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D1%26auid%3D1670719802608-938354041707-007695-012-004366%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-length: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2F4F 80 KB
27 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: storage.de.cloud.ovh.net
URL: https://storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/Angler/d300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7eabd269d94046e76c744518aa01578a00047c238727208cded024567d7a0974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27544
x-xss-protection: 0
server: sffe
etag: "1418 / 316 of 1000 / last-modified: 1670587582"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 11 Dec 2022 00:50:02 GMT

GET
H2 204 / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
208 B 93ms
12ms XHR
text/plain 54.93.93.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=15013&adtype=video&auc=626e839376914242d640f6ed%7C6188f6fc4071e35134085f46%7C63690555af49f23bb214a994&w=420&h=236&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.98%20Safari%2F537.36&l=en&dt=1&pid=62133&requestId=206bcee4ac012b&schain=%5Bobject%20Object%5D&bidfloor=0&d=afly.pro&sp=https%253A%252F%252Fi.afly.pro%252FLclT&usp=&coppa=false&videoContext=instream
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.93.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-93-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
307 B 30ms
30ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0&cb=37935382415&lsavail=0

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://i.afly.pro
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H3 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2F4F 380 KB
129 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 21:35:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 10 Dec 2023 21:35:16 GMT

GET
H2 200 pubcid.min.js Show response
id.sharedid.org/lib/ 732 B
903 B 586ms
196ms Script
application/javascript 44.239.16.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.sharedid.org/lib/pubcid.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.16.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-16-115.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: public, max-age=86400
last-modified: Sat, 10 Dec 2022 11:01:26 GMT
accept-ranges: bytes
content-length: 732
vary: accept-encoding
content-type: application/javascript

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 26ms
25ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: BBBA0A3QDQ1HWH2T
age: 1430
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 777a394ffdbc8fef-FRA
x-amz-id-2: ifirG6OKyiUb0CDm3Pp6NFXSRsipT+RfZA795jySpk4Hznc40wDcE3MyvtCBhb4h+QHIekyQ8Ho=

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 97ms
42ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-9c1f"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 12 Dec 2022 00:50:02 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 32 KB
10 KB 15ms
15ms Script
text/javascript 13.225.78.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 66a8dfcc4572e000bf5b4351bae2a763b3357a65ed373ff27a7e7b38ec9486ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 06:29:59 GMT
content-encoding: gzip
via: 1.1 ff2bcb2d3b4a3d9e0615ddd1033c38c4.cloudfront.net (CloudFront)
last-modified: Mon, 21 Nov 2022 18:55:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 66003
x-amz-server-side-encryption: AES256
etag: W/"2c5f4a319c3d99310927955777b5abe3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: tEPvuMieg-83AyiaI4Grb1Z0RHtCS6q-D3UXJuIum5trRa6xxjMFkg==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 959 B
1 KB 61ms
9ms Script
application/javascript 2600:9000:2057:4c00:a:e047:752:5701
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:4c00:a:e047:752:5701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5fd8663b96c0916efbc46a80a2608bbf1a12cb81726c2655b49434b40041ed09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sat, 10 Dec 2022 03:22:22 GMT
Via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
Last-Modified: Mon, 05 Dec 2022 03:22:17 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA6-C1
Age: 77261
ETag: "ebc0b38d1fa3c656232b1058a1616e48"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 959
X-Amz-Cf-Id: g135QDQ8E7TBXnyec0UlLGXwm-9fA1MriHV4Pqlgt69ngrvroELLMA==

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2FD5 6 KB
3 KB 17ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
330 B 36ms
36ms XHR
application/json 3.248.87.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.87.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-87-83.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: eddb9e1503b95bc701c74977ce4005f2d003772f1b119dba041ec4b23aa3e682

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache
x-server: 10.45.28.207
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3AE6 624 B
919 B 53ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXOS3OtB8tP1K5jzdbckcldBNWzlRcujvCaeEIy06nhw6sx-vqmS-bYZC0lqwZGwge97hqAqlEYFZGvQnf4jukQinvAJn6ZcUYvbiWMwB4WGRiynwRP6sNBdGgZbDOaYtNg3b3gvo2hWBqQyPof75aO2-9Bi3CO_e2DlEFEKoCmIUjVdkkex95LzrNAO9p5sM_qHyKyTNOqPqkwk8t4Rnri98DxZA

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Sun, 11 Dec 2022 00:50:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2FD5 85 KB
35 KB 108ms
74ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B27Tmks-vSh2aYkGQQvHdtY8TDaMCHB2HYYokF3GkOsk7RnZpftEu4857w8r_MjUGusqj-Yt2gozRmSWjpH3TrJPYSopEomGuqlbXj0I3-WVEhxXIUlGzXschtwI_5FVKl8dhRkgwt1undUDHUUqe3bTU7Empm4REPre9UCPpe4x3VtRs&dbm_d=AKAmf-CNW0RayocVvfq0eYqIyFY_KH9Isb3eVE4HYpAz2GY7u1LFddpHpjD0bAED8vx4ZRNx1xhFbAM1eYMaFkXVgAcxyt9FcpwGyLwOvNg3Ch_NQADPER33ByIuYT3uqg4i-hC7OYuYh5kEGH6sG6kOymfz6GI0IvoOlBXzmYbw0iwGfUSHtYDXrKnNsPcgJTt2ih2DTvFNK532_3zymutvR-um8Cnx4kfTZ8bXHpHMgyM-MDRbo17bvI7oQNw30attC_bbiy-3Idw_GeGUG2TTAHbJWZmj9BX8RrGNVjvoP3tHcAlsoBhJt0ypReNqT_uOlJmTZ0e3aQKyYA95TlRFth5mBel5u1GxtScn_2152ESRRXGQaJCERDlzFAk1fScXx3qSmYTZiMNADLemOHan00DdOj7MSt0ShxUoHWRC2wZ5ow3YUwbK-u4sMBXYotXeH-A_r_p4VqAB4ZOp2W5mro1FgpMPcJ9pbQWJrg6wtgCkG6Kg7JEgC_isYjzkx5CmB8Bs-qzTs158IVoqnfYHrGYtp6JqNrZBz--6a410uHW8g7foNZJg2ilJ1ZIBadoolj3L9JitC7vXzYmOsA8wyh1g3E2BMg-1JTbAwds9C8gKGn8vduRTgPIYH9MHjBRX-CnKPLH1Y3Kw07PKsSYmUxV778gbKBBdTvlSgdb1JGRhYqtPTVTjbS-aOZxWukundhfah9qHjV3wxseFQY-d-qodlrCHRyI1cD08VsH6wQW1K4nNsyRSbh1_vuFdPk0lAH1jwtgFaH6akrvFC2P0Ap_6BrQ-le7e2vbdY9kGtbS-sBs6HyCEkv_hUkAf2hz1c0eVHqEKe4DkILVaUQp6FFcBAsZRACIOncaDhJgye8mXKS7IPfh67Gdvb6dY2EL0z9eQrcY9WWnNMmjFlhfppZzX1MC7uOfmef151-qxs4kruE-RRPu0eusEJbj1nHbLLitBnHIKGB-tMiLYzbvY6Ze667B_3c9vOsmAlxZ5y4fqWfca-93GBG1fOIhywSejU-_Srx32_VYZoatF3eTepTHfK8gd6aZWf76or67vEHsDaeE3ljBYccMxJw3WqVcdz7i0cHyuxmlS20iKBqGoAF9Wu_hVkUTFNyvD518DrUJhrWdQlRxaj0_P6Lq0GWOE6sfks_TU1dLSn93LhDTMtrDaakY0_KXg9yKP4BPeOtCmDvt_vBL_OcyuFXUHp5gt8WtWx5ztL_SB7Puy_y5OLduYqfXQ1yjHwRp_qeH2wN5UrROT1s9k4ydNl9GtGzzFbona7wE4bfMi9mkDVx1neB-XPxdFLbhWOad3rpBUZ5OEH-ZQw2gQVO6akQoFQCZsgex39CVkqJiBHvp81kLWxEsj_Vd84tmT9Uqx9H6ac86VJKj-8WCzWs2M_r26iUnv89sE_xloLD4S8YQDZveRpNgN0L-VuQL0Ss9GvWnGs4UXMdv4d3Sr2Zp_EGcFZwsEncVwPyYgwlVQ52PnIc41RfcNaogYZN-d1LucJ5bpt3XHhOr2sBfKcStFgqj9BaN1uOPH68C3Fe4SZ-g5VtAQV-SOv5LE7XPg--40FiVQHJRekI5ewpozoC4ZQn6xL7cDYvKLNEMuPwH3j1qxjalduaoOgRDg6hpWNxm1tPSNvmx7fs2yAucXr268XSha-Vu0aOHyjDPlRKNswjGafFlvwL67guVx9f5SukdGopyL_xDWc1aL1VCgWgfc9YogXAis-EcP1i8e0-3BoLfe57ITNjCg-QQa4tgEcolcvNWd_Py8R069QOnJGnp4f42TqATbqhuVhuunk9sJfoN6CZ_2Rr8dNkCREP74ISNDcWjvRcLxdRAU6Dm5O-TqBIDltaw_e_Pu-5a7NHFWwBHRmf_a9Avbr5ClTtxMTJu_Uq7mxj1-rkG48edKrgIOqHaj4dYrPGwv_vjYIC7AdrejUvmPgy-O1xJht9tw0edoQjiqPZEbue8lpY_n3NpWx9lmpyZX4OsRQgQSiQlc6vkZSDa5uJlW5fTEyVl3Rc90XSUXlk1V2OhTGrDQ4JRIYz7DdWvQw5XqK3q8WBDAs3l1-5q8g4POyexTQSewfPIYaX3N4L1tq5CzMnQdijkIAZswX7sTMO1EaxxzkA0BlUw1BJjRRruCsdhG8FM5zzN5llLen84BK_QLtQvVFc3Aul4k58vFtKh5-7RjJpEXELgqZTo8gWk3C9vSbK1J72lNB96a1R2egZnJYym1b96pPplHXNJODe1vop5DquRXvuU8C3AMAAmVzHfoq3OJYJ_MY_mxqi0FXK-hLR7nuxNR9l3I2Kg2P9tH2CiDyrS9E1JwNMBZBBttErW9nGDv2c-KoQ3W1xFErExrUXiocTlfrfbOKIzgMDTe4TQGqESOD5NCw_d-ZytJOSM4JIwL_fCw6bcxKcsj5SaVeE65PC4s0T8pcQtG-0cMdn74q9HnJOpc8QK_mVO40XKnFFEiZbZMjvna1RHWj-GORMpwlnu0j_mqleZmq6HO-Nqe5EUf1oLgPdpVEXAC39ZaheZek6gAXJXcUpvTJ36_Bp9p5bRRaP9Jn1vAQ7BtddbTgYIvFNdZkpto8QzRm8dSozDYh5VvZ_ECuaatL4qXHVnEN7sgarB1A0hAbwMEuwdO3SlIr3CAJPg-G_QUM9PKDWNwU-wmZ9b_zxT2zBeDUbPDYR0TmApc2aCs2X4nooJwU1S3k5axXLDtJ1skW0RwTXIKCviH-Ewr55Wj2DKfZuw3vCBoXMV30Zcy8TLkYE5RXUxIaaL5GJQ7-Wd8t2RhLYg9sRs7ERNnTXDtIXIEo3i67RbToHJ7Xn20FMBGWEiH8b0929ySa_UrGvNMYgQrX6TQSTrmABCcQ9x7HnZpij8D4mtieG9V8_ynZ-egZ6hPxkyp13aOqX5LsiXJGEh0XqT-OQ1ll6fD6wrpTMlWGRzVqlC8A6x3EizCbRRx7MMGXEMSBOZcZbiy6IyxURCKFOV60yYEIBmQfB19xvOIhJPeViPreXtsQd1V1vQV-Yor7NBI1-olDfggtc9RvJ4AJYvKZy1EWCYRFXoCgpd_LwdAwv5fCAdwmUdhL8ipXuRjWRuziv7QZJvUY1Qoa0Q6Nq9nJPj5EES0RPilDW7nvAzSdW_uTB2g2Z7Xq4TZiGH_nbNa0dCf4sIs2bfCE1DOLF39Qu2AEiyWP3uw8I8rrMkipBFeJmdtfX_KgzHSivlPZz7Jf2A58shcDULvx6OFwuN0zf0hB_MTzgWo2RMFlFvEds8cCzlpTuQdlo5MrO4yQZ81M4wS4x0EIoWldDXizPrX3_iGb_fof_KteAfo8sYdOfjjfR74_r7_oQ44oU5FLxgXXiFyD496vt17z81Z_H_0W7KZD4lSEp3Mhixlkm5RjA24UC_zJJe7eX6iIZ1JQU_Z-7WK4tICxlsR0fi7xOzpqnkDzlZHdSTuua9N8a8Pdr-W6UK8N0Pv629B_NG21c0wxDkH_yhuOzQrHJKhaTSjiuU3BC7fWak3EfbOreM_sX1eSXynxrzRwov9G_K72dGV9UFU4jC26na0odMZCw&cid=CAQSTADq26N9e9q81zBQ1sUuVd3Efe1z2ByA13ro5crUC63FfEPNzpNvhd62mxxlcjXz13PrHugGTYCCANPtAvCgZDZRrtRwqeZUd7Ywg2kYASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

184f1fcd16264492ae45974ca7f9ea39dc2023c83b2c78d0a10d45712455060d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35788
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FD5 42 B
63 B 60ms
42ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BPAQI2UmL-p2gVGD2Xlr6LbdsOOSujajmx3V-exo6kx_Ep6xgNkOoHavtdnjddCwmVjx048jg6bt0_CCxAj65oyKo50rChbWjKJMyrNj_-POAchm0

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 2FD5 3 KB
1 KB 73ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8536
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 2FD5 18 KB
8 KB 71ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39882
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2FD5 153 KB
47 KB 40ms
21ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:02 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 2FD5 23 KB
9 KB 72ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3560
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2F4F 107 B
122 B 20ms
20ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=storage.de.cloud.ovh.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2F4F 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=storage.de.cloud.ovh.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2F4F 561 B
323 B 163ms
162ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1988564500604290&correlator=1980158890980038&eid=31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=21939239661%2Capl%2Cangler%2Cang300x250&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&adks=609104156&sfv=1-0-40&sc=1&cdm=storage.de.cloud.ovh.net&abxe=1&dt=1670719802924&lmt=1622799413&dlt=1670719802820&idt=93&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&scr_x=-12245933&scr_y=-12245933&ucis=9jf8zyqsjkx&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=2&url=https%3A%2F%2Fstorage.de.cloud.ovh.net%2Fv1%2FAUTH_4b1b323ce19643f985895cf772add44b%2FAngler%2Fd300x250.html&ref=https%3A%2F%2Ff580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com%2F&top=https%3A%2F%2Ff580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com%2F&frm=8&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&ga_vid=491071690.1670719803&ga_sid=1670719803&ga_hid=2047823311&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee91b6e8b9a96e4858160ff3cd70e9bf0231ad04cb72cde9aa6152597edbf243

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 292
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://storage.de.cloud.ovh.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e588116e811a604ad39e3c713eb586e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B4D4 6 KB
3 KB 57ms
19ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e588116e811a604ad39e3c713eb586e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://storage.de.cloud.ovh.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022211060024000/ Frame 4F01 221 KB
61 KB 109ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:55 GMT
age: 347408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61620
x-xss-protection: 0
server: sffe
etag: "011de7b3056fa7b4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:55 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame 4F01 14 KB
5 KB 216ms
146ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:55 GMT
age: 347408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:55 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame 4F01 94 KB
28 KB 209ms
139ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:55 GMT
age: 347408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:55 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame 4F01 5 KB
2 KB 217ms
147ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:55 GMT
age: 347408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:55 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame 4F01 40 KB
13 KB 217ms
148ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:55 GMT
age: 347408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:55 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4F01 4 KB
621 B 42ms
18ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 00:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Dec 2022 23:04:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 00:50:02 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4F01 2 KB
3 KB 30ms
18ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:16:18 GMT
x-content-type-options: nosniff
server: cafe
age: 52424
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 11 Dec 2022 10:16:18 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4F01 295 B
424 B 29ms
18ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 53839
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 11 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4F01 0
0 65ms
64ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cgd9xOimVY8XqH6S79u8Pksi04AGj45m7a9qs7dKvEMCNtwEQASCG94YmYJWCgIC4B6AB3bzgkQHIAQmpApqSWYn5rrE-4AIAqAMByAMKqgSWAk_Q5Es4pFfYI_bRTNIPYQt75W0Py3mlHBAYFroX5xfd8rBC5KnVWJ-yGxroTC0uM20t8VBCRyuLVJxrEyVCm9svnOJBpfYcvAQlrTZ6liTkA02sG5nOVTqlB0bAmr2Kx74UQv7VFJ5w9aVrz8iXYVoZMCfuZb5ycZqL2Rhk8i_bmstttTH3Z58pIj752Hd2aXCL5JbQO0N1T_JKELrW2tr4c0MkKAkIA8mAUDr6znIHxbfICBS9csgmz6cJ56hIR14FwAtWSp0yPTK3uemddX1i13hEOxaoETsfvXv8Iuoq1PJ8tpJ8BiIkAJ97qAP8QvSg8eOVYs7YIxnwaHVt0RKsK42XoPbtT_IQzIyvew9SirBYPUA5wATg8Mn3kATgBAGSBQQIBBgBkgUECAUYBKAGLoAHi8Of7gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDToSvSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTCtAVAYAXAbIXHgocCAASFHB1Yi0xMDYyOTcyODYxNTUzMzAzGIHUHA&sigh=7a0WnqXTN7o&uach_m=[UACH]&cid=CAQSSwDq26N9cGDyEDwTAiNOUYyGvoCptNQVsmC_jjl3q1GeZnZfAwpYj9JPKmeQ_UVnnI5fbdBgd3y-uXByyAu-qaOONKMbjf8rtVtZzRgBIBM&template_id=5000
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
319 B 13ms
12ms XHR
text/plain 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14246566237385795826/ Frame 4F01 23 KB
23 KB 75ms
17ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14246566237385795826/downsize_200k_v1?w=400&h=209

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3da5be3c6a09cb2bbbcc6920c5cfcb7fc6d403570292d52b47f941a36a0f3ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 23:02:04 GMT
x-content-type-options: nosniff
age: 524879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23117
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 09:23:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 04 Dec 2023 23:02:04 GMT

GET
DATA 200
OK truncated
/ Frame 4F01 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4F01 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d506198dd33c0c57e51b7114ba5a0e3a271b7e2cf0a8a6d37a517869ac71c6c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3AE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDbg9ZPgsOzz0QF14UTnWfk&google_cver=1

43 B
766 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDbg9ZPgsOzz0QF14UTnWfk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXOS3OtB8tP1K5jzdbckcldBNWzlRcujvCaeEIy06nhw6sx-vqmS-bYZC0lqwZGwge97hqAqlEYFZGvQnf4jukQinvAJn6ZcUYvbiWMwB4WGRiynwRP6sNBdGgZbDOaYtNg3b3gvo2hWBqQyPof75aO2-9Bi3CO_e2DlEFEKoCmIUjVdkkex95LzrNAO9p5sM_qHyKyTNOqPqkwk8t4Rnri98DxZA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDbg9ZPgsOzz0QF14UTnWfk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3AE6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5UpO-L5rNPX8CzYsHyTVAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1

43 B
766 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXOS3OtB8tP1K5jzdbckcldBNWzlRcujvCaeEIy06nhw6sx-vqmS-bYZC0lqwZGwge97hqAqlEYFZGvQnf4jukQinvAJn6ZcUYvbiWMwB4WGRiynwRP6sNBdGgZbDOaYtNg3b3gvo2hWBqQyPof75aO2-9Bi3CO_e2DlEFEKoCmIUjVdkkex95LzrNAO9p5sM_qHyKyTNOqPqkwk8t4Rnri98DxZA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 3AE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPACzuuLj5AiFygXW9UQ5G0&google_cver=1

43 B
1010 B

8ms
7ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPACzuuLj5AiFygXW9UQ5G0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXOS3OtB8tP1K5jzdbckcldBNWzlRcujvCaeEIy06nhw6sx-vqmS-bYZC0lqwZGwge97hqAqlEYFZGvQnf4jukQinvAJn6ZcUYvbiWMwB4WGRiynwRP6sNBdGgZbDOaYtNg3b3gvo2hWBqQyPof75aO2-9Bi3CO_e2DlEFEKoCmIUjVdkkex95LzrNAO9p5sM_qHyKyTNOqPqkwk8t4Rnri98DxZA

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
AN-X-Request-Uuid: c3cef5f8-4d8d-4a87-945a-6e706ce08865
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPACzuuLj5AiFygXW9UQ5G0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 3AE6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU4ODk1MjIyMTI4MjI0MzEwOQ%3D%3D

170 B
243 B

24ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU4ODk1MjIyMTI4MjI0MzEwOQ%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
AN-X-Request-Uuid: f747e006-cd02-4029-83da-ea0c587e9e65
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU4ODk1MjIyMTI4MjI0MzEwOQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4F01 16 KB
16 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://i.afly.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 275978
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 20:10:25 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4F01 15 KB
15 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://i.afly.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 128110
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 13:14:53 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 5C21 15 KB
6 KB 26ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=i.afly.pro

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
server: Kestrel
server-processing-duration-in-ticks: 608786
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2F4F 14 KB
11 KB 56ms
24ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

077cd228066dc89b7103343b907ebc007ffea836f30ca766272e60ee4cdb1b45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11096
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 2FD5 170 KB
59 KB 284ms
8ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 2FD5 8 KB
3 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B27Tmks-vSh2aYkGQQvHdtY8TDaMCHB2HYYokF3GkOsk7RnZpftEu4857w8r_MjUGusqj-Yt2gozRmSWjpH3TrJPYSopEomGuqlbXj0I3-WVEhxXIUlGzXschtwI_5FVKl8dhRkgwt1undUDHUUqe3bTU7Empm4REPre9UCPpe4x3VtRs&dbm_d=AKAmf-CNW0RayocVvfq0eYqIyFY_KH9Isb3eVE4HYpAz2GY7u1LFddpHpjD0bAED8vx4ZRNx1xhFbAM1eYMaFkXVgAcxyt9FcpwGyLwOvNg3Ch_NQADPER33ByIuYT3uqg4i-hC7OYuYh5kEGH6sG6kOymfz6GI0IvoOlBXzmYbw0iwGfUSHtYDXrKnNsPcgJTt2ih2DTvFNK532_3zymutvR-um8Cnx4kfTZ8bXHpHMgyM-MDRbo17bvI7oQNw30attC_bbiy-3Idw_GeGUG2TTAHbJWZmj9BX8RrGNVjvoP3tHcAlsoBhJt0ypReNqT_uOlJmTZ0e3aQKyYA95TlRFth5mBel5u1GxtScn_2152ESRRXGQaJCERDlzFAk1fScXx3qSmYTZiMNADLemOHan00DdOj7MSt0ShxUoHWRC2wZ5ow3YUwbK-u4sMBXYotXeH-A_r_p4VqAB4ZOp2W5mro1FgpMPcJ9pbQWJrg6wtgCkG6Kg7JEgC_isYjzkx5CmB8Bs-qzTs158IVoqnfYHrGYtp6JqNrZBz--6a410uHW8g7foNZJg2ilJ1ZIBadoolj3L9JitC7vXzYmOsA8wyh1g3E2BMg-1JTbAwds9C8gKGn8vduRTgPIYH9MHjBRX-CnKPLH1Y3Kw07PKsSYmUxV778gbKBBdTvlSgdb1JGRhYqtPTVTjbS-aOZxWukundhfah9qHjV3wxseFQY-d-qodlrCHRyI1cD08VsH6wQW1K4nNsyRSbh1_vuFdPk0lAH1jwtgFaH6akrvFC2P0Ap_6BrQ-le7e2vbdY9kGtbS-sBs6HyCEkv_hUkAf2hz1c0eVHqEKe4DkILVaUQp6FFcBAsZRACIOncaDhJgye8mXKS7IPfh67Gdvb6dY2EL0z9eQrcY9WWnNMmjFlhfppZzX1MC7uOfmef151-qxs4kruE-RRPu0eusEJbj1nHbLLitBnHIKGB-tMiLYzbvY6Ze667B_3c9vOsmAlxZ5y4fqWfca-93GBG1fOIhywSejU-_Srx32_VYZoatF3eTepTHfK8gd6aZWf76or67vEHsDaeE3ljBYccMxJw3WqVcdz7i0cHyuxmlS20iKBqGoAF9Wu_hVkUTFNyvD518DrUJhrWdQlRxaj0_P6Lq0GWOE6sfks_TU1dLSn93LhDTMtrDaakY0_KXg9yKP4BPeOtCmDvt_vBL_OcyuFXUHp5gt8WtWx5ztL_SB7Puy_y5OLduYqfXQ1yjHwRp_qeH2wN5UrROT1s9k4ydNl9GtGzzFbona7wE4bfMi9mkDVx1neB-XPxdFLbhWOad3rpBUZ5OEH-ZQw2gQVO6akQoFQCZsgex39CVkqJiBHvp81kLWxEsj_Vd84tmT9Uqx9H6ac86VJKj-8WCzWs2M_r26iUnv89sE_xloLD4S8YQDZveRpNgN0L-VuQL0Ss9GvWnGs4UXMdv4d3Sr2Zp_EGcFZwsEncVwPyYgwlVQ52PnIc41RfcNaogYZN-d1LucJ5bpt3XHhOr2sBfKcStFgqj9BaN1uOPH68C3Fe4SZ-g5VtAQV-SOv5LE7XPg--40FiVQHJRekI5ewpozoC4ZQn6xL7cDYvKLNEMuPwH3j1qxjalduaoOgRDg6hpWNxm1tPSNvmx7fs2yAucXr268XSha-Vu0aOHyjDPlRKNswjGafFlvwL67guVx9f5SukdGopyL_xDWc1aL1VCgWgfc9YogXAis-EcP1i8e0-3BoLfe57ITNjCg-QQa4tgEcolcvNWd_Py8R069QOnJGnp4f42TqATbqhuVhuunk9sJfoN6CZ_2Rr8dNkCREP74ISNDcWjvRcLxdRAU6Dm5O-TqBIDltaw_e_Pu-5a7NHFWwBHRmf_a9Avbr5ClTtxMTJu_Uq7mxj1-rkG48edKrgIOqHaj4dYrPGwv_vjYIC7AdrejUvmPgy-O1xJht9tw0edoQjiqPZEbue8lpY_n3NpWx9lmpyZX4OsRQgQSiQlc6vkZSDa5uJlW5fTEyVl3Rc90XSUXlk1V2OhTGrDQ4JRIYz7DdWvQw5XqK3q8WBDAs3l1-5q8g4POyexTQSewfPIYaX3N4L1tq5CzMnQdijkIAZswX7sTMO1EaxxzkA0BlUw1BJjRRruCsdhG8FM5zzN5llLen84BK_QLtQvVFc3Aul4k58vFtKh5-7RjJpEXELgqZTo8gWk3C9vSbK1J72lNB96a1R2egZnJYym1b96pPplHXNJODe1vop5DquRXvuU8C3AMAAmVzHfoq3OJYJ_MY_mxqi0FXK-hLR7nuxNR9l3I2Kg2P9tH2CiDyrS9E1JwNMBZBBttErW9nGDv2c-KoQ3W1xFErExrUXiocTlfrfbOKIzgMDTe4TQGqESOD5NCw_d-ZytJOSM4JIwL_fCw6bcxKcsj5SaVeE65PC4s0T8pcQtG-0cMdn74q9HnJOpc8QK_mVO40XKnFFEiZbZMjvna1RHWj-GORMpwlnu0j_mqleZmq6HO-Nqe5EUf1oLgPdpVEXAC39ZaheZek6gAXJXcUpvTJ36_Bp9p5bRRaP9Jn1vAQ7BtddbTgYIvFNdZkpto8QzRm8dSozDYh5VvZ_ECuaatL4qXHVnEN7sgarB1A0hAbwMEuwdO3SlIr3CAJPg-G_QUM9PKDWNwU-wmZ9b_zxT2zBeDUbPDYR0TmApc2aCs2X4nooJwU1S3k5axXLDtJ1skW0RwTXIKCviH-Ewr55Wj2DKfZuw3vCBoXMV30Zcy8TLkYE5RXUxIaaL5GJQ7-Wd8t2RhLYg9sRs7ERNnTXDtIXIEo3i67RbToHJ7Xn20FMBGWEiH8b0929ySa_UrGvNMYgQrX6TQSTrmABCcQ9x7HnZpij8D4mtieG9V8_ynZ-egZ6hPxkyp13aOqX5LsiXJGEh0XqT-OQ1ll6fD6wrpTMlWGRzVqlC8A6x3EizCbRRx7MMGXEMSBOZcZbiy6IyxURCKFOV60yYEIBmQfB19xvOIhJPeViPreXtsQd1V1vQV-Yor7NBI1-olDfggtc9RvJ4AJYvKZy1EWCYRFXoCgpd_LwdAwv5fCAdwmUdhL8ipXuRjWRuziv7QZJvUY1Qoa0Q6Nq9nJPj5EES0RPilDW7nvAzSdW_uTB2g2Z7Xq4TZiGH_nbNa0dCf4sIs2bfCE1DOLF39Qu2AEiyWP3uw8I8rrMkipBFeJmdtfX_KgzHSivlPZz7Jf2A58shcDULvx6OFwuN0zf0hB_MTzgWo2RMFlFvEds8cCzlpTuQdlo5MrO4yQZ81M4wS4x0EIoWldDXizPrX3_iGb_fof_KteAfo8sYdOfjjfR74_r7_oQ44oU5FLxgXXiFyD496vt17z81Z_H_0W7KZD4lSEp3Mhixlkm5RjA24UC_zJJe7eX6iIZ1JQU_Z-7WK4tICxlsR0fi7xOzpqnkDzlZHdSTuua9N8a8Pdr-W6UK8N0Pv629B_NG21c0wxDkH_yhuOzQrHJKhaTSjiuU3BC7fWak3EfbOreM_sX1eSXynxrzRwov9G_K72dGV9UFU4jC26na0odMZCw&cid=CAQSTADq26N9e9q81zBQ1sUuVd3Efe1z2ByA13ro5crUC63FfEPNzpNvhd62mxxlcjXz13PrHugGTYCCANPtAvCgZDZRrtRwqeZUd7Ywg2kYASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 2FD5 30 KB
11 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 5C21
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=afly.pro&sn=ChromeSyncframe&so=3&topUrl=i.afly.pro&bundle=Ylb8y19kJTJCZ1d3NTNMdVhSYVpnbGJwZzNFZ1BVdTA0SjhqNThwYWF1UzJFQzQ5UjlaMWtuNlJIS...
https://mug.criteo.com/sid?cpp=QEW6anxuR0hLMTFaVHhWa1pBdUY3UEc1QnNvNWY0d1dpK3JsTmQ1VUhOMS9nYnFXTUZhT2w0bGRzc0V4OHo0RWtaaEVVbWVwKzJpb3ZieU5qZjJjVkZRWjEybXdETTBFSGNBU2U4Wng5NkZwa1ROcVd2b3Z1REc1Mk9ySE...

433 B
657 B

17ms
17ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=QEW6anxuR0hLMTFaVHhWa1pBdUY3UEc1QnNvNWY0d1dpK3JsTmQ1VUhOMS9nYnFXTUZhT2w0bGRzc0V4OHo0RWtaaEVVbWVwKzJpb3ZieU5qZjJjVkZRWjEybXdETTBFSGNBU2U4Wng5NkZwa1ROcVd2b3Z1REc1Mk9ySEJJbDY1YWx2RXlSeU5HRHVaUklXKytoUXozcUJjTm5oZVRiWk11NTJTeThiS290L1NVZGRMeUREWmQvUDRkZ2NwNUV5Nzd3ZHM5TDVVSUdWQm93WHYzbVZHb3ZrM1poTE1MczZHWnRvaEs4dU5DWkVnWEwzejZCWTZDTnZDRzdYNVFXMFArZWd5OHk0U2w3REY3d3JreVdsYkgrT1lzQT09fA&cppv=2

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

728457b8d66c411a122be914a7168ca69719776737189b931ffded49c9d810a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1575972
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=QEW6anxuR0hLMTFaVHhWa1pBdUY3UEc1QnNvNWY0d1dpK3JsTmQ1VUhOMS9nYnFXTUZhT2w0bGRzc0V4OHo0RWtaaEVVbWVwKzJpb3ZieU5qZjJjVkZRWjEybXdETTBFSGNBU2U4Wng5NkZwa1ROcVd2b3Z1REc1Mk9ySEJJbDY1YWx2RXlSeU5HRHVaUklXKytoUXozcUJjTm5oZVRiWk11NTJTeThiS290L1NVZGRMeUREWmQvUDRkZ2NwNUV5Nzd3ZHM5TDVVSUdWQm93WHYzbVZHb3ZrM1poTE1MczZHWnRvaEs4dU5DWkVnWEwzejZCWTZDTnZDRzdYNVFXMFArZWd5OHk0U2w3REY3d3JreVdsYkgrT1lzQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 721544
content-length: 0
expires: 0

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 52ED 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2F4F 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2FD5 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465452
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4324 6 KB
3 KB 9ms
9ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 73C3 624 B
245 B 42ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNVHy1rSeNiwbe5xZWMyRMQiNSzwVrbfBh0JN0Sim9rOZjA4ghxOQ2QoLG6N7ho2Da3r0VwntLKhWdeKiqCCylQk4KSUgbYrzIUkEzPKo14XNXCZ_7cHRHV0qesKAIIpxBqXILR6JgCyAtRT_6NwxYrljJowA-3RSS51MrUWY_qKsP8iXkqxuP44WvxFMXCpfr1mDQDZmXpP_Osa4WbHcsOMP6CcWQ

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Sun, 11 Dec 2022 00:50:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 52ED 93 KB
35 KB 72ms
50ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DiblyOq3rgST30Kkok57Je3J59hRzgRGgVivsYG39apemK-wQZKnFpvyQe7d5pCCcJ3HJqr2HpW1qPiMSgu5RK_z2ufHk_GIR0U0aTVulSKHvGJmbtZGdYwyD_8FQg56gpRxhHgnNCR2GjZTB5j_J5tWGMzvbBKe5o9XiH-JgSZYI8pQQ&dbm_d=AKAmf-D1tnDw4UzpZeWJMCQ3IhNjAXf3aaj9vZ5SgiBpojEGBXw4b9HnAtGM25izM6GwOuyfrRKAZ8yVKZ9Y2D5OWYdethc9pUPNjVZn9Ubz_q-hHjn3_LaRuKZ3sPkw3oMKckIIK9qHl_8vCz8J3t8JzOnq1edWlxNp-z1GzXHl0GHZEX22IKeKyHKPGHnccmOfE6iCeZ7f6hXwl8mPqXDAK_o65xp-NahBHTWewSIALyxvLtc3Ui7T21-6zsgZ1mKAaEjP7_lh1-bR3R0WAk8h1KYMZvm-q4iy9vfC2g6ZeQYP7cyAyL_ATwHDeBvGkVswJMt2IL_6xEPyC9lkDeiEiDXTLHqtzI8onBefZofwCxJMi9vHBbtg3dDT4timYdZrWuNV-BmJcT-sjq-ay8BUtPmrVZfEg79k65hSoT-8_Qh-qKjva9qJsZx5BVShrMc7QDq6vX0CbOvvvAO5ZOFakRLWIW47a0M3CZGKWKb5tFDoMpy8mEV-w_bRu-Ww0YStYwKqEeZs019OJVlTu5a061dyhJpkRe6ThUPcKm-vUvWexJq6-Zqto__xwdsc6CuxWB3OSRV-zYl5ZDgsFnumn3-kkXnmMfUTsDtQJv9bv3FQQkaUKmRDCxJlj36jIx_EcKIfjcABV-vpZWGUaGqyLISdQ_3QcQ6-la0_09xP3QsOAzX54FSLATXnyWIp4OcrPE63bvjYP5H7bCuJJgdqt-nX9R1fQ0HD1p5Wf3prJEm4JV2R7KMOsgy3Zdax2fkMpmRygBq7t2Ay6KfaU3aeZ3E28DjfcXScEKwylJ846ZUeJmde_sbhkDJ-2FKuaIf7yljvyf6roJ0EzD1TzznxbqPYaSaE_O7EJ0Z7Vu8jFEjYah-qePyXEVt-3weLVX8ybGrlBdSvcxpyOJkpcoQVrp9W8SXyXXYOVmAmW0ZRKgmg_P0X_j1yRrQyHwyCBLX_Xbela0XOuaODe6zfWjLUNoNula8ufmldlVLo7wGDOpnyeGahA7L2lBZG6VJgUx3F5dl42qywMbptEujai5xQiwlfyQtN9X1EWyrOH6iQchopzXcKMvjy3KFY7m4g-IuYwQGtWjb8Wau6a1YWHygOIywb5ExbeKnpcdJ3Zr4LNlF4u9Itql9v-bhu_xbtNIrvIorifAz_MO0guiFDfIK7F2ShOCnWR71A9LPl8Lk5kdVy00ajKWG-kzJHJ33_3m4vN0DUSz_iHLRm0H1h-V7T9lRmWtT04Iq_zUZK4jcFnXM8wTaghXv0ftxsI8fdCwdpTb8wJKzFodxOd9ZcyT9qNizpMlstEoDD8HoTsaY1uDhJdc7_GLinTWkewG770iSQfIHae5mxCl6gMBGN6wTu1lw6EVvHzofxaV0MBpCkdNAz60fSV7y-QQ8D2Ja3WPpNhxv89Bv_FOM7Dal75EcYJNSoyHBNNLgHuCinFl9lBe5rVZm96GgBaC6Pr6j4GGDZErMfkEtviWdNZEpMoz4rmqlxybh8z_zMHoPxwdktQ4YAe-6SlpbYsAKqug9rzpUTV1gRtqtOuj6OEzSw5K0C8CSrnmGySHF5otvg3W-Y-L2bP3gPYTkhjLU8xwbx90QbOpwNaLvifJPVH0Hs18qVy_gCmq2D4EmMGCb_tLm4vXzzMH0iBSxXyGd1FH9woiMHsVgXQ8rsi3WZzGsQ4t2FQdS9oRH80p5nmUZfQeTZiaEQuXAxFn07TjSGkJ9HPCegQR-FnG8jn_kF9VZ2IxzH__qQaIhIvHEo7t5InkcO9-lcMii8QIFZ-yfH59JS5S-DkUG1-q_slIcuncjZOaZbxx1wX1rWIRBUbrq07iPHe6AidkBN_Y6wo16HDEANYwuPpKMZwdP_B5JyITCY5rz6Ml9yB5u8MIs90diRGKft_bwHcQU02jOxhv_7B4Rquy_SEJ45mB0l7WefyZZqMxbB_x6lKHDiMkA4DAelWBK3T9maFXcuvfgFP8DPHVNbsJCXzoZKBtIywXn3RLBmFWgQCXEw2WwxQBBMJVz06jm8fK0vhW49lIRvao6tEwifw5hTlbxUfCNvjAFfYcmjYPqnZKsPZ1Zsfv7NJW3nzRPavXv4Pm4eDXqohpQlgscexOB2A3O6ox1AZjAMQ0AOwaQDmuKJpz9Wiz3p1qCdeAXgBvgJAIscb1MtHfr4lY0Qwx7RkieVmnkaXwIpOfkLn1FkjeF0ywV-d2XAYDEySFKT0RBwe65wskX8b--OSICno-dADXIh7fRBCJ9sM-VH2pqPAG0SnPZodyVVaHjR1ozV11kkPzfUovCU6pt9U4LR8mL8BThy01mgi4C7dGmppaxTDzawcIbe1ghhL47RR0w8NZlhYCBEhu4TfXsAgqInUa2rnWrIsn0im4nYzbDIJym5zbJth6nYXlKfHf0XkBTyTl9gZzYEoOFVBHbDioxb4IkTEEN99Iom1K5NvU4tCGOM9V13a2XtywYaU5fj7ETZJewDCKXr52seTx7PgPUxGvtsaOFv_tkLcXUzpvU3KsdrPOTDmCcZUAus18jxiowIRX9KR32zdDfunFOFi5JOFjMjL_Pzi5b-_6AaxZWdnIy8WHhkw2WOFh2jz6ptVMA05BQyjZN12f8vT0rniM0Fm3wWwnN7ef-GzzEYG9YchN-6WE54hpaOIEmK70XHvJOiE4I7uAdypQZnw48XTX_2IZAm9J9y4wIFySnp71XfH3C19eA-k_jLrqJvM-zY9-StIxHFvbKL-etUDE8yhyZKRp-ZnVGkfqfkvyQPq6VBhZLO8_iPijxx7_hd7lSdNQQyauLAHkapAuAyhEn_PVrD3rOkBe-poF0qdXs04OWKMR6oysziVCKcj3aC8_GQleTqFRhYomulbu7jInruXIpoOzZCNuR-DnZobKnNhyB6Sds10TZEXwqc5wtgHBFrju-7-gfDKR4lO9CR-nm1yg2p3k8hbO1J3PFnu38DFvJeXbBo9L8NfT5ZOB5G_BTqWsXOCY9FWsVrR4GErfO4Nem97tLLAZA9-cpmurndWIUpEO3jdIvjZ7ENJgal7z7DX1kerEmnc674WP9VUQiCqGpD9hJ7I0H14uth6Ra8E0G4pz0SWN3cBA0HOcWYGd5vwEPxdOgAEqgbLkEtqaNX1VJHkPrjpFXE237UUaeSNupKATJTHCZ6rvlKW2jNjSiQvtuPDRV4nPzD2Xu4lqrqFWryb2Pw7jBCOZS0DxmhRp2vv16Zq3LULNHEBQJF6n9baf1sFIyLW4Ow0Qv9iaB7MWRqxdW_I8nuQICRlJIIQmFrwExx96td6nHIOagn3z_5KuQ1Cr28qzOfi7f9RFy-6KLi-hL5bv29JnuNaWFmIJid6skjasNC5_z4lrlpec3X4F6R5sume0Ackg3S96iTDlJvBAssiigLkRZhhkTxz_ynisERjg3CEiVRSze5Y1xMe2Ytebr_Hz6yZkomGMoMyFnkgom7OKgunjtTAbLa1uM8mGpKSMI22GtX8diKvWp-GikAUGIWEDuLfKoOFdDFpw6bnit8A6huzi4GHMSxzqy0hFaMJogQ-9iYNc0WWasBPBNKDlCDrnjidnpZ7Me5ZSSdKs_dz0tDFcZTsES1BmXR4Ktsmd2aJfPTl5c9jNbYlIckCSY8c05cfCKEylsDu128J1cMer_zK0DbVJepeA1Iokwpl7JDMStbJ0SJ1I2QfUU4cWT9XnOikrqo-jXZ2iXVhN0_62q-fVIg&cid=CAQSTADq26N97d0EsZlf0S7Lseo78DTliXUzg9ACBgvVVee27s9wCEAN2tjhf9itFEy1Ns3zQced51FzzLTZQQVyAm1Mg7nmxPEtrzXJltwYASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fec404a196364712892f9aa8d277cb6425e70e2040cbd8e0de0e6e8a2777d130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35866
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 52ED 42 B
63 B 47ms
46ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ASWyNTQ2H-gMrocgUON___90huft3vJMxCnO6evzJvsB4wTTUsDDAM7b9H9gjca5yoG_yy6x5tc-FgPHUdNzC5a3eDZfyWuQYlmnqYL1v8L3UCTws

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 52ED 3 KB
1 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 52ED 18 KB
7 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39883
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 52ED 153 KB
47 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 52ED 23 KB
9 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C960 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://storage.de.cloud.ovh.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 8450
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 22:29:13 GMT
expires: Sun, 10 Dec 2023 22:29:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 601C 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fc401a3c570945d0e86f900159ad55fc2ae8ceffb8c15cf08d04338a90472a35

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OkswenJCsspHw70RV6UWMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://storage.de.cloud.ovh.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-OkswenJCsspHw70RV6UWMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Sun, 11 Dec 2022 00:50:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=i.afly.pro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=i.afly.pro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
20 KB 803ms
802ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3525168356520184&correlator=1081353490058784&eid=31070873%2C31071221&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=21939239661%3A22305556653%2Capl%2Caplmcm%2Ccube%2Ccube3%2Csticky&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F4%2C%2F0%2F1%2F2%2F5&prev_iu_szs=300x250%7C336x280%2C300x250%7C336x280%2C970x90%7C728x90%7C320x50%7C320x100&ifi=11&adks=2193279578%2C3563140142%2C3042515390&didk=2675907389~2675907387~1959687422&sfv=1-0-40&prev_scp=hb_rfBid%3D0%26is_vmhbmp%3Dtrue%26hb_override_id%3D3424951%26hb_buyer_id%3D18171%26hb_div_id%3Ddiv-gpt-ad-8176806-1%26hb_r_id%3D1158487c3be95815%26hb_site_id%3D10647%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.66%26hb_adid%3D153e3f267f220188%26hb_bidder%3Dprojectagora%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26is_vmhbmp%3Dtrue%26hb_override_id%3D3424951%26hb_buyer_id%3D18171%26hb_div_id%3Ddiv-gpt-ad-8176806-3%26hb_r_id%3D12408ff0f24ac885%26hb_site_id%3D10647%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.66%26hb_adid%3D155623acca221a07%26hb_bidder%3Dprojectagora%26excl_cat%3DPREPOST%7Ctest%3Drefresh%26hb_rfBid%3D0%26is_vmhbmp%3Dtrue%26hb_override_id%3D3417618%26hb_buyer_id%3D18146%26hb_div_id%3Dstick%26hb_r_id%3D630f3a79b146e3d%26hb_site_id%3D10647%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.39%26hb_adid%3D152dd96fd8da9e52%26hb_bidder%3Dsovrn%26excl_cat%3DPREPOST&eri=1&cust_params=wvr%3D3%26wie%3Dtop%26cndl%3D10%26cnrtt%3D0%26cntp%3Dna%26cnet%3D4g%26cnsd%3Dfalse%26wrc%3Dnf%26gpt_l%3D400%26wrap_l%3D800%26ccp%3Dunknown%26sesdepth%3D1%26page_r%3D200%26padpr%3D23%26idl_envtest%3Dna%26lipbtest%3Dna%26lotamePanoramaIdtest%3Dna%26id5idtest%3Dna%2633acrossIdtest%3Dna%26uids%3Dpubcid%26uids_c%3D1%26waai%3D200%26waae%3D500%26pbglobal%3Daaw%26tif%3Dtrue%26lui%3D0s%26hbmp_loc%3Dhttps%253A%252F%252Fi.afly.pro%252FLclT&sc=1&cookie=ID%3D587a8c858e3de047%3AT%3D1670719802%3AS%3DALNI_MZ68AVVtsxBZuRXRnwpV2HWWgRXJQ&gpic=UID%3D00000b90b3d080c8%3AT%3D1670719802%3ART%3D1670719802%3AS%3DALNI_MaUC36kZjks1FOMmaGFx18K64z6fw&abxe=1&dt=1670719803263&lmt=1670719803&dlt=1670719801591&idt=195&adxs=650%2C650%2C315&adys=1857%2C484%2C1150&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2%7C0%7C0&ucis=b%7Cc%7Cd&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fi.afly.pro%2FLclT&frm=20&vis=1&psz=1090x0%7C1110x0%7C970x-1&msz=1090x0%7C1110x0%7C970x-1&fws=0%2C0%2C512&ohw=0%2C0%2C0&ga_vid=408766954.1670719802&ga_sid=1670719802&ga_hid=912635791&ga_fc=true&a3p=EhkKCnVpZGFwaS5jb20Y9puk9c8wSABSAghkEhsKDGlkNS1zeW5jLmNvbRiZnaT1zzBIAFICCGoSHAoNY3J3ZGNudHJsLm5ldBj2m6T1zzBIAFICCGQSGQoKcHViY2lkLm9yZxj2m6T1zzBIAFICCGQS0AEKDmVzcC5jcml0ZW8uY29tErQBWWxiOHkxOWtKVEpDWjFkM05UTk1kVmhTWVZwbmJHSndaek5GWjFCVmRUQTBTamhxTlRod1lXRjFVekpGUXpRNVVqbGFNV3R1TmxKSVNWbHRRbEEzYW1JNGNHMDBlWGgyTkVneVVHWlVlSEV3Vmtaa1FrODBZMkZ0Ym14SWQyVjFSRXgyWjA4eGQzVkxhRlJXVG5abGIyTmtNa3BtVkU1RFZtVjFSSFpUUldSNlNHTnphR3BJGL-dpPXPMEgA

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bade2aed3e1c80f48cef367a7398ac442156f0278ce4b54b8bea68bde9446beb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20693
x-xss-protection: 0
google-lineitem-id: 5524741651,5524741651,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138329045674,138329045683,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 02E8 22 KB
8 KB 10ms
9ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465439
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 10B2 640 B
262 B 19ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY_dTjwAEwAQ&v=APEucNW_oIKNBCcCMbAFNr9MTYVyyTTrZK7LniqNr7mOIml2DdCQhDG_1_q9n44k0sB_t3dZnbMHTPdFoMfn8H3w0y4UIwSbZobVHAuNYYElsoVCjjBqV9HVWi-5Xfhzyz9dGOA7LRHuaNdV6gxz5v0YdqEXzF-VDmfnQBr6FJmo9TdPMq7rDww

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C785 85 KB
35 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AUhQ9wM0p3xyJXnaeOFc_8XzPBBdoWLgfkkruW7pWtzQr3znJMXKw1oGLJQ9iYOTaTcctJ6fFSGNYWN1p_WnT92SXwG4ifV8b1bKtKqw3cwL_RzwgxwR3jpDWsLhbICNDe_bTKtDD1r5HnwiEEa0AlQk55XCe4wXNSul32BpYzjNRIsFg&dbm_d=AKAmf-Cj8KZ6pO-mfBq0kS74LAH2a-FZMY260aX0CZ-oNvZ83E4n6O_DAraegit1dlEZLmk4MrymVWpJOBUb1RLfc7rrhwM1ZoW7cce2SI3xo4pC_KEREbUkXVHwHyDGn7SBn8PddVIhD-U6mZcZGuwhfCsFeHgyoQ2dzc0qV1ECzzNPHGb8Q0v0HlcgBsAHxgTR17KDhN25gUKqqVR8uZgKO82ooImjOWpf77bBvWgwlz4K8kSA71bkj4hzJj54pIKNpXbf8Tc33r7bSIT9y5UEBQTyRiMMz5riXSQmKeWWoWMouV-qAXAdFh2OB79L3ZQJOhnMNlmGJVg3fEbScvnvFpYzmNEJN4kM58A2gaRV7U94u3wGPW_1VKwmD5fyUEjELuFXe0x9DnKPtsxvO1WttKd4gPDuosKiPiKgd11BnQ03jAI1b92cliP4_-1yXc0bC68IxqiEyYQGoRUA8a04OMxjYAEZoyekB6HaMhLLjWetIKPC9cV5Ju6FYdVetyrbU1xium-HbBy7QsVDoRQg57F205StuYf5cTVv0CEWsOYmq7EkFy8iYHX18zNz-qdHjhAm4d2Yzs5AgIOecFFvDfiHqIy5nDaHwekAkme86Je69xgOsHUV4IilleaNofEFBrA92OJDR86RC3e0w6hJVefp2aPXpnoObIyuPbMBy8slywsGUUFOdoWQpf7ZTcpoWWToVj2I8Xqg-v-ud96R8Hkd-UIfZRbCqk7lsrwQRvkliYcGOFSl1mDTBT_fYqdpzdwZWyQU1B6oxBHraJ1_JUg4sa_FtkEoZi2djTIsyHYO7I59rsWMwjbzA2EeZA8iQyaRm8RMJmOin-mUiy24sPiqU7KD90FCv0GeJP-1ks8nO-MXwEhgPFDTG7q2OyS3Tl-RlpCcw86H7fMlawZFL8qCOxMwX5JJj01WKqKL7uIaykRJgpI5HvjO6-XVTGi_4_JJwbmcVvAV92lYpmY_hCMS5-QG5ng1EdhJw1Dwhx3hcIIZlstzk1ak2OmpMSKTG6HKEL3l6AB8v2FK6Q4XkmsZqTGLUZQnS6h8TalTGUeZTLK3ACGG4jJMJWy6mLJgwRUxAXsCsCkSyGkbDr7IqFocCqBHrddjKEN6pzBAV4ocI5TOjwUHBC7TkzdobTRgy-WwhYfko6utyAAtJr67tEtti45hmwxyzRbzIcuYexoGCPATJ_1X2dhKCtIa27l22bbYucMW1n5U-7XkGiIsT6lacecOOKrxsyJ8Ltj7ao0klHyvOM7S9PaRu4eGQ_lCgWi-cIY05p4jjS5-aFOJrSVLIAEj4FuP-Sr_t2vsv9ZrXrYB-FBe77rI_DKLtF0-9i4qq7b_9VY1X1p5blbbn4umerZPkuSymR-MeiLtIjFXiR02XPKVGr4F376ILLosL6I1DOqfZtBpyxKbR2jtooIkcyzXX2WiJBNqKSlD2_hK8pgI_-K_Jna7yHyp20oL3gsYUFVLOlIF4wS_g_xsCSAgYWx_qiIvq2zU4wcgTaNzNLFMjdBNuEZhiqFBWpuK1sFEOQQTPjPrV6wnlAYLTJUh2i_gpZdyh_jCwUw6HMFP32srXiAZFqzl6L0012fdg-fB26CoMXJIkNVK2wtyQ9-_nWplSEpfPMm7SCPSCeCNS65rdJSqwNW4jGfkjHKQGTWs7xbbdmFE10WiRwm-UdO_qaZpgB5fHTjsL8jXgSPSELiK8oFnyUFHW2X2SNM6kLF64T7Fto7AkGzYCUP1SBNA9iWe3xzwtOgdaXGRPa-kOqjb4STHw1KaGED_almt1WyB1ddKpNNIvP6XL6DQOMQZebzSSdqRJyHHuP5scx4EKcuUZW0YlztmEhhTn7SfV03wUDWqWDCq5iWZSHZJUX_hG7UA5vgeL3ps8MelyYkiUduwFVfHB3edP8L61s6NUh9Pf_pcKm6YwBbnpfUqV3TxpjstO2aa-B90Vg9nKK09gAe856BceLrB1k1OZ3ydwq_Nebcy_h-fQncLbU9D5C1CLjCiV-V9ZC15TEQ7yh9NsezIeHaiHSLtFne_6DStQE0kzl273-tsF6BmfXeEeX0z-3L_E0HqZr290QwErG-minY1WSEZXSTiuMYNMAQqZCSGulWhFlpWB1U72GofKqxCF2tDnPFCD2mgFal_NbIDRgP0Beq4oX_L8jm3CZXK87aMaZlHSL4dOzJqo2Wx73qsf1vqFema1wsKlWaTL1SU30Ji3M8g1inB6S64xE3Gt-wwbP5R_2V2jMExc4eoE3vxc78zK_Nksag9fLx_ZlwGvGFc21yuIKba2LlGfSRX_yV6ngMEzKKfN2dcSmNy7lvVst2gccoVexb9oTTithxsEDg3MzXQLSQ2zRmA2UiZD38SOGjzkGKo4V8P1GV00EX8zl7W-naY87Ci5ckus5u0KbwwyQXolGCrarDqQxR_2tHqxczUEchzWSceu55lp2z3DnfKsLrV_5YnoxgUW0ToWsSCJ0ahGoKNEWbRXRGy8Z6zWa0AAH7yJ0Ld6y0addmmGSZ4eH-Y25q4qLu2v2Vk38XHLycEMk3AwFa0_JqJNPViy2lPlEsKiexmLno_TjiFzb_XussYoyXE2-0pWj-VWIFO6bdwzgehJ8dy8sqM6kI9wWuvrUgCJXyEfObuHBGPoy1pmqON49_8Uhd1GdolQ4NQss2q3ralMLi3CFO7tzY3gEPVmyXg9mB9jaEXwfA3ErvFCPg183fFl797pxIgVCkfjNLEI7gZpX_j8RB6tuFDP5eP_471bc2MN0QOL7sAYTyqp5zOTSWJbk6ADO5BYmerGcIiyEa5sG6nF5ybZxkZPSbawQ1un07blW-Gv-TyXvA8MnksvROn1qVX2PfpwzMM_Ka7MUjn_dWMI_SkBZpE0acIvcpYrSv4W3SvX50Tzpe5x9P-NNyXSdCcva66I6jSJktWX7AfAJ3uc2C1yqVLYoP7CYXojPl71w3A84W0yS_lmysHe67xwpMG0zNzRYaVNfHSmAlSX3-E20FfJPQN8BxnH674ODolXyrpMHV07zWuiiICoPS8L62x4ZU2Fov0P0vlE1ohjyatEoB7mcVO0sYHXRBoMTchovSAGLW0tPFWSzQ1CLjHaokwccP9y6M_xppXV5bnBS0910gdW7U2pGXHd_YyS8G9ts12SHlG5gguHCUrcyyWGNvboufST0PPzwq_sv8uAK-hTyxqC8W7IoOl7BjFClr9LiUD1pItRNoqLrtjQFhlFWOP2XHCXg3aqCJeBnn4r-k0ZdJaBv9YpQ4cP8ZzsETp9dtust_UESyNE5WeZbnj5jgTanPV5Us3ibjNUCVLSWHnSfL3Rm79UpX2sWavWn70pPOejQYr-sVZu6iEgXApfqrnPHMsuEhH_V825U7HjmCIJqIGRzTtqlFlgga8mfKAg1k7LTmfY9exXNqmGNpIm0GW4csDBqLdQdEDb-7_NXQKRyLz3kHVISk1L7Y8XFmf_6MyMMuUJjowaCYSsksJ3ckXf_K03bAEgayeEyalHlQxBtf6SjIMnjma&cid=CAQSSwDq26N9-LG8bhXZ8MkET7FcgPHQ9PzfRzJV5Ul8m5hAAuppRYl_d2hORV7lsKce5SwfrOWngplTXDfqQwUVluVpM0dUF7TZeEKW4BgBIBM&rfl=2%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff2448482b752d3d385ec393baad2c9e71afbedd9d4fda329cb5be5d5ccbe5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35903
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame C785 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame C785 18 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39883
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C785 153 KB
47 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame C785 23 KB
9 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C785 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BxWJntFVyBMPubMhamHy6Zgw469p7Ys2_sPLcPdxr_n2rH_NRrO4oS02QZAoAQbDFD5dz7OHlBuP8l9rGPLBCnXnk3mrNK2B-c1owH89EMnSXb2dI

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 73C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1

43 B
766 B

13ms
11ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNVHy1rSeNiwbe5xZWMyRMQiNSzwVrbfBh0JN0Sim9rOZjA4ghxOQ2QoLG6N7ho2Da3r0VwntLKhWdeKiqCCylQk4KSUgbYrzIUkEzPKo14XNXCZ_7cHRHV0qesKAIIpxBqXILR6JgCyAtRT_6NwxYrljJowA-3RSS51MrUWY_qKsP8iXkqxuP44WvxFMXCpfr1mDQDZmXpP_Osa4WbHcsOMP6CcWQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 73C3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5UpO-L5rNPX8CzYsHyTVAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1

43 B
766 B

12ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNVHy1rSeNiwbe5xZWMyRMQiNSzwVrbfBh0JN0Sim9rOZjA4ghxOQ2QoLG6N7ho2Da3r0VwntLKhWdeKiqCCylQk4KSUgbYrzIUkEzPKo14XNXCZ_7cHRHV0qesKAIIpxBqXILR6JgCyAtRT_6NwxYrljJowA-3RSS51MrUWY_qKsP8iXkqxuP44WvxFMXCpfr1mDQDZmXpP_Osa4WbHcsOMP6CcWQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0TzsLCrmxL_j3of2u66gI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 73C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAcgNtqtrwitcOWWu7cc8zY&google_cver=1

43 B
1010 B

46ms
46ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAcgNtqtrwitcOWWu7cc8zY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNVHy1rSeNiwbe5xZWMyRMQiNSzwVrbfBh0JN0Sim9rOZjA4ghxOQ2QoLG6N7ho2Da3r0VwntLKhWdeKiqCCylQk4KSUgbYrzIUkEzPKo14XNXCZ_7cHRHV0qesKAIIpxBqXILR6JgCyAtRT_6NwxYrljJowA-3RSS51MrUWY_qKsP8iXkqxuP44WvxFMXCpfr1mDQDZmXpP_Osa4WbHcsOMP6CcWQ

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
AN-X-Request-Uuid: 372f33a4-d780-4451-8b18-4070b4c543c8
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAcgNtqtrwitcOWWu7cc8zY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 73C3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU4ODk1MjIyMTI4MjI0MzEwOQ%3D%3D

170 B
188 B

21ms
21ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU4ODk1MjIyMTI4MjI0MzEwOQ%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
AN-X-Request-Uuid: 8aa84597-d726-406e-aa62-90e952b2d431
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU4ODk1MjIyMTI4MjI0MzEwOQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 52ED 170 KB
59 KB 44ms
17ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 52ED 8 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DiblyOq3rgST30Kkok57Je3J59hRzgRGgVivsYG39apemK-wQZKnFpvyQe7d5pCCcJ3HJqr2HpW1qPiMSgu5RK_z2ufHk_GIR0U0aTVulSKHvGJmbtZGdYwyD_8FQg56gpRxhHgnNCR2GjZTB5j_J5tWGMzvbBKe5o9XiH-JgSZYI8pQQ&dbm_d=AKAmf-D1tnDw4UzpZeWJMCQ3IhNjAXf3aaj9vZ5SgiBpojEGBXw4b9HnAtGM25izM6GwOuyfrRKAZ8yVKZ9Y2D5OWYdethc9pUPNjVZn9Ubz_q-hHjn3_LaRuKZ3sPkw3oMKckIIK9qHl_8vCz8J3t8JzOnq1edWlxNp-z1GzXHl0GHZEX22IKeKyHKPGHnccmOfE6iCeZ7f6hXwl8mPqXDAK_o65xp-NahBHTWewSIALyxvLtc3Ui7T21-6zsgZ1mKAaEjP7_lh1-bR3R0WAk8h1KYMZvm-q4iy9vfC2g6ZeQYP7cyAyL_ATwHDeBvGkVswJMt2IL_6xEPyC9lkDeiEiDXTLHqtzI8onBefZofwCxJMi9vHBbtg3dDT4timYdZrWuNV-BmJcT-sjq-ay8BUtPmrVZfEg79k65hSoT-8_Qh-qKjva9qJsZx5BVShrMc7QDq6vX0CbOvvvAO5ZOFakRLWIW47a0M3CZGKWKb5tFDoMpy8mEV-w_bRu-Ww0YStYwKqEeZs019OJVlTu5a061dyhJpkRe6ThUPcKm-vUvWexJq6-Zqto__xwdsc6CuxWB3OSRV-zYl5ZDgsFnumn3-kkXnmMfUTsDtQJv9bv3FQQkaUKmRDCxJlj36jIx_EcKIfjcABV-vpZWGUaGqyLISdQ_3QcQ6-la0_09xP3QsOAzX54FSLATXnyWIp4OcrPE63bvjYP5H7bCuJJgdqt-nX9R1fQ0HD1p5Wf3prJEm4JV2R7KMOsgy3Zdax2fkMpmRygBq7t2Ay6KfaU3aeZ3E28DjfcXScEKwylJ846ZUeJmde_sbhkDJ-2FKuaIf7yljvyf6roJ0EzD1TzznxbqPYaSaE_O7EJ0Z7Vu8jFEjYah-qePyXEVt-3weLVX8ybGrlBdSvcxpyOJkpcoQVrp9W8SXyXXYOVmAmW0ZRKgmg_P0X_j1yRrQyHwyCBLX_Xbela0XOuaODe6zfWjLUNoNula8ufmldlVLo7wGDOpnyeGahA7L2lBZG6VJgUx3F5dl42qywMbptEujai5xQiwlfyQtN9X1EWyrOH6iQchopzXcKMvjy3KFY7m4g-IuYwQGtWjb8Wau6a1YWHygOIywb5ExbeKnpcdJ3Zr4LNlF4u9Itql9v-bhu_xbtNIrvIorifAz_MO0guiFDfIK7F2ShOCnWR71A9LPl8Lk5kdVy00ajKWG-kzJHJ33_3m4vN0DUSz_iHLRm0H1h-V7T9lRmWtT04Iq_zUZK4jcFnXM8wTaghXv0ftxsI8fdCwdpTb8wJKzFodxOd9ZcyT9qNizpMlstEoDD8HoTsaY1uDhJdc7_GLinTWkewG770iSQfIHae5mxCl6gMBGN6wTu1lw6EVvHzofxaV0MBpCkdNAz60fSV7y-QQ8D2Ja3WPpNhxv89Bv_FOM7Dal75EcYJNSoyHBNNLgHuCinFl9lBe5rVZm96GgBaC6Pr6j4GGDZErMfkEtviWdNZEpMoz4rmqlxybh8z_zMHoPxwdktQ4YAe-6SlpbYsAKqug9rzpUTV1gRtqtOuj6OEzSw5K0C8CSrnmGySHF5otvg3W-Y-L2bP3gPYTkhjLU8xwbx90QbOpwNaLvifJPVH0Hs18qVy_gCmq2D4EmMGCb_tLm4vXzzMH0iBSxXyGd1FH9woiMHsVgXQ8rsi3WZzGsQ4t2FQdS9oRH80p5nmUZfQeTZiaEQuXAxFn07TjSGkJ9HPCegQR-FnG8jn_kF9VZ2IxzH__qQaIhIvHEo7t5InkcO9-lcMii8QIFZ-yfH59JS5S-DkUG1-q_slIcuncjZOaZbxx1wX1rWIRBUbrq07iPHe6AidkBN_Y6wo16HDEANYwuPpKMZwdP_B5JyITCY5rz6Ml9yB5u8MIs90diRGKft_bwHcQU02jOxhv_7B4Rquy_SEJ45mB0l7WefyZZqMxbB_x6lKHDiMkA4DAelWBK3T9maFXcuvfgFP8DPHVNbsJCXzoZKBtIywXn3RLBmFWgQCXEw2WwxQBBMJVz06jm8fK0vhW49lIRvao6tEwifw5hTlbxUfCNvjAFfYcmjYPqnZKsPZ1Zsfv7NJW3nzRPavXv4Pm4eDXqohpQlgscexOB2A3O6ox1AZjAMQ0AOwaQDmuKJpz9Wiz3p1qCdeAXgBvgJAIscb1MtHfr4lY0Qwx7RkieVmnkaXwIpOfkLn1FkjeF0ywV-d2XAYDEySFKT0RBwe65wskX8b--OSICno-dADXIh7fRBCJ9sM-VH2pqPAG0SnPZodyVVaHjR1ozV11kkPzfUovCU6pt9U4LR8mL8BThy01mgi4C7dGmppaxTDzawcIbe1ghhL47RR0w8NZlhYCBEhu4TfXsAgqInUa2rnWrIsn0im4nYzbDIJym5zbJth6nYXlKfHf0XkBTyTl9gZzYEoOFVBHbDioxb4IkTEEN99Iom1K5NvU4tCGOM9V13a2XtywYaU5fj7ETZJewDCKXr52seTx7PgPUxGvtsaOFv_tkLcXUzpvU3KsdrPOTDmCcZUAus18jxiowIRX9KR32zdDfunFOFi5JOFjMjL_Pzi5b-_6AaxZWdnIy8WHhkw2WOFh2jz6ptVMA05BQyjZN12f8vT0rniM0Fm3wWwnN7ef-GzzEYG9YchN-6WE54hpaOIEmK70XHvJOiE4I7uAdypQZnw48XTX_2IZAm9J9y4wIFySnp71XfH3C19eA-k_jLrqJvM-zY9-StIxHFvbKL-etUDE8yhyZKRp-ZnVGkfqfkvyQPq6VBhZLO8_iPijxx7_hd7lSdNQQyauLAHkapAuAyhEn_PVrD3rOkBe-poF0qdXs04OWKMR6oysziVCKcj3aC8_GQleTqFRhYomulbu7jInruXIpoOzZCNuR-DnZobKnNhyB6Sds10TZEXwqc5wtgHBFrju-7-gfDKR4lO9CR-nm1yg2p3k8hbO1J3PFnu38DFvJeXbBo9L8NfT5ZOB5G_BTqWsXOCY9FWsVrR4GErfO4Nem97tLLAZA9-cpmurndWIUpEO3jdIvjZ7ENJgal7z7DX1kerEmnc674WP9VUQiCqGpD9hJ7I0H14uth6Ra8E0G4pz0SWN3cBA0HOcWYGd5vwEPxdOgAEqgbLkEtqaNX1VJHkPrjpFXE237UUaeSNupKATJTHCZ6rvlKW2jNjSiQvtuPDRV4nPzD2Xu4lqrqFWryb2Pw7jBCOZS0DxmhRp2vv16Zq3LULNHEBQJF6n9baf1sFIyLW4Ow0Qv9iaB7MWRqxdW_I8nuQICRlJIIQmFrwExx96td6nHIOagn3z_5KuQ1Cr28qzOfi7f9RFy-6KLi-hL5bv29JnuNaWFmIJid6skjasNC5_z4lrlpec3X4F6R5sume0Ackg3S96iTDlJvBAssiigLkRZhhkTxz_ynisERjg3CEiVRSze5Y1xMe2Ytebr_Hz6yZkomGMoMyFnkgom7OKgunjtTAbLa1uM8mGpKSMI22GtX8diKvWp-GikAUGIWEDuLfKoOFdDFpw6bnit8A6huzi4GHMSxzqy0hFaMJogQ-9iYNc0WWasBPBNKDlCDrnjidnpZ7Me5ZSSdKs_dz0tDFcZTsES1BmXR4Ktsmd2aJfPTl5c9jNbYlIckCSY8c05cfCKEylsDu128J1cMer_zK0DbVJepeA1Iokwpl7JDMStbJ0SJ1I2QfUU4cWT9XnOikrqo-jXZ2iXVhN0_62q-fVIg&cid=CAQSTADq26N97d0EsZlf0S7Lseo78DTliXUzg9ACBgvVVee27s9wCEAN2tjhf9itFEy1Ns3zQced51FzzLTZQQVyAm1Mg7nmxPEtrzXJltwYASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 52ED 30 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 10B2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5hD1Dj6qSxryv7MlFB6h8&google_cver=1

43 B
114 B

17ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5hD1Dj6qSxryv7MlFB6h8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY_dTjwAEwAQ&v=APEucNW_oIKNBCcCMbAFNr9MTYVyyTTrZK7LniqNr7mOIml2DdCQhDG_1_q9n44k0sB_t3dZnbMHTPdFoMfn8H3w0y4UIwSbZobVHAuNYYElsoVCjjBqV9HVWi-5Xfhzyz9dGOA7LRHuaNdV6gxz5v0YdqEXzF-VDmfnQBr6FJmo9TdPMq7rDww
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5hD1Dj6qSxryv7MlFB6h8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 10B2 43 B
304 B 45ms
19ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY_dTjwAEwAQ&v=APEucNW_oIKNBCcCMbAFNr9MTYVyyTTrZK7LniqNr7mOIml2DdCQhDG_1_q9n44k0sB_t3dZnbMHTPdFoMfn8H3w0y4UIwSbZobVHAuNYYElsoVCjjBqV9HVWi-5Xfhzyz9dGOA7LRHuaNdV6gxz5v0YdqEXzF-VDmfnQBr6FJmo9TdPMq7rDww
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 10B2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESELQPX7Q2T239vd30DkSra6U&google_cver=1

23 B
172 B

79ms
65ms

Image
image/gif

2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESELQPX7Q2T239vd30DkSra6U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY_dTjwAEwAQ&v=APEucNW_oIKNBCcCMbAFNr9MTYVyyTTrZK7LniqNr7mOIml2DdCQhDG_1_q9n44k0sB_t3dZnbMHTPdFoMfn8H3w0y4UIwSbZobVHAuNYYElsoVCjjBqV9HVWi-5Xfhzyz9dGOA7LRHuaNdV6gxz5v0YdqEXzF-VDmfnQBr6FJmo9TdPMq7rDww
Protocol: H2
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

expires: Sun, 11 Dec 2022 00:50:03 GMT
pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESELQPX7Q2T239vd30DkSra6U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 10B2 23 B
172 B 106ms
44ms Image
image/gif 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY_dTjwAEwAQ&v=APEucNW_oIKNBCcCMbAFNr9MTYVyyTTrZK7LniqNr7mOIml2DdCQhDG_1_q9n44k0sB_t3dZnbMHTPdFoMfn8H3w0y4UIwSbZobVHAuNYYElsoVCjjBqV9HVWi-5Xfhzyz9dGOA7LRHuaNdV6gxz5v0YdqEXzF-VDmfnQBr6FJmo9TdPMq7rDww
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

expires: Sun, 11 Dec 2022 00:50:03 GMT
pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3E13 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 601C 0
0 42ms
42ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=1988564500604290&rc=null
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 02E8 36 KB
16 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame C785 170 KB
59 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame C785 8 KB
3 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AUhQ9wM0p3xyJXnaeOFc_8XzPBBdoWLgfkkruW7pWtzQr3znJMXKw1oGLJQ9iYOTaTcctJ6fFSGNYWN1p_WnT92SXwG4ifV8b1bKtKqw3cwL_RzwgxwR3jpDWsLhbICNDe_bTKtDD1r5HnwiEEa0AlQk55XCe4wXNSul32BpYzjNRIsFg&dbm_d=AKAmf-Cj8KZ6pO-mfBq0kS74LAH2a-FZMY260aX0CZ-oNvZ83E4n6O_DAraegit1dlEZLmk4MrymVWpJOBUb1RLfc7rrhwM1ZoW7cce2SI3xo4pC_KEREbUkXVHwHyDGn7SBn8PddVIhD-U6mZcZGuwhfCsFeHgyoQ2dzc0qV1ECzzNPHGb8Q0v0HlcgBsAHxgTR17KDhN25gUKqqVR8uZgKO82ooImjOWpf77bBvWgwlz4K8kSA71bkj4hzJj54pIKNpXbf8Tc33r7bSIT9y5UEBQTyRiMMz5riXSQmKeWWoWMouV-qAXAdFh2OB79L3ZQJOhnMNlmGJVg3fEbScvnvFpYzmNEJN4kM58A2gaRV7U94u3wGPW_1VKwmD5fyUEjELuFXe0x9DnKPtsxvO1WttKd4gPDuosKiPiKgd11BnQ03jAI1b92cliP4_-1yXc0bC68IxqiEyYQGoRUA8a04OMxjYAEZoyekB6HaMhLLjWetIKPC9cV5Ju6FYdVetyrbU1xium-HbBy7QsVDoRQg57F205StuYf5cTVv0CEWsOYmq7EkFy8iYHX18zNz-qdHjhAm4d2Yzs5AgIOecFFvDfiHqIy5nDaHwekAkme86Je69xgOsHUV4IilleaNofEFBrA92OJDR86RC3e0w6hJVefp2aPXpnoObIyuPbMBy8slywsGUUFOdoWQpf7ZTcpoWWToVj2I8Xqg-v-ud96R8Hkd-UIfZRbCqk7lsrwQRvkliYcGOFSl1mDTBT_fYqdpzdwZWyQU1B6oxBHraJ1_JUg4sa_FtkEoZi2djTIsyHYO7I59rsWMwjbzA2EeZA8iQyaRm8RMJmOin-mUiy24sPiqU7KD90FCv0GeJP-1ks8nO-MXwEhgPFDTG7q2OyS3Tl-RlpCcw86H7fMlawZFL8qCOxMwX5JJj01WKqKL7uIaykRJgpI5HvjO6-XVTGi_4_JJwbmcVvAV92lYpmY_hCMS5-QG5ng1EdhJw1Dwhx3hcIIZlstzk1ak2OmpMSKTG6HKEL3l6AB8v2FK6Q4XkmsZqTGLUZQnS6h8TalTGUeZTLK3ACGG4jJMJWy6mLJgwRUxAXsCsCkSyGkbDr7IqFocCqBHrddjKEN6pzBAV4ocI5TOjwUHBC7TkzdobTRgy-WwhYfko6utyAAtJr67tEtti45hmwxyzRbzIcuYexoGCPATJ_1X2dhKCtIa27l22bbYucMW1n5U-7XkGiIsT6lacecOOKrxsyJ8Ltj7ao0klHyvOM7S9PaRu4eGQ_lCgWi-cIY05p4jjS5-aFOJrSVLIAEj4FuP-Sr_t2vsv9ZrXrYB-FBe77rI_DKLtF0-9i4qq7b_9VY1X1p5blbbn4umerZPkuSymR-MeiLtIjFXiR02XPKVGr4F376ILLosL6I1DOqfZtBpyxKbR2jtooIkcyzXX2WiJBNqKSlD2_hK8pgI_-K_Jna7yHyp20oL3gsYUFVLOlIF4wS_g_xsCSAgYWx_qiIvq2zU4wcgTaNzNLFMjdBNuEZhiqFBWpuK1sFEOQQTPjPrV6wnlAYLTJUh2i_gpZdyh_jCwUw6HMFP32srXiAZFqzl6L0012fdg-fB26CoMXJIkNVK2wtyQ9-_nWplSEpfPMm7SCPSCeCNS65rdJSqwNW4jGfkjHKQGTWs7xbbdmFE10WiRwm-UdO_qaZpgB5fHTjsL8jXgSPSELiK8oFnyUFHW2X2SNM6kLF64T7Fto7AkGzYCUP1SBNA9iWe3xzwtOgdaXGRPa-kOqjb4STHw1KaGED_almt1WyB1ddKpNNIvP6XL6DQOMQZebzSSdqRJyHHuP5scx4EKcuUZW0YlztmEhhTn7SfV03wUDWqWDCq5iWZSHZJUX_hG7UA5vgeL3ps8MelyYkiUduwFVfHB3edP8L61s6NUh9Pf_pcKm6YwBbnpfUqV3TxpjstO2aa-B90Vg9nKK09gAe856BceLrB1k1OZ3ydwq_Nebcy_h-fQncLbU9D5C1CLjCiV-V9ZC15TEQ7yh9NsezIeHaiHSLtFne_6DStQE0kzl273-tsF6BmfXeEeX0z-3L_E0HqZr290QwErG-minY1WSEZXSTiuMYNMAQqZCSGulWhFlpWB1U72GofKqxCF2tDnPFCD2mgFal_NbIDRgP0Beq4oX_L8jm3CZXK87aMaZlHSL4dOzJqo2Wx73qsf1vqFema1wsKlWaTL1SU30Ji3M8g1inB6S64xE3Gt-wwbP5R_2V2jMExc4eoE3vxc78zK_Nksag9fLx_ZlwGvGFc21yuIKba2LlGfSRX_yV6ngMEzKKfN2dcSmNy7lvVst2gccoVexb9oTTithxsEDg3MzXQLSQ2zRmA2UiZD38SOGjzkGKo4V8P1GV00EX8zl7W-naY87Ci5ckus5u0KbwwyQXolGCrarDqQxR_2tHqxczUEchzWSceu55lp2z3DnfKsLrV_5YnoxgUW0ToWsSCJ0ahGoKNEWbRXRGy8Z6zWa0AAH7yJ0Ld6y0addmmGSZ4eH-Y25q4qLu2v2Vk38XHLycEMk3AwFa0_JqJNPViy2lPlEsKiexmLno_TjiFzb_XussYoyXE2-0pWj-VWIFO6bdwzgehJ8dy8sqM6kI9wWuvrUgCJXyEfObuHBGPoy1pmqON49_8Uhd1GdolQ4NQss2q3ralMLi3CFO7tzY3gEPVmyXg9mB9jaEXwfA3ErvFCPg183fFl797pxIgVCkfjNLEI7gZpX_j8RB6tuFDP5eP_471bc2MN0QOL7sAYTyqp5zOTSWJbk6ADO5BYmerGcIiyEa5sG6nF5ybZxkZPSbawQ1un07blW-Gv-TyXvA8MnksvROn1qVX2PfpwzMM_Ka7MUjn_dWMI_SkBZpE0acIvcpYrSv4W3SvX50Tzpe5x9P-NNyXSdCcva66I6jSJktWX7AfAJ3uc2C1yqVLYoP7CYXojPl71w3A84W0yS_lmysHe67xwpMG0zNzRYaVNfHSmAlSX3-E20FfJPQN8BxnH674ODolXyrpMHV07zWuiiICoPS8L62x4ZU2Fov0P0vlE1ohjyatEoB7mcVO0sYHXRBoMTchovSAGLW0tPFWSzQ1CLjHaokwccP9y6M_xppXV5bnBS0910gdW7U2pGXHd_YyS8G9ts12SHlG5gguHCUrcyyWGNvboufST0PPzwq_sv8uAK-hTyxqC8W7IoOl7BjFClr9LiUD1pItRNoqLrtjQFhlFWOP2XHCXg3aqCJeBnn4r-k0ZdJaBv9YpQ4cP8ZzsETp9dtust_UESyNE5WeZbnj5jgTanPV5Us3ibjNUCVLSWHnSfL3Rm79UpX2sWavWn70pPOejQYr-sVZu6iEgXApfqrnPHMsuEhH_V825U7HjmCIJqIGRzTtqlFlgga8mfKAg1k7LTmfY9exXNqmGNpIm0GW4csDBqLdQdEDb-7_NXQKRyLz3kHVISk1L7Y8XFmf_6MyMMuUJjowaCYSsksJ3ckXf_K03bAEgayeEyalHlQxBtf6SjIMnjma&cid=CAQSSwDq26N9-LG8bhXZ8MkET7FcgPHQ9PzfRzJV5Ul8m5hAAuppRYl_d2hORV7lsKce5SwfrOWngplTXDfqQwUVluVpM0dUF7TZeEKW4BgBIBM&rfl=2%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame C785 30 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 363D 466 B
238 B 40ms
35ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNXFItzuVz_dTXPeMCkILPTqZll52TV5QKWRtFyDG99pa2Bjau58YqrS74ZYaxxHVsamXIKvFt2A8e1_zuN6VsXoFZbCFoc3Kd2wInvpiRGlTA9raYHyA2VG36wjerjowp1wuL8yMJklvKlvEQkWrOFE-DNp-AAZZv2ARlgYsjH7XDNTq3px0r4LWenLGt7CmFfcQAOovteXHIxfMjVmEXLApXF_ug

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Sun, 11 Dec 2022 00:50:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3E13 93 KB
35 KB 57ms
52ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BFWjf3xty5Dz1C2XkJCaHB2V0itNGpQ-FPG7NAmRed4LS-I-sYhpd5XKIfQA4jCOXcyB7jag4aunxLzh81tmVXxh8I8-9Rv5E6SwdneDQMpclTl3E7HQUzOzpWeb9Z5FCU5IHFPBYaIIvm3ZF4enQORptd69sshbtSJBfo_P46MowlG4A&dbm_d=AKAmf-BiGngIGW4ZM2fdjtBE96XuoDx4cJCa69eTNZyGt4CyLcCMwdHWnnk_qwRlcjOO5MOZm8VOlvv1t3QLRb975BR8I8_-duYUzuzj_UNFh543oYUhFyLz5I7uEEv44mHFqv9EzcmuU-9zA6CK3tFbp9gY1Fb4k2oGs6C8B-Cft8mdRqsZ0xPID7gUZc5d0HLlnVwfW_lEb-R7OpFl7fEeZUPAVziSGEPcfslDvmNst34QrzYIsQCD6hzT9R6WEnL_bF0Rtthg2XFjOyPz09KdWgFOPnrQ-LneiTzgzBQr265nC_sOoLJIammFdv0IexkU528875-tbC3pQysfFaW0F4AAf3gcKoNKfkwB8ilGs4yNmWHqc2YJTpOB3TDqiGoFu7QDzwIQ_RuCZcRaK4bvDVioqhrLtfr9s5ZmgVm41QfECYnMiHlrdOG1LhyqKBf7eSCbb1KLYSzhgwUrOx2dhio1iupcufz72tjekVZO8uxBos0KJglYd29m0ZKoSjxR8YLG7LwBHOclSwpXXaq59-uMhVTK0SLvUV6HhtxtFtzCBly3l5pIY-a88FGINxUUc-mo8AtRN0Ino-6xnnWpMWiisCwSfX2FrsO5LDdl3S6qCqCleLHynxZmfNW7KzPcZs_qx16_5ZCMZl-zbe5HAeOuqIFfds_mzuKMywGz6bKZo82Wrmn_Z3Zq2MAa40L28fGcYqIM_URaH31qlNE2FQpoSJOTRvdBuJ94LsV_r-oOG8ggpGXGh-YxHIk7LQDUnlIZOXimY2WYMqRjtKCKINsRzSVdzrmnJs_yvnxI5h_8_bJK3FnWg_3c16EE9fSkGRKD8uhTYHWaSwqRuMN1akQLdVSTNkrWlTaaB6QHgvoupmim5_HI-6HPDA-T2zxYLtd1kZiVsxjEZGm5YfPdGhZBB7s8bV6rpCWEqkbUXpjSCDNLVQ0ah_g6C5QwpiX8e2fAfrxGHr8a3tKbsgpbuYW14up-2iXjjBff-NdKC2t-lMzpU_qyBP0w5mviN7xyF60SPAf2eM0KjEhIabRsG1p1VHynaMZRArCO6pw7Ak_3wNrpB4KY001bUvVlhyqZzJhjm2GepkzWy_5_4A-IwJ5oSO-7ogOIZT95-jp3Q8040fRFzYbrlbwA8EgQSyDFgHVka8838_L5XFb4uc8g1G3K5yPKAjzIATuAV43CuzukhjK8HgAw0vA5WBbT-kC_1D_6hq7CnXdef7xkTu2Eb1Gn6wpXYkcz8idz-kS1SaNeYhszMtdj10PFLmsB8L9ux_tCNkk1pAYWjLGDU4M6n09zsqIrJqRjs4gYUENNYut8EyUb5tSsqPYIGj43YIfvtbWNJsMgt6GhHuyiserizyZkO7TKCbKDT00tF7AMKP8tHZS_Si0Ynd4l1FKcV7wBpN1AJ_JXJLUmYLH-xlAXJn2vPhPZOdG-Ktz1dp_DbR7yiKR2eH5LG2gIPZ4rWARsNNUZ7j39GS9o19EDf8LVE8YKM1h-CRCcDOy4wY1OTY8KQtz19Zl5QGzfyQTeFZll5FBYIkEvL1YsLmFM5ta4FcPQ8c5NOdcwxsMQAEs1-7I3GeomiEgBMhPHbUKDo22H84yTX1kH12QhGJ1k-GKKZDQXdtbjQZle69vmb9v6UACYADATST0ZmvFzs1jSaiT7bWspljnU7wXnV-7pkWS3U7Kub4aWloSGJnCnAQjlMBLNZY7twheSpboZxOTry6uwZknAWhuAd1RJbeXXQ1UNwLYXBgArKxQ1JwxM-l0cm347ikSAjpPmZao4LrwBrhxmr973ArSEXplvROK9VwBnqPovj-VBjXv2G2UtHtT_DEQrhL91G-05O7AGTG4lBypcy1q5g0n81zU_bVwOxny5SBYjLQDgpa386OTF0a7AlPsaF5d_GfOl0JQBsOADtoScYtpV_agDq0CKi6CUF3M_Vai50EfXP1J7PC8qwWpmdv_GVDKthQLGcrIErv-E3a5WACgMpRPTA1fgPDhr1ECUA9AigvIee6RA_fumhdEf1Sr5zoUkbhK9R5XwAraNTlfTTRq_U1vc-LJWWXmY26AHlyeEN7Xg3B52RZ8HN9U-TLpRkeXI9CG6YznvEMGezSkX3mb93DyQeDlGrRhBLduX9RT5ydWC2fHKvk8FeYjNLyYlwFB-PZ8jnqlYRpewBkr9wFoRz0Jmp36W6BFIj9Oe2h9vqr53_dca66lvyNxjFycY1GNEy-LdGiZ77VwwdxAZFgXF3vRZ5Wl-U9wt6fpP8aiXXf0Hj22gXtbsOJwksMeAFOrr-dsrlqxdz1bCAhxQ1T88drslRwBiWcRXwXDV0gse08ZmS1jcPIw8Bm9l2aic4hvKPSuOaIMQ8cfAg5AR4_G2YeXrFxVbk4Ncl-m68HwZJV-IusqFqFfaqKYsb7p2WeEr7a_v0fviGH3ddxZnE9QEGLrFwkco7qfIxEl9IWEw9Ll-1SrCcAXDW5HH2GJfCnvNTnIHdQQ-OsrPWFKV3T5-_Io2rIByu0GxapjuPVnRX2thwfVFDLTWbn51ZOq7HeXkDX7hm6l5ZHZvs7zIZNNHwUYXYmXf0N12Bqgp-upwVbFdy8eDHlFrjia82OmpeuGKBcU9JuHWjNGjb9KfiZVDdISkArohQhjERi9B2jBk4KaR8gWI4g8LbQI94ioOhJfZB-S-M_RggmfkEVkIqnLbC0C-mgug-gAKkNNcVAK36zRkoJaoMwZerHIZ-5zYP3bCXiJ1aGkPnwxWLsp3zImb1_Z3fWl8OGgTC4UtTcHSVT4_SmhXPphS9MSGSyUZDP0jlU--23rIH_wrhZytmbjfc9qKLJqq_JPt--l87B1V9W1hiiz1MBKALruJUZylkTVDFvdY74LnClixLrxNMU2A025DHzCVIOnYlgZbCDuc1I2wZkeI5DyYLZCgX7pzQLnrF0n1ToHySWtJHxvJELVMBFa7oPUKFpZXP8Rqdx9g7QOPmRKLAPfy7TcrvtQ2cnjx2S_YI1zIWdHzKqi7px2_mOli3yxASRIj_Snjf8S7cFvCws-m1csB0DwYfHYSpesqj-M-b340e2uEWfjO_v3K6M81HG6iAkEYJxp_3ax3KDJ3T5IYJujlQ1gY_2sTsNBdxLAF1ihSnhaKqKN3DJ5bcWSg0ei-bgj74_xljxWVPO8z0gZJv_LGgXBnEOpb_FfqcWE5AmfIiC0U4cuW3_HoU1_ClXBOj0g-B26HR2Xb37w2OByoby0tVWSB2POmjQuYH3xHHRwM6b_xi-KVqnuRH175KUpGeGWgDgLmADfwaxPp9GwzTs3rvBevHl88ocbvNYzHx7bBna0qkHch0pL0KpW5lhzodJbru43sCHig-xUFvoalvvPRTg44k03jwE1auC3cC4VBuKXb3lLcUnocKSR1ews7B93pyJiUX9hPh9c6gUECTIElu8UHaRI5SnniTQqKV27La0A51NncJuR2i-Eb_Ynf5lecwt2nFm7C3nTLXlJn-oyJsyXctSQS3LNjndSCGc4jIdxEgtlYawnRF2JfiVlxkqDUhMmG9kFypafSmcxIseQLKbSpgzrc49J5e7Uiwx-iHoNFTeC4wRVSLInyTv-hLsP47V-3SjQl_GIJxZjKNr3nqH2hUpPkWd4WekfOmUsJCMcqOQKJv3vguD4HhnX2ytF7NzbCFYP_0dBUQaOhD4rZQgAdyeR3fPY7BAM&cid=CAQSTADq26N97bDgLBvPZMbCN17fVgVaP5BIyA2sHfr_oIm5slTk0inG84MqjWyuBa_sAzQypO2Ec1qmLqEPPc9bOkOZlkWCL_tn4DAFvj8YASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26a871f2e7e2878d290f5289bcc8b329b39b21dfa7460eda087fc94d90b0ffde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36234
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E13 42 B
63 B 52ms
48ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CIrT_YAIMrQbLEWfsIaZo0KZVx1_ibQqmt2kYA6rv4JezHrv44YWw-Q92vPcms8Noqm96UX-0Xz7Ep3mllBwcCqO2oXbxwY-lO7rUlZ6uZEaYU7Os

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 3E13 3 KB
1 KB 23ms
18ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 3E13 18 KB
7 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39883
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3E13 153 KB
47 KB 42ms
37ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 3E13 23 KB
9 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame C960 36 KB
16 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12809638294083468348/ Frame E8E6 15 KB
2 KB 163ms
18ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ae70b7413b2252f3215889731e38f7192c1d3f061d04e8e496725b76f7723f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2279
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Mon, 11 Dec 2023 00:50:03 GMT
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2FD5 0
0 211ms
60ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvyzTMpRkDjBFHDSikuaT95rHgKshiBiSKi2KuWsAltjkvzm60X9Df2a4LkNFjtihE3Ikt6Z6Ao_4deg1_5_-LJlN7ceGzAm9lRRq4D0WaIDeQpeWU5YkVn19tjXL43xXrev2bvxcOXem4UoszGHy2L0FA7Fvig0dzmXkitkHVHXplFFpN5rXvsvHYxU5PIR8cUdRFiIIiHOhCnTPYX0jDmwVmuHTsViBWjj_dP7ntKFMhCk-UaW6fa5WSS5PlY6xGsNhmgEpnDjsrEGc-uKlT9QZ4tpotGQlsoMEWr-5rJ_BS0IHbwwjRC2Y3GiEAh3QJt1vyEQon7ierQXlllBi9C5oWedt1_yAMue4bUVGLSCMVby7I_Uv1P61FyRFaRBZS2U6QaKPW-G-U9kaledUiFF4VezHzILY_2xZ2gpWjqsKgqj5-ll2q2sYriih80bjX_qA7mZu5iPl8yLRjzraA-4jPYPWo494psRBB9UdoouVDSxEJmfjDZuvhff9WRgM76bvO5uTACUw7qYDgo-2OW-KVDfnshYfV4hTLDdMl37rZ5A6Z0QiWF6gRsUvSYmNOAojbpQueRbwUfHKQaiCTplMzw6Xk-HjMein2vkE0t3jWFs3ZCNhV7gg46nO9TQe7glizdDA9Sy-V0jCqQ4lBqMkHu9MnjVQqKpp7D90gfnjQw-Xnrj3bhTuEiTtkVO3L3QC_EzMxbEL65YUPXogB35qaRMmuFN9q-RxRlZRgLkugDnWrSj43rS4JuuaYpARSFZaus18SeJ8nAjdc0RsTxwUkr0KmBC7UZUedXF116y46xkejvjKfloHj2TMKOrIaauM9X5zKaViupAmHbsynhHYX4J1cgE1ZkHPSyg7WNgwbMYKhZ-22trO1WtsAsAHTNCxtyKW8wxUV2-N9h1HKpNc8uBCpVmOSC79TvPBV88CeiAWzkA3MagqI4e61dFWZBm94ICVpxPr5nhTXv5h6diFUYbfwxUhMSB7pMzqVdF3tENC3abFyn4J8ZvuU3pAuad8dABwq7cHEikhU0Gi14f04aa766CcKL22xErhJcfpwuzZOIEQd9cEVYbxm6-Z5e0cdaDWyyHwTWZ5tWw37j6YclzUG1QXY6zrVOnUB2g4rUcCQFkFLlFr_z4CjaCHM7JZ_eLqlz49ofSa8Uz03gwn1TMwt5au28EjNv1MSxnKsTaqRu3EF5S0wBNJ7oqY8I0PsjhfKSkyXV-I7gAkTNNRwgjPgBSvyf3AOAA4_guFpi3xoPu4oOxIJVnrjGMhzX27ptw&sai=AMfl-YRxTi2JHoMSZ76dbOw4aGkkjvul2TGWEYDp1Hct_sGjJNO7tjSeiBuze5SAOuyE3alJ1d9Uu-4mxxvWi7Lw-A38PFaBLd__oZS6HIP0aAbzX2sjxzX9opXTpMF8XW14kb9dQ-_TnbmFRqQ5o4M9iVhDl_xOPqEUpCU680RTq67ImzY4NblizB6Dax3MMWXsKOpWfCSq4Hop-ckUS0h-wjWfO7mmD4s4KbYXYmCCEtdH6XDiYz6j8U4LYlWtioCYbCckSuMYwCzofD9oMFB8VZbKAJNEtMK__38HXeGLvw&sig=Cg0ArKJSzE-1P19n83MTEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=359&cbvp=1&cstd=354&cisv=r20221206.22422&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 52ED 41 KB
15 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465452
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
DATA 200
OK truncated
/ Frame 52ED 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81a5f2ca0169db205bb76787c74c7821c949becec8f2c11230c33d8ce16ea7b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11194968340574837653/ Frame 2BDC 133 KB
34 KB 140ms
22ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4728138c66efe2631f52ab947848a9646eb05fe3c25db6cc9a07985f94b7f47e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Mon, 11 Dec 2023 00:50:03 GMT
last-modified: Wed, 28 Sep 2022 06:59:39 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 52ED 0
0 182ms
59ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuoyGyLOBBAMPTOs05U98Q6b7zaJyVx_STWojxpA0CChyOI2RAaSGKuTxOoB19a0qaIu4kQ48Eta9FlGvfdA4pSOckAx23bvnEucqrTXg8Lh_PdD0-TqpCx-OEtefj4PhuxXzfNdNwyVZGuYpPEpSa70ciN3RXvT-u6dS2ug9q7dpusHiWDi4UhmIzYzxXzRhxap_9lnUeviI6CW759BjK-Yr8swZXe7bPiK9Z9UpvvPGxcOFQsfvgqGtjZULu_Y902ududor-2_cyTHjE751JsUMGGjgpZYnZfVEwQVExyx3ovy1rOPuBuc_sHAGRGazpNH8INvFIwfVbt-zFol_bsrRowwgc4wyfWoXnSlr5yOc39wheHZrBlIbCHVhEfDXYdE0XXDC4VnTHdJsaK2w509hAPWItX4ACkIAeZ9Sk8pPfXwGP-tHQFTiEAhT_jmuuK1mMfCIxotjPJPDUepZ1o7NUUWAf-1ggGsP8Eruo4F9rkPrKHtZXmQc8IPosMI0oK-gNdmEZB7wuC5_3PLc2_f7QRluwm3gnlf7WMrs9irp0rSngHHqyXjngtpdrStJd-LZBxgEuZDktx7inHbYSEdSAIzYHlnmQTvq8C83AgYqodzpLLwexkx_Og1E6wrFppjICu5zzbhNp5HCgdWKiDc4xueC3cmBGXMfzCJT-EZhMEMnjSnyGwc6Qg0LefE_hpb63GD4ZngPjyFvloUpogbo2gsP6_gTHiv95yuF2jLFAnqVyopvmF5oKHb7Ck0y5wh8Hr27MGG93J303QBbEDWtb8JuWVnF4CFdsz3vTCfrNne-7wiRWxMY74VooUPj4Y0e4WJQyF5L_eGt7nErXrYP6JdlaKUEycokIjO3JwCy98_8I8yeQJi1VdV2sivolsM_f7tXpPHMNU0Qcpney9vBsmZYopAs_KlKH21EGRxcIWiFyp1U2Xo495jpDu9WP5NfsI4qQetDcreTVUzxHQQYwuxOwCIn9cTm8AXSD_0gzwTmNKy5MUR-Ga-QN_DSRPyoh78XQ1x3imApQEWCxJxrbb_ZgB5C1TzJX8oNFppg737eQHhy5Eli1QS-1YAXFj4SMCVkLCmq6c5ezBScqf0uc6N_BkEHFYWQaPe1c-pmUgqtgiUyEYUY728CGiq4ISbSzidCMSUgvsalaislCncFowhrX2SJg0_fsHtN5Y6ERv6aFfvXIKW4oHBvfMYS56qaLjQldHNLuVSx5u-5zb_eDsQKq3vtlnAIg5_DOlueiAnx3WOH1W4dHNe6nU5OooDE2oqrdLZb9OykfB_38&sai=AMfl-YTzlHBLdpjTDQ3AZncTHcNstp5TFTXBYecXl-w24ktu-1haDTFUmZ_rw5rcXfW13LHJ3oVn_S1DjoRO9BywDyxudZZ6Zm6HO4mWXkrc9S9633d8NIiXwzMkeFfF0Lmq952McI4BBm2m69o-KPiUWuWUSiMfUExvAkdcEmlBFYXGDIQPU3IwJ9lhW3wUfkQTkHTV2aM3-APImfXGmkWIVIYZdix2kFirsg7_YuDYafrWcj4RgiY6uEQQREGVmP_ifYNxA9BlxOJAj9z-tV2cmRnKZZeuSi-Hjn8bkTrLow&sig=Cg0ArKJSzJOV5_wMRotJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=136&cbvp=1&cstd=130&cisv=r20221206.09293&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H2 200 B29045444.353940460;dc_trk_aid=545005594;dc_trk_cid=182965393;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=ABAjH0hI_E1UAnO42OxndNBKG46H;dc_pubid=5;dc_dbm_token...
ad.doubleclick.net/ddm/trackimp/N195005.279382INVITEMEDIAINC.DO3/ Frame 52ED 42 B
533 B 156ms
34ms Image
image/gif 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N195005.279382INVITEMEDIAINC.DO3/B29045444.353940460;dc_trk_aid=545005594;dc_trk_cid=182965393;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=ABAjH0hI_E1UAnO42OxndNBKG46H;dc_pubid=5;dc_dbm_token=AD1EzRQAAADvCuYBCgwIABUAAAAAHQAAAAASDAgAFQAAAAAdAAAAACISCNGlp6pHqAKCoHSwApf00OEDQAHSAioYASITCK-D5aKs8PsCFa_Fuwgd8NEDfSgBMAE4xfuXw94QQAJIAViIgSCqA3BDQVFTVEFEcTI2Tjk3ZDBFc1psZjBTN0xzZW83OERUbGlYVXpnOUFDQmd2VlZlZTI3czl3Q0VBTjJ0amhmOWl0RkV5MU5zM3pRY2VkNTFGenpMVFpRUVZ5QW0xTWc3bm14UEV0cnpYSmx0d1lBU0FUsgMRCIDhgBAQARgdMgKqAjoCgEAQn7HP2wEYXL8ceImKoN-hfj1da7cj?

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C7B7 6 KB
3 KB 15ms
8ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C785 41 KB
15 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465452
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 363D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFhKa2PlQptsW91GaDwotOQ&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFhKa2PlQptsW91GaDwotOQ&google_cver=1&__user_check__=1&sync_id=bfb8ea62-78ed-11ed-bbbd-14684a3a0506

43 B
549 B

16ms
16ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFhKa2PlQptsW91GaDwotOQ&google_cver=1&__user_check__=1&sync_id=bfb8ea62-78ed-11ed-bbbd-14684a3a0506
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNXFItzuVz_dTXPeMCkILPTqZll52TV5QKWRtFyDG99pa2Bjau58YqrS74ZYaxxHVsamXIKvFt2A8e1_zuN6VsXoFZbCFoc3Kd2wInvpiRGlTA9raYHyA2VG36wjerjowp1wuL8yMJklvKlvEQkWrOFE-DNp-AAZZv2ARlgYsjH7XDNTq3px0r4LWenLGt7CmFfcQAOovteXHIxfMjVmEXLApXF_ug
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 128
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEFhKa2PlQptsW91GaDwotOQ&google_cver=1&__user_check__=1&sync_id=bfb8ea62-78ed-11ed-bbbd-14684a3a0506
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 117
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 363D
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YmZiOGU5ZWYtNzhlZC0xMWVkLWJiYmQtMTQ2ODRhM2EwNTA2

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YmZiOGU5ZWYtNzhlZC0xMWVkLWJiYmQtMTQ2ODRhM2EwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBCCoHQYn7HP2wEwAQ&v=APEucNXFItzuVz_dTXPeMCkILPTqZll52TV5QKWRtFyDG99pa2Bjau58YqrS74ZYaxxHVsamXIKvFt2A8e1_zuN6VsXoFZbCFoc3Kd2wInvpiRGlTA9raYHyA2VG36wjerjowp1wuL8yMJklvKlvEQkWrOFE-DNp-AAZZv2ARlgYsjH7XDNTq3px0r4LWenLGt7CmFfcQAOovteXHIxfMjVmEXLApXF_ug

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YmZiOGU5ZWYtNzhlZC0xMWVkLWJiYmQtMTQ2ODRhM2EwNTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 141
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 363D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1DY0g5cDBKRTJ1SC4zdnVWazZaVk5YU0J2MnVzWTRDUH5B

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1DY0g5cDBKRTJ1SC4zdnVWazZaVk5YU0J2MnVzWTRDUH5B

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1DY0g5cDBKRTJ1SC4zdnVWazZaVk5YU0J2MnVzWTRDUH5B
date: Sun, 11 Dec 2022 00:50:03 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pbhid Show response
id.hadron.ad.gt/api/v1/ 132 B
269 B 177ms
176ms XHR
application/json 35.84.249.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/api/v1/pbhid?partner_id=239&_it=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.84.249.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-84-249-238.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 0155ae9c43c3d2b1fcee49e3e0e757449b51ba2065693b203e22ed5dc75a2f7b

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.20.0
vary: Origin
content-type: application/json

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=5588952221282243109

0
426 B

19ms
12ms

Image
text/plain

54.93.93.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=5588952221282243109
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Server: 54.93.93.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-93-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
AN-X-Request-Uuid: 12290b03-8081-4949-bc2c-4a192eeb1748
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=5588952221282243109
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cookie
cm.adform.net/ 43 B
106 B 120ms
39ms Image
image/gif 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadf%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=&verify=true
https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-OYufYYBE2uG3CyFlzbwox28V8B5T42R80vdAvPE-~A&gdpr=0&gdpr_consent=

0
550 B

17ms
16ms

Image
text/plain

54.93.93.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-OYufYYBE2uG3CyFlzbwox28V8B5T42R80vdAvPE-~A&gdpr=0&gdpr_consent=
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Server: 54.93.93.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-93-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

location: https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-OYufYYBE2uG3CyFlzbwox28V8B5T42R80vdAvPE-~A&gdpr=0&gdpr_consent=
date: Sun, 11 Dec 2022 00:50:03 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ 0
191 B 78ms
16ms Image
text/plain 98.98.134.242
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

sync
odr.mookie1.com/t/v2/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=80770935-2acd-41c9-a3c7-1978df9aeeb2&ssp=vidoomy&gdpr=&gdpr_consent=

43 B
356 B

98ms
21ms

Image
image/gif

34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=80770935-2acd-41c9-a3c7-1978df9aeeb2&ssp=vidoomy&gdpr=&gdpr_consent=
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: //odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=80770935-2acd-41c9-a3c7-1978df9aeeb2&ssp=vidoomy&gdpr=&gdpr_consent=
date: Sun, 11 Dec 2022 00:50:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F5DD 6 KB
3 KB 14ms
10ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3E13 170 KB
59 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 3E13 8 KB
3 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BFWjf3xty5Dz1C2XkJCaHB2V0itNGpQ-FPG7NAmRed4LS-I-sYhpd5XKIfQA4jCOXcyB7jag4aunxLzh81tmVXxh8I8-9Rv5E6SwdneDQMpclTl3E7HQUzOzpWeb9Z5FCU5IHFPBYaIIvm3ZF4enQORptd69sshbtSJBfo_P46MowlG4A&dbm_d=AKAmf-BiGngIGW4ZM2fdjtBE96XuoDx4cJCa69eTNZyGt4CyLcCMwdHWnnk_qwRlcjOO5MOZm8VOlvv1t3QLRb975BR8I8_-duYUzuzj_UNFh543oYUhFyLz5I7uEEv44mHFqv9EzcmuU-9zA6CK3tFbp9gY1Fb4k2oGs6C8B-Cft8mdRqsZ0xPID7gUZc5d0HLlnVwfW_lEb-R7OpFl7fEeZUPAVziSGEPcfslDvmNst34QrzYIsQCD6hzT9R6WEnL_bF0Rtthg2XFjOyPz09KdWgFOPnrQ-LneiTzgzBQr265nC_sOoLJIammFdv0IexkU528875-tbC3pQysfFaW0F4AAf3gcKoNKfkwB8ilGs4yNmWHqc2YJTpOB3TDqiGoFu7QDzwIQ_RuCZcRaK4bvDVioqhrLtfr9s5ZmgVm41QfECYnMiHlrdOG1LhyqKBf7eSCbb1KLYSzhgwUrOx2dhio1iupcufz72tjekVZO8uxBos0KJglYd29m0ZKoSjxR8YLG7LwBHOclSwpXXaq59-uMhVTK0SLvUV6HhtxtFtzCBly3l5pIY-a88FGINxUUc-mo8AtRN0Ino-6xnnWpMWiisCwSfX2FrsO5LDdl3S6qCqCleLHynxZmfNW7KzPcZs_qx16_5ZCMZl-zbe5HAeOuqIFfds_mzuKMywGz6bKZo82Wrmn_Z3Zq2MAa40L28fGcYqIM_URaH31qlNE2FQpoSJOTRvdBuJ94LsV_r-oOG8ggpGXGh-YxHIk7LQDUnlIZOXimY2WYMqRjtKCKINsRzSVdzrmnJs_yvnxI5h_8_bJK3FnWg_3c16EE9fSkGRKD8uhTYHWaSwqRuMN1akQLdVSTNkrWlTaaB6QHgvoupmim5_HI-6HPDA-T2zxYLtd1kZiVsxjEZGm5YfPdGhZBB7s8bV6rpCWEqkbUXpjSCDNLVQ0ah_g6C5QwpiX8e2fAfrxGHr8a3tKbsgpbuYW14up-2iXjjBff-NdKC2t-lMzpU_qyBP0w5mviN7xyF60SPAf2eM0KjEhIabRsG1p1VHynaMZRArCO6pw7Ak_3wNrpB4KY001bUvVlhyqZzJhjm2GepkzWy_5_4A-IwJ5oSO-7ogOIZT95-jp3Q8040fRFzYbrlbwA8EgQSyDFgHVka8838_L5XFb4uc8g1G3K5yPKAjzIATuAV43CuzukhjK8HgAw0vA5WBbT-kC_1D_6hq7CnXdef7xkTu2Eb1Gn6wpXYkcz8idz-kS1SaNeYhszMtdj10PFLmsB8L9ux_tCNkk1pAYWjLGDU4M6n09zsqIrJqRjs4gYUENNYut8EyUb5tSsqPYIGj43YIfvtbWNJsMgt6GhHuyiserizyZkO7TKCbKDT00tF7AMKP8tHZS_Si0Ynd4l1FKcV7wBpN1AJ_JXJLUmYLH-xlAXJn2vPhPZOdG-Ktz1dp_DbR7yiKR2eH5LG2gIPZ4rWARsNNUZ7j39GS9o19EDf8LVE8YKM1h-CRCcDOy4wY1OTY8KQtz19Zl5QGzfyQTeFZll5FBYIkEvL1YsLmFM5ta4FcPQ8c5NOdcwxsMQAEs1-7I3GeomiEgBMhPHbUKDo22H84yTX1kH12QhGJ1k-GKKZDQXdtbjQZle69vmb9v6UACYADATST0ZmvFzs1jSaiT7bWspljnU7wXnV-7pkWS3U7Kub4aWloSGJnCnAQjlMBLNZY7twheSpboZxOTry6uwZknAWhuAd1RJbeXXQ1UNwLYXBgArKxQ1JwxM-l0cm347ikSAjpPmZao4LrwBrhxmr973ArSEXplvROK9VwBnqPovj-VBjXv2G2UtHtT_DEQrhL91G-05O7AGTG4lBypcy1q5g0n81zU_bVwOxny5SBYjLQDgpa386OTF0a7AlPsaF5d_GfOl0JQBsOADtoScYtpV_agDq0CKi6CUF3M_Vai50EfXP1J7PC8qwWpmdv_GVDKthQLGcrIErv-E3a5WACgMpRPTA1fgPDhr1ECUA9AigvIee6RA_fumhdEf1Sr5zoUkbhK9R5XwAraNTlfTTRq_U1vc-LJWWXmY26AHlyeEN7Xg3B52RZ8HN9U-TLpRkeXI9CG6YznvEMGezSkX3mb93DyQeDlGrRhBLduX9RT5ydWC2fHKvk8FeYjNLyYlwFB-PZ8jnqlYRpewBkr9wFoRz0Jmp36W6BFIj9Oe2h9vqr53_dca66lvyNxjFycY1GNEy-LdGiZ77VwwdxAZFgXF3vRZ5Wl-U9wt6fpP8aiXXf0Hj22gXtbsOJwksMeAFOrr-dsrlqxdz1bCAhxQ1T88drslRwBiWcRXwXDV0gse08ZmS1jcPIw8Bm9l2aic4hvKPSuOaIMQ8cfAg5AR4_G2YeXrFxVbk4Ncl-m68HwZJV-IusqFqFfaqKYsb7p2WeEr7a_v0fviGH3ddxZnE9QEGLrFwkco7qfIxEl9IWEw9Ll-1SrCcAXDW5HH2GJfCnvNTnIHdQQ-OsrPWFKV3T5-_Io2rIByu0GxapjuPVnRX2thwfVFDLTWbn51ZOq7HeXkDX7hm6l5ZHZvs7zIZNNHwUYXYmXf0N12Bqgp-upwVbFdy8eDHlFrjia82OmpeuGKBcU9JuHWjNGjb9KfiZVDdISkArohQhjERi9B2jBk4KaR8gWI4g8LbQI94ioOhJfZB-S-M_RggmfkEVkIqnLbC0C-mgug-gAKkNNcVAK36zRkoJaoMwZerHIZ-5zYP3bCXiJ1aGkPnwxWLsp3zImb1_Z3fWl8OGgTC4UtTcHSVT4_SmhXPphS9MSGSyUZDP0jlU--23rIH_wrhZytmbjfc9qKLJqq_JPt--l87B1V9W1hiiz1MBKALruJUZylkTVDFvdY74LnClixLrxNMU2A025DHzCVIOnYlgZbCDuc1I2wZkeI5DyYLZCgX7pzQLnrF0n1ToHySWtJHxvJELVMBFa7oPUKFpZXP8Rqdx9g7QOPmRKLAPfy7TcrvtQ2cnjx2S_YI1zIWdHzKqi7px2_mOli3yxASRIj_Snjf8S7cFvCws-m1csB0DwYfHYSpesqj-M-b340e2uEWfjO_v3K6M81HG6iAkEYJxp_3ax3KDJ3T5IYJujlQ1gY_2sTsNBdxLAF1ihSnhaKqKN3DJ5bcWSg0ei-bgj74_xljxWVPO8z0gZJv_LGgXBnEOpb_FfqcWE5AmfIiC0U4cuW3_HoU1_ClXBOj0g-B26HR2Xb37w2OByoby0tVWSB2POmjQuYH3xHHRwM6b_xi-KVqnuRH175KUpGeGWgDgLmADfwaxPp9GwzTs3rvBevHl88ocbvNYzHx7bBna0qkHch0pL0KpW5lhzodJbru43sCHig-xUFvoalvvPRTg44k03jwE1auC3cC4VBuKXb3lLcUnocKSR1ews7B93pyJiUX9hPh9c6gUECTIElu8UHaRI5SnniTQqKV27La0A51NncJuR2i-Eb_Ynf5lecwt2nFm7C3nTLXlJn-oyJsyXctSQS3LNjndSCGc4jIdxEgtlYawnRF2JfiVlxkqDUhMmG9kFypafSmcxIseQLKbSpgzrc49J5e7Uiwx-iHoNFTeC4wRVSLInyTv-hLsP47V-3SjQl_GIJxZjKNr3nqH2hUpPkWd4WekfOmUsJCMcqOQKJv3vguD4HhnX2ytF7NzbCFYP_0dBUQaOhD4rZQgAdyeR3fPY7BAM&cid=CAQSTADq26N97bDgLBvPZMbCN17fVgVaP5BIyA2sHfr_oIm5slTk0inG84MqjWyuBa_sAzQypO2Ec1qmLqEPPc9bOkOZlkWCL_tn4DAFvj8YASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 3E13 30 KB
11 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4169285169137119543/ Frame 0EFF 15 KB
2 KB 29ms
25ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cb64cde3e3845ab96b5d720be38f4d0395f778da33403871abfdabe64bac11a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2278
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Mon, 11 Dec 2023 00:50:03 GMT
last-modified: Wed, 14 Sep 2022 10:36:23 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C785 0
0 66ms
60ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvqxvm3PrLn9s4gLlCX2CxuP3LTofArCrX0RkePkzJWhD6SLk1BsdAQDs4qTU5ILl4f_NTReoCrv9KqZQO10CZsbdjvUBEfUxyaUFMLobLV_UwZBFQuAxzv5rbjWReKOBdKaX33ZkdLHB7r_zK5DqTArOdN0KqSCQEpm8KWERUkKhKLC5EVDEqM08-MDOHyYXLgQ28tefXBMzDXNIh-s1h45w-BVDUJpdzF51wlrZ3krAHw8nsHAeUtlXx7f45AM8MeIre1-dAe_I5qJY6jlzaRytMRbWlq_3e4tyXaTmmT4B5u56WjKMa403su7P4pF1ccsWebR-4XqydOlRFjTedFp3jAozgkAwFRt2ALvqF4qexwjT4r86vpupAxG-fDVs--94Ia8k8eIkpUdt3JgO6kcZOiZSS3wu9jwkg4by51fekYmAl1XOVs36kx2ZLQ9vJSL70-ZxYr0MjbE2w8HvBxc7IuQxQdQ2uTddY832RogizMqC-OSUzMexrOv62AFi0Q5HqmeNuhIe1L565WhXicsONPz29Z7zgGbcR6SgfbDlIAEjkk5baVbuYW7LyIPJi4cNdZXTmwqsAs0TO91M7clfHO4lpyINbd2lxz16m8Drt216ygAziiG02S0gaZl9N_VYcX_9WIN50_ofpTbTF6US4jy-tohct5xNhA4fd3t-QAalLUMkjk4W64CAjkfjLApB4n7eR60XF6R352WE2JHGm1IwmbAhie1czASNfqrmiAvGkssiu7C5ERFc4fv3YhBpRwpbUfQZyitCk1TLAVl8ikYFonJsBAHdlOYv26dvSYtiNTPlRcMPkUUrp8Wx9CryZV3uH4666MobdAp05keYUwUay0DtrCRyS-dsELcG13OGTEAwWgG4PAJvBDcdPLkNwnWyMeDrQZXebg2q50WfzXCa4E6S-aWc7xPgGozusN5AI7hZZS6N4eYjj7QEJrMh2rXG3TGMD5hIDKEQblYOQ8Oeguq3FFs_TpFVznU-wHZNoBXN1EY4vnXTmIUDMfW7JtVzP-Xrtx6RqG9ZblzUR2z1jMLj1he18zPj2kJmFXbTr9V6PndolOTK9Nlh74657x2SWwPxAI2v2ePttykjp7PNFIBNDKO8v7_yA_OtZpnVRYYGfRHlZH5a_5EQ9bLMqudegOFxQzQEwzQYtsk8a1l5HEfD14V7dg9eaqn-wIp8ss6VK7mcM0BXLSKxRpyeH8TigDgOsFXslD5vS90NNQXKCi6JcD3x3aDF7fNyYAN4VpE4Q2yi_jjXKzUJKDeu2W&sai=AMfl-YRhhfc6klviX7TDwydzMdiuc2GprYoXwOqeG5dJL3y5cxayutvZUKr-o_AKw0lAXB8bJeyAdF3z3t7YPORrEewnFw22KmOrA97rrM05GsDrkOb89IvkUXLp4R0viBL9MehzUSliHxR0R9P1Hlfcp8FFZQfeZ39YZQycqd7SuEP23eHtFkMzpdGxouaKRDiXGSvoqzKvv7v0Bsbs9zYD26TH874ngRa770umTCMF4Bq61xH2i9IEmeRkYdsZqgCNavDb1P2QsKIhG6KR9guEGSc4W28_CD2P-UQdATY&sig=Cg0ArKJSzN0MAEndNTVAEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=185&cbvp=1&cstd=182&cisv=r20221206.55493&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 73C9 22 KB
8 KB 12ms
9ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465439
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1661867165592.css
s0.2mdn.net/sadbundle/12809638294083468348/ Frame E8E6 10 KB
2 KB 21ms
20ms Stylesheet
text/css 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e0c6eb6c36c30e5c53ee42f1b98270759035c32f99889f11ea7808d80d3fb56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:06:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 301425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2353
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 13:06:18 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame E8E6 118 KB
40 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 200 1661867165592.js Show response
s0.2mdn.net/sadbundle/12809638294083468348/ Frame E8E6 34 KB
11 KB 21ms
21ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=jx8djrN7X4&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:01:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103705
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11482
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 20:01:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 2BDC 4 KB
655 B 25ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed|Roboto

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1156f689ab71b8caaeee48f1cbd51a0cd23b09971245125bb1682c25747740c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 00:22:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 2BDC 118 KB
40 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 200 1661867165592.css
s0.2mdn.net/sadbundle/4169285169137119543/ Frame 0EFF 10 KB
2 KB 14ms
13ms Stylesheet
text/css 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae821393730d4f47ed22922fdc5f36319c2c66f2d9396da23dfe76771376fa18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 01:31:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 343132
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2411
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 01:31:11 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0EFF 118 KB
40 KB 22ms
17ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 200 1661867165592.js Show response
s0.2mdn.net/sadbundle/4169285169137119543/ Frame 0EFF 34 KB
11 KB 24ms
19ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4169285169137119543/index.html?e=69&leftOffset=0&topOffset=0&c=avbTtmj1VF&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 301416
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11482
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 13:06:27 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame DDD1 221 KB
60 KB 55ms
11ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 05 Dec 2022 09:52:43 GMT
age: 485840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Dec 2023 09:52:43 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DDD1 14 KB
5 KB 74ms
31ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 05 Dec 2022 09:52:42 GMT
age: 485841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Dec 2023 09:52:42 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DDD1 94 KB
28 KB 52ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 05 Dec 2022 09:52:43 GMT
age: 485840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Dec 2023 09:52:43 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DDD1 5 KB
2 KB 74ms
31ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 05 Dec 2022 09:52:43 GMT
age: 485840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Dec 2023 09:52:43 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DDD1 40 KB
13 KB 75ms
32ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 05 Dec 2022 09:52:42 GMT
age: 485841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Dec 2023 09:52:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DDD1 8 KB
895 B 19ms
19ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Dec 2022 22:59:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DDD1 2 KB
2 KB 15ms
15ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:16:18 GMT
x-content-type-options: nosniff
server: cafe
age: 52425
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 11 Dec 2022 10:16:18 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DDD1 295 B
320 B 15ms
15ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 53840
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 11 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DDD1 0
0 53ms
53ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwcylOimVY9WNIK-n9u8P3uGFkAj3o-TKbfvVsavREKTn8u2VAhABIIb3hiZglYKAgLgHoAGtrpCfA8gBAeACAKgDAcgDCqoEiwJP0P0Pfx06JmxlbGgF9KsWe8qryn7DODfQ67U89gyL-s4EJcjM1xN2EgpU8uN8ba0XDL-T9JzsqITIIc2Qm0MaF31gJu9m1FPywB7YqxKn--RVKPqvg4fpuulxeuauzXFnxsuqWVyF0tKiZ_FIccN7by_ZK9aktoe8LhI0VlDvmgISKKazCTCwZhtPFL0y8lBlC4RGU9-eo_M_d7l696NuIyz8B0p7-OfZ4BDJkULCrHJfuhc88vq3PPAOKwEw0RiErz_oYuvSXB0Jz6VsYGHhR9cOuPwL21RpIpud-r0xtuQ5_97-cOKyXlu5MFyuWh3_Vk_qJOBr_5wiCWa2MrxWgfRhvjfr_SR0WwvABN6oj7yNBOAEAZIFBAgEGAGSBQQIBRgEoAZmgAe70e9gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ1fkh0ggRCIDhgBAQARgdMgKqAjoCgECACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMTA2Mjk3Mjg2MTU1MzMwMxiB1Bw&sigh=Ml2Ub8DVNcc&uach_m=[UACH]&cid=CAQSTADq26N9x3ExK2BLBeF-AyBKObFLX8hYQw5Y2tfdDaytmHxgKIsEJMMqdmiiO9prdR88sFmPYY3HQNXjn7xJfuuorfnwwA5u25MghlQYASAT
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3732 599 B
269 B 38ms
34ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXsxQkyNOTEiZFIFRxxHBpUkI9HNIAptkPq8TIeVcr_oF6haL2gYpgTvpcoz-uUqjLhHKxiBctxbgVF9qOO9hk0XOHHE5zT1zKUqxQplV0bkT-EnJ6Cpm3OsZnDdzt-O5jLfJFy9-hexULAtjoB5ok8eReE2xfVUxpi3DywE0NhAXFNuTddgRWIaDgks-wRcbiK5KF1lFvZAay4XDdIMjxk4fkUoQ

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0dcc44d0d45a79942a50f0a78ee69e380cbcd8d6c02316c2af886dc634c8997

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 246
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Sun, 11 Dec 2022 00:50:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C7B7 85 KB
35 KB 73ms
70ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CzcYGiDqWPr079onWtICP1wznZeHVtmrv1orebceZt4cM443viHW-LfcSqQf7QF6fBM0fmrBeGxXiCKIU13h0NdjduI1nSEkLQestFWc_Wqsn3-mZFeDjTwQbJgkffd56miDvLeQPk444uq6ZJwUix7KIHXIazYkDjimHds0FeDzOyqdY&dbm_d=AKAmf-Dsl8LrwrdvmLEiDznb_pJnxiKyx7zM_KPS-108MIX7v9kWSUZFp955CGpdpT5kxjvgOWkrytW4leVvxLcDJpYX2-R3Nj51kCU6ePix3DSmXCSFbW8wILLBXD4FRar3Uv6P-BsPjTsqw5xyjdgrD4fMlslyeFXMzYMWuLf1S3Gyg9InsAeRtVQjMXCOnO3ualTX68I2rXJA_bQUDDFdsBChLsaeJ2rakoCyDgbb9XnPCS2OS-V1wu2e8OHd2RYiaZrv-9ArvYH0-vSFuE_qgI7zXyO5aSvkviyxYgSdb4aqcebxgoRcf5IPkgwLJ5hvt9HWhB9YlZD4pwmaEvYN_dLYfjzlbpLcCikWRNywbiM7DTQkTkZun79bhmJDp1ozwelEf8gEri8ExYYIE0JG16qxC2SLcIfrw2m5-eDaHpZfYThS9mz3gEWzacc9dk7eqt5b0-sG60JjtKXe9gKeqKXR45QOyz8oWlsMU1sgM3gpk5b8xqu-bz0V90bzM7gkNtROp5X8SSgA8iwqmLstdDNys8a8FO_XP1U4keUv3Iub2bZIzpN4ibKf_QhmI6agZDX9LOcr2vAKvVKj0uglaMC0VTI5rkw0AVADCCGVyLe8Yn9A0syEUMTOvfbh9vBWYWAFr2AwzrAczHzyeUOMwmQvKcp3qTlE1zad3RjgjMntbTkS2R8lM-VpJcKImHMNlESz2i8RhK4ITEHil2Ui2nOboAlMoK_O5Kc4ryAY0xdeeavPMpU-zARGAMCL11x0VvELig27U2JIDip1VmGWP7uwwpsvhAuWZ9fPivQt6-LkCstt7ApI-l_-KkniIc_LPzBaCyo3e46x8NmctF7SeSJqM-iP3UlH3IN9o246I7zaHhzWaRLHZFSesCJyGv6R1hGxrmoTLS1Y5IJf_D4qZYeXZplEyECG_QSqLRdDfnGj7P3F1uCUpt3IGAMTLWQYi4PC0ENa6aSt0Y3BkhVx1yWlEb9ttxmDYUajOHWDHODCRFbDJAzvG_mDGtoVOQOsO74o0WAZRYO3e3ZTtUpYqV-_9fq9UboQ459FEnEm5FGgPSkevu82o56DB5pGGMBYNp2Wqx2tbjBE1J15HwJElePMHU3L8MOKCUra0CsBAYLJFj6afU1-QQoB3CZdtF-aYOvdMKAWuFlzCUocaRKEP6w-KRN0HWW13g5h3Bti2qPGKoET7B_1sxmNYJHduHCNkHRYaJMN-61X1E7M4nlbAco6u8gE7CEPAIgaCwyp3xED-t8oelOLrGeDSZ_t-41m-FS6VKu9M-Wf_M_ousBabujgXiBkSvMNQ26S_E3Vp8VtX8xARyHzG8-ka_04R4b1Cs4S_yM5lW_zFXv5GL5TVc7BACJo3Ejq9EemBrY99TtRta9MB7GZeYEY-8mm7cK-nT23ar4pmeKqMOGIWrDkf9OyhIDUGazy0MR1dkEGtCrhokiLBDzQWjAYrgk-SMuI9XE398mFFMW7bzdUTPFRAIiH17h9oFSpiukKWLRUAtcaa5bRyoSXzhkyn62o4tcQvzTYr32c8agMxN_UniYXkRPRvYyA69MW6SWdZRz_xq52OpWsCuNZmNbDg0156rqaof6N3n6k6b63E1_f9qFlySUzWntt64U6OjzIKWnNK6oIG09DnVBEAp3zQofBnlNlyMqKFj1APmFK6RUe4gLqhaR2GI92aytUZOcymCuvvtfrv2wIrGeyo04UzSS8sVqyCjM0WjD7BJrnuu0hQLcHZH3MYV_R9l5IdVAmEgD75BwN90jJkmts8xN1U5ws7fmbNOa-XHz2fPVhmVnEYMhY66GHWr7bw3ROfsMgLZyv5ADiAh93wJDzOcLM4NSfYfPSJm8KA1NtsNSHynhdeC1WHdLNEySVeEBfka8CXW1gCBgLNQcdPm86CQHthJABOMtHG72nFKpHF6IGEOkNPQpouFy_RWIP8f-X5-zMZexREOnsOkxVFrLBrvaSVb2akMO2GFQZM3E3ihTpdHXjef4H0_yj8kLbadBzA-2POEmKIR9oPEjBXvwrtEgjMz0aovJiKVeaRHNUMVfXavqR7Zu15z5x1Dfjf6wvjD_N1dcLOYEIIH0_k6dG_nsY8CDgGhHt6AfOnwlGuPQEHctr5kEiwRRoaHHL44g6IYLq8EOEG5iYPxxyu2ezzgWGifrNwPKfj7p3J9PWUrUSc3L8nXDlKV4n95fpdL1AcwT19HSOx3BRwCIkbv9wIb1akMi-AwusO52fyTaZguhDzf18hd1nmzigByUf65pL7_lPDeVkuUXTq6Ft0qsxvb5CDd6uExnky38JJqG6BMxe7qQT1d4kVpdDp9mwxFt6EKhfZnkMlHVwjf-sf5Wittq9jjdHMlZ_BZaQrK9T1aeizLB_njknfQj12-67fJH2b7zf0afIJHML34boDnCkf623jSYtIBpJ5ELrEvlR2nOuwuB3pqeEnP6RA5RiVu1MmdO0Pr5jl_ciFGDKCzxcQsRrnhBUOsn_ZmY90k04KKvQ5XnGUdVQ-9fWuJC0C2QDdRp5dpHBrwJ0wlO5PNX3hp3a3rH1cwL5UuYdXGy9NqXVIHGSE3VxucG4EhL3gRsd6Q7sVOUlqLh1rhghyANhkvzO3xCDlmCQCWIHOkcEtJN2-1x7fudvxW8z_PdZDIpW6WJrvDg_v9bUOe9Zjug4YEaofk5XpDvibGkZ8jtmybTTCLM6kHLPYnIoyCJfonJDuA85MEPxFupHW9yBearNoBWREfrTpUwSQYxnSO8KZcmYhRD0dPxeXmkRiR8F1oSQUdxCLRhBjzfcTSkhGbyvcVeqjNXYa_UV7HRtUXx_MLTAR4jDdyFPjNxhkKzoev9vuZRra7PJaY3vPWxqEyUs2GidNGOYzxHV4NDCxYYMfQEQaL4Jc0ymKsRUObDyLgmyNFndhE_x40Y85wUDgxKGHOu9vVXtZpp2ModS_rDW9_-0P1NefjDHtK-8Tw7L2jefxBe8JZJMaoF17_yZ7n8xBhXI_iijK0gdEp5ZYfLkFzP1QkAjJCR-fCPHj-lE2XPio6THt_eWzbT6LfAsULYkKtwnN03Yv0h-DSFCGLEMGyCD4iSROdMbJpz3BzJEinysiOf-QImy5tX9_GZVzx80aitC0i4tD8vfRRNz9yvXOf5Qk-2JklmFMgFevgeLESoHv0zsU-EJoEnXqxutlhGwkU4U6WX5wX53plKscaXG7MQ_cF36rrUFo79e-3xdCCcxlcacVqb5kR8ZryqiFxb3V4XdJcosbtZ4ViaGaw73mrgBuLIZq_FTvpOq4wlI0kykA-kh_TKM2JI9X3OZYGKbi1LJw4DV1zx6oeFnFoAlkKFXKvjCn0s7NzzyJCBxaZtLGE_hw3ZFWLnn4fMmidhcyISz8hUoDwjqpRfiy-LdRHATNZnOd-abdsLd5E4hODU7tFEI7bE3bH_hj05njNabWKrwgVbJJ-K-HCN9KPH3ZKOdkfCvQkP5ry3NsQzwPj14eTUsHi4F2Z-Ciohq8SY&cid=CAQSTADq26N9ZqDNozvP5H0TCDPN7N6hj3b9T2N-qn11AA-EmSrzFd_lCFhxEKDJ7duslJ2ud8qyth0Ely_GCJJrEbfQf_QGHDEvUPn34kgYASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

848246cb3bc3132cd1eeef03fcb984a4a1111da129e6be6445386e2a25097dd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35833
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C7B7 42 B
63 B 49ms
47ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CnUQtE41ri94rpBjykn1X7jOiFUgTEDDsgk1qJMlvMmQ0gLc5ZE1zSgBa1G7mqHmDCoBr7QGzyNyhq5xc3zvYuohG6uajPzT2sQm6p-anUq7d9wvs

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame C7B7 3 KB
1 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame C7B7 18 KB
7 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39883
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C7B7 153 KB
47 KB 36ms
34ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame C7B7 23 KB
9 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2637 0
19 B 29ms
25ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CImfMxDczXcY6ufP2wEwAQ&v=APEucNUpWiVNE_PrCYgu5oFIuMnD8V8HbyFZcXiHCe0VLwWaQlpVLgYuaPXk3eFWQ3I-AaeaNBv7-Cao7bdyEjkPO4El_n0vBkHDnPK5DUYhgFixgu5mIvQR4C3rZmAnVARvo48XDFfLnPOxJFzJt7-SJshC4SR7HJ6ASwyLRwZTYXsVhXSZJbfDThmdwzuQ7IddpMI-rNoOtjlX_v4fQtrSB6T7zik0DQ

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Sun, 11 Dec 2022 00:50:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F5DD 80 KB
34 KB 60ms
56ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ap5WzWiDZyldwQDNIebErRvyj_gbPjD8YFIU9Clg1d2hyrZxxTdnzEZ_cfwWDp6pGayHFq20CYa9Hf9AYkmEF9g_O-tojexmkRPsrWzh7mJu3Nn9y2eLSY_5y-24UOKc4PmmTntymDxVdpK4XujSVaPoAUEDbNz6VslO2MruIkuGD8GiI&cry=1&dbm_d=AKAmf-AmmskBCKS3ou6HYQFEH41X8w1UMQhS3bgeSlNBUebvFr53TWPTWSB6UkGBPMptF-_mBfJ4wXA31sPGo1X_HQ195kIBtS2TuepxxGBVCIaGnHZPpvC4mS7xf0g2SzlZ_j0tQnsxaBYT4nPqIN2hTFfzp3RipTy9As6cdmMJmj3b2_trQk4XDtPzCQhe5OMZmO-lnbvOPt5HwG8sWrEoO64RyWg5i926h9fOmHSzGEijoYpu6-n9uQGQ_0JtEcl1qURmvSrVia3c8Qts4B3gWtOcsFobvUU4_zDyvedN7qpmI3BoA4gGW1KKUaOhFHRLMjAZSTGVtBytXOEpiBoGJKuS1-6A87FxQf_q7_StxnijkBo2RDEvTvjKCHSBftzL-TK3-G9QcHznqWiXJHJd28Aof5R8vClLy3v9nLTweRmX83oa9ZNUpxrxzfiMnghXP9xetzouz-HaPSGr6kYqE8schhAOEkOuECLQJe-BLnNraxuhI0mEVjzsgBapbKhk6F2CjnP6JmLUsWkGTvtqUF51GCU0qnCzdiwJv6hgB8py5W7fwAFlksV95Ii0dmiVhJPMn_5qxNIPZv8Dwlc7D53BJrxJw6sPYVf_y2f116kpANuTGworEJk1lZ0akclVLwIjlLkj__fDmSFh5PgWVcL68YItK2DtNbim-EegTQH1_klJuJgN8EhRIQ9o1__JHsox5V_NmqdYs48LSUkFm1s3oePSb7yrM8zaLZcCpZOeB5Ke6pPWPZx87W-6Xs6y81DxDruIeoSuQPxfykIvEJ3fVdYKCSxngM9uMHaRaPzLCbFyQ3wFIETKxDuXYUqiSd4M_8_JxfnfNSBGreMvaxP9SXb_ecdeHkWklGzr2nPD0FF50qj_6N6HF5bwpgE1_wi2S9fn_faHcMaRlUvb13jSF-kV7BwC3jTY1sX2_A_4vNgKHw7fLe6Rm5dCMKCX9p_KNhJOgJyNMpzqTDUyq8jtntDgj-wWrwRoqBGukyN6RzWqtUYBkdNpYUJe2vW6nczEX1aYKgEEQ4Olgw_SjN2h1ZEaCmUmIEDq_8SUMVGUWgqBWeNt58lpI-LTijURvl0u-7jpPxPcTWl3bX34YPCW4z1-gprmjyHgbC44Bc8ok8GuJZeCKKfxkGCFpzk2khS7nJIYZu6UGXII7ZwcrAcaRqSxvVYNmHPC__jO4ChmoVHNNY9N7ZCml-BalnHVFS-VAEjqFqfkvwcqT4ZRjEXQhxWYEfFjZYhbnCunXtVXeTFJdO_dr_fNhlVZHqNoZ2WSLwQhkOxahm9Nne0drvxk850vPIqVASvagm1dHKXgcppkF8Dk6W8nSClxrhV3rhcpbi93GCeKGF8XLG0WJzPjFvVBqO6r2qK2bqaMmC7KdVU4Ix-QIXTSwvxMIz49L1VhNwOEDAo4ZEBLC5m9E5xv8RZi6kCoBVo6cB2a-vBnTJo51DG4Jx4iOT8o2RgfySMmfenKEhsWEDvFgZvs_N4AsYeLboeQDob9ksZpgO14VNsWc58DI03Y_y0x4tT7KBCY6DBY079e8VISRp15SN2ZrST01d1wGJXyG0qw6pF0HVTbL-mCxiY0j56HrfVkUPb5ZDxma-TUuE3aaTFUKo5sPlWd1a0Kubu0FOHqghXghuKEi5p3DVqoCI28PJ1j8ufZqBReS92P4m9-y783w3pcKHsCB8enqF7G_G8oVJ0Td0CDShyCIz4NGsvHYJCXoJXWE7of9CzkS8E2FsifSSw_W7e_jNI-A3OjE9ywDNS73VtdY3agNfp_SeHXC2ta66bBWW-7ks98G_kJdZDJkBpXEFN5DcfJjtMTMX7Gr6iFLzpx1dHVR2oiWCKTwOBaGd_d7yjSGy9obl1wXFqSuS9x_HvTFyiY9l7HvbgO9WzB54WzPt_BhCmz-jNcxRpFvE5tBA6KzHKdr_Tdj2kTXYlMFAt-5dhaT8fnSF0mmzcg-smGLsHICPI7C80QYT7irca6ALwETKqfnMbMVnbQd37vFiYrJsyh8sATEMpNpIlVV7fAGVYZlyObbRjkWBiqsle1rEu9udr41KqpVeozo6CplHM6Rz5vJxdwLdfLzogGXmJkQSuDscqh3aMhT250h1xbn1DBl5VQgiRut2NuThd44KYWyWsYtDjQWCGlca6sCJyBKOm5jo_r8yX4kt2OJL_B0jdvyRUax_oye8KcZ_5S94k34HQMRGlb0hUfi5vdIXOWSHi-FveAWQAo4N-g0fFGIcieZ0CEULiFigBXUJ7WLsdnwCPlG9lf5eg2nAyeY6ArdDX--EGWnoMrDRux4ZdLHldN72cQStUOZHEcbmpg_d5OH81eDkf876gf33Z44913mrOKa-cbAAM2uTKwWlaHYOJFkCmFdP9E-seftsoluD4sc3dp_q6eIBd3g5T76YrGp-Y0x2rxFX_RFnevofCjJ9IdpwPTSyEOMhghpuGYnbGYglpXy_ZGA3dy1S6SJA14WMctt8rgC4vYMGJpi8zStcwcpnTS_KGGVKmr9AQRYch8OtH4_2168AokT99wtC-XqoG873-eO_W55qXGfoI29rhe17yttkQP4mXuqqASmMSr8LeGnzFaZNCbmskgZLOd2JX2schjqKJMvFcG5nqLqWziAGpHhEVmnOuHoHPADnR6BCAShS4xhBluDUH8XcXUxzyMYQ94ZRrjU3SNnXvlNvshL7zlikhtonsCeJCviV2pOMd4xWJlaPZMH8hSjUek0XthUA2qn4f6321R9eDr4N-LBM2ga6-y5miFb1mh4AyytIcR6MOgOj2a85LZRLLFyI5AEDOtUeCxSv6Js-MOvWGNvXbIBzCmn1rYGZq3eAimeys3EqWMnLr_k01heWZsVCc1kcgoXsvtfHnRXQO7iX_PcuY00Fd1iSB0QHl5LSGZ8C4liCo_yW2ORYzLNe-K91lQwoAxGht2BnduKBQzTvkzgNVvtsEmkqUDnuUjd7Kj1GC-5--xIkUuLsnNBeCK3zQMGBLOQ8KkijpmW_pJLa3qwp-u5b1b85GIuuOq1bo780laRtCWoxInSw6ksqnHtbcqf9YIua2zc1J7sRKFQd_jCn6Q4-w_4j5IHrrl97l-a7wj0wWTwqQujE5NcXa9s-PM5DCz4gtVLWsl-BHxmywSg_dNKXAfn9Jb7Na_3p-PBzylCa6YLe89TAcbuSqcAUHLdD_6u8vFzKt65FdN-OoPd2h-2kkSEIMPGYR4WAkBEIl-zx0BkFSg7HZntSy9f5Bs9a4jl7taywIybhg3-GW6H5aaWofISaMfNnJ3nNbQtTpeQ61D_qA9fzunOnZwMfVVImVA384clLsVduu1TjG39KM8_UwuziFm2GN5FbhLe_s1OMFoXRYJBRrUKgj9KJtGNR8UbsWIUDv4tNiytkdp8Mtpsh4JjJUU1lPMaGhNJftCov2lmAZpKjgA0Ld9W6LNy08az5azSS75tgptfSCG_mC1zNBi5-D5Vye-iW_G9L4MP6fuPw9dT2iVHe9LeUjFRm18xtr4HKy4kuOpKNKGXD18arbBoEuPX-xD58YzEUmSQ-BFYALZPMGgETHq2Ad2KdSSuZN67_L7OlBJsIrTJUjQ_EzHj-uzSe5fS7SQLU9wxO8XvSpi8_kz65WkrSf3GMLlFJUtuq9KHiZsyIh1h2N5WidaN806A5bbCSYanAEUv29OFSQMW9ONaxRCr0GdXjoIZgo52xVoidVhq-Rbma9VscTSGQ_3-SGWQ_6ZQL2hw8zqPSG3FKIZqK6KcPct-xP0-_LtpWjQfSBnpCXOCWpr5MuAd99oEWiLx1VDwm1qPoDAF5KOOi6R27yXYZpytppttAg1Xw6EMevMonzI&cid=CAQSSwDq26N92H9HC2X3u_aWYx3vSGGEfzoPpwZai7TEJkZc7-IxijwM97cGfkv8MY9_hHgrC_S52aUhp9akU9GlAqWSzt5Ismz8dYpFUhgBIBM&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02b635919156b6663ec09247ad8217351bd7bb1ab1394b9d3f7f07d704397b56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34607
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5DD 42 B
63 B 59ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CDNn_egCImbtVlxHKdqrb0IfgaijY4AnG0Flcc5o972bYzDl-hHAjgNGY4I1uq1UHu89BxkUU9WJX_tAUTmLYt-Tg2BmubWLg4Hiq5pC_ZtpK4KQA

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

src=5281021;dc_pre=CPb6rqOs8PsCFZOWsgodlTcHLA;type=nra;cat=nra_p0;u7=AmazonPrimeVideoUsers;u8=DE;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=12345
adservice.google.com/ddm/fls/z/ Frame F5DD
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=5281021;type=nra;cat=nra_p0;u7=AmazonPrimeVideoUsers;u8=DE;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=12345?
https://ad.doubleclick.net/ddm/activity/src=5281021;dc_pre=CPb6rqOs8PsCFZOWsgodlTcHLA;type=nra;cat=nra_p0;u7=AmazonPrimeVideoUsers;u8=DE;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa...
https://adservice.google.com/ddm/fls/z/src=5281021;dc_pre=CPb6rqOs8PsCFZOWsgodlTcHLA;type=nra;cat=nra_p0;u7=AmazonPrimeVideoUsers;u8=DE;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=...

42 B
63 B

48ms
47ms

Image
image/gif

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=5281021;dc_pre=CPb6rqOs8PsCFZOWsgodlTcHLA;type=nra;cat=nra_p0;u7=AmazonPrimeVideoUsers;u8=DE;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=12345

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=5281021;dc_pre=CPb6rqOs8PsCFZOWsgodlTcHLA;type=nra;cat=nra_p0;u7=AmazonPrimeVideoUsers;u8=DE;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=12345
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame F5DD 3 KB
1 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame F5DD 18 KB
7 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39883
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F5DD 153 KB
47 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame F5DD 23 KB
9 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
DATA 200
OK truncated
/ Frame DDD1 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 156bc0f80bf079c98781db5cec3109dcc04360075e16450eaaafbc5c560f6199

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11194968340574837653/ Frame C821 133 KB
34 KB 28ms
28ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4728138c66efe2631f52ab947848a9646eb05fe3c25db6cc9a07985f94b7f47e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:03 GMT
expires: Mon, 11 Dec 2023 00:50:03 GMT
last-modified: Wed, 28 Sep 2022 06:59:39 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3E13 0
0 81ms
52ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuPNQfxWOsQrJcq8SjNTCMPBgNly6wamhWVzAWXoULulonuygRvx0fnZ0JMPGE4gLZLKnERBo6E6xhgijtw13n0AQl7ju1_sXIVNNV3WscO5x4yyyQ4Rd7ECvuWGKrYdBrYFORqwE57s1nTOBFj40d9NSWsnI74oIpSD9WN49j333-J2wgh_FxGZiyQvh3CcbczWgRJyPslcL5b7tt7s6X4c7-T45yJfZdHK6RDdYPZ90ztfHA53pPTeTtGL9dKUczHcNVa2G7813khg61WnEJldRWYApY4L9Iw2rvpXGcfBmc12LSna9e6RnusBW1fBp27wqbMnik3OqeSEoq4z-K16YOhPRX_p7xTUM_4a0suMxf3CVgAmpbJzuvj2bkdMwdKB8QHC_IAhvM311739KhHR48eft_sQ13YDDHypmvnh5uvS-0coyRYEoXna2-vhmHAZVMi-aocNaV3ux26NIEUH5nK05LFUDwHvrADo35-5K9wHR2SDmrHS7Yxu-nUAmS0qLLDBQXAbzHnOVwk-StMcJgsOaKrg7LtNgyQjoCKFh1WwEA8IkutlA8rWmoA45LC1pt9Plju8pvyGMGkgKkq22rFNDfpGRP1V034vNj_MbT7bXaSgyLuipTP68Jjxnktq97rOlE5tBJp1zewW5bZKF14cJMquRm09_TPmZ6oCW_Pmez8D6JpiVthqO-g7rtr1loIc49zySzbbvCni5dnr3A4EJQDhpqWTp8VhzY3zVO4nLd-CHAgbsuzhRy-fE48WnHfzf-YxWsZUGK7z6Pv8ZLoMHmJfxCi3mU9_D2wNQ71scSoPRQCGimlbVe1qKtIGdfoItp9wU6mzBAt4ViYPatFPXMfusC0Vg5rhvKmhFLO-SPCVVTHdD9yk89uzAgURrk52fQ42NY3N-0bESQHeP7PneBvr8Npbx3nKztXXOHgoh49poN2LS3G5C9S-MTiVfD-_bttELw81TpuVCKuoQHaEz0-OZsgpIywfBx5wj9cvayIwSDR3Cs74xj3vtlE2CCIdRBVEzuW5OPvko1N0QmMd8tTswyR5PmuUO55Rd7hGlM3KEUNyaZsajD-EluM5btldleRR6AkAaMd8E9Eet1jLBHvUyID0sHEE16q-xZeYz3dyp1mVH-fs4aFfX3x_0G5jC8lIrVlRdmDAEnZS5jTpUsR8ugIK8kBlzoIYVJ394eT7oCxUf9MVwbITtbIiCUNvSWNRGOMvsQodRGntIUuX5r9Uu0i52aKiZLcyFb0j4G9RwIAUvdGffFCR6rSivuVq2Ta&sai=AMfl-YQN7jPhdLNXSGQ9NJ4kYtcDCjpyvtJMStJKYtWfoYZMakOb2r0lwMzpRhAPjzNcUrLPatAgbHqna7S4Kq5Lyecxd8T3IBJPrSh88PdvSWY_o-roZ4Ln3sTb9MlQHAzqbK5HNi5VjtgdkWpUtZszLf-ckT6U1o3SCFbeQTJ3mi6EsnJC-apTYy3gxeLVJCNpKHq2MPvtFdmhOrfTa2jyZJxaRsd-txGB9FIAM6MXBVH8EWa1SKqc1OKTGxoxN4D6ECmiIX4D5_YJ_ah4Sl5WYm4oEAAc0cAdzlrHfFVJmQ&sig=Cg0ArKJSzB95d958JbjlEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=155&cbvp=1&cstd=152&cisv=r20221206.85783&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 B29045444.353940460;dc_trk_aid=545005594;dc_trk_cid=182965393;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=ABAjH0hPqty2pfLhU2CwPhAUrrUE;dc_pubid=5;dc_dbm_token...
ad.doubleclick.net/ddm/trackimp/N195005.279382INVITEMEDIAINC.DO3/ Frame 3E13 42 B
63 B 36ms
35ms Image
image/gif 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N195005.279382INVITEMEDIAINC.DO3/B29045444.353940460;dc_trk_aid=545005594;dc_trk_cid=182965393;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=ABAjH0hPqty2pfLhU2CwPhAUrrUE;dc_pubid=5;dc_dbm_token=AD1EzRQAAADvCuYBCgwIABUAAAAAHQAAAAASDAgAFQAAAAAdAAAAACISCNGlp6pHqAKCoHSwApf00OEDQAHSAioYASITCOmm5aKs8PsCFXeX_QcdZjsAyigBMAE4xfuXw94QQAJIAViIgSCqA3BDQVFTVEFEcTI2Tjk3YkRnTEJ2UFpNYkNOMTdmVmdWYVA1Qkl5QTJzSGZyX29JbTVzbFRrMGluRzg0TXFqV3l1QmFfc0F6UXlwTzJFYzFxbUxxRVBQYzliT2tPWmxrV0NMX3RuNERBRnZqOFlBU0FUsgMRCIDhgBAQARgdMgKqAjoCgEAQn7HP2wHUsbrczJ4aGN9KtSWkU92Q?

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame DDD1 28 KB
28 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://i.afly.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:03:51 GMT
x-content-type-options: nosniff
age: 315972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 09:03:51 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 20AB 22 KB
8 KB 17ms
17ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465439
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3E13 41 KB
15 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465452
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
DATA 200
OK truncated
/ Frame 3E13 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6f7a4840de4a43028bf578b76364f83652fea86db384fb4baa4aba31de96b84

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

user-registering
ads.stickyadstv.com/ Frame 3732
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEP7ksfBLEQ2zKCqWh5mdRyM&google_cver=1

43 B
691 B

90ms
18ms

Image
image/gif

23.55.110.16
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEP7ksfBLEQ2zKCqWh5mdRyM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXsxQkyNOTEiZFIFRxxHBpUkI9HNIAptkPq8TIeVcr_oF6haL2gYpgTvpcoz-uUqjLhHKxiBctxbgVF9qOO9hk0XOHHE5zT1zKUqxQplV0bkT-EnJ6Cpm3OsZnDdzt-O5jLfJFy9-hexULAtjoB5ok8eReE2xfVUxpi3DywE0NhAXFNuTddgRWIaDgks-wRcbiK5KF1lFvZAay4XDdIMjxk4fkUoQ
Protocol: HTTP/1.1
Server: 23.55.110.16 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-110-16.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1670719803761069-364
Expires: Sun, 11 Dec 2022 00:50:03 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEP7ksfBLEQ2zKCqWh5mdRyM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 317
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3732
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=11
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=NGJkYzZhODczMjM0OTIzMjMwMzZjYjk0ZGU5NWExMmM=&gdpr=0&gdpr_consent=

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=NGJkYzZhODczMjM0OTIzMjMwMzZjYjk0ZGU5NWExMmM=&gdpr=0&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXsxQkyNOTEiZFIFRxxHBpUkI9HNIAptkPq8TIeVcr_oF6haL2gYpgTvpcoz-uUqjLhHKxiBctxbgVF9qOO9hk0XOHHE5zT1zKUqxQplV0bkT-EnJ6Cpm3OsZnDdzt-O5jLfJFy9-hexULAtjoB5ok8eReE2xfVUxpi3DywE0NhAXFNuTddgRWIaDgks-wRcbiK5KF1lFvZAay4XDdIMjxk4fkUoQ

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:03 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=NGJkYzZhODczMjM0OTIzMjMwMzZjYjk0ZGU5NWExMmM=&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1670719803867023-430
Expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 3732
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH1P4hlOYwVWQeoh8rMfbuM&google_cver=1

43 B
163 B

139ms
61ms

Image
image/gif

185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH1P4hlOYwVWQeoh8rMfbuM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXsxQkyNOTEiZFIFRxxHBpUkI9HNIAptkPq8TIeVcr_oF6haL2gYpgTvpcoz-uUqjLhHKxiBctxbgVF9qOO9hk0XOHHE5zT1zKUqxQplV0bkT-EnJ6Cpm3OsZnDdzt-O5jLfJFy9-hexULAtjoB5ok8eReE2xfVUxpi3DywE0NhAXFNuTddgRWIaDgks-wRcbiK5KF1lFvZAay4XDdIMjxk4fkUoQ
Protocol: HTTP/1.1
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH1P4hlOYwVWQeoh8rMfbuM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 3732 43 B
163 B 137ms
21ms Image
image/gif 185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNXsxQkyNOTEiZFIFRxxHBpUkI9HNIAptkPq8TIeVcr_oF6haL2gYpgTvpcoz-uUqjLhHKxiBctxbgVF9qOO9hk0XOHHE5zT1zKUqxQplV0bkT-EnJ6Cpm3OsZnDdzt-O5jLfJFy9-hexULAtjoB5ok8eReE2xfVUxpi3DywE0NhAXFNuTddgRWIaDgks-wRcbiK5KF1lFvZAay4XDdIMjxk4fkUoQ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 405 Show response
a.ad.gt/api/v1/u/matches/ 11 KB
4 KB 547ms
182ms Script
application/javascript 54.69.168.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/405?_it=amazon
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fi.afly.pro%2FLclT&ref=&_it=amazon&partner_id=405
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.69.168.64 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-69-168-64.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: dcb55d0409e3d7f7c71fe9993afc3bc5e911e036570cce5e4e95e7e42c43a980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: nginx/1.20.0
content-type: application/javascript

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 73C9 36 KB
16 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C821 4 KB
655 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed|Roboto

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1156f689ab71b8caaeee48f1cbd51a0cd23b09971245125bb1682c25747740c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Dec 2022 23:02:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame C821 118 KB
40 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C960 0
10 B 9ms
9ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pAXgQw
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 eurostile-regular-condensed.woff
s0.2mdn.net/sadbundle/11194968340574837653/ Frame 2BDC 32 KB
32 KB 9ms
8ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11194968340574837653/eurostile-regular-condensed.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bb99de687740f817536e5974135fe5058ea3e4882c83903eabd88759a4966f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 03:58:47 GMT
x-content-type-options: nosniff
age: 75076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32696
x-xss-protection: 0
last-modified: Wed, 28 Sep 2022 06:59:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 03:58:47 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2FD5 0
0 65ms
65ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvyzTMpRkDjBFHDSikuaT95rHgKshiBiSKi2KuWsAltjkvzm60X9Df2a4LkNFjtihE3Ikt6Z6Ao_4deg1_5_-LJlN7ceGzAm9lRRq4D0WaIDeQpeWU5YkVn19tjXL43xXrev2bvxcOXem4UoszGHy2L0FA7Fvig0dzmXkitkHVHXplFFpN5rXvsvHYxU5PIR8cUdRFiIIiHOhCnTPYX0jDmwVmuHTsViBWjj_dP7ntKFMhCk-UaW6fa5WSS5PlY6xGsNhmgEpnDjsrEGc-uKlT9QZ4tpotGQlsoMEWr-5rJ_BS0IHbwwjRC2Y3GiEAh3QJt1vyEQon7ierQXlllBi9C5oWedt1_yAMue4bUVGLSCMVby7I_Uv1P61FyRFaRBZS2U6QaKPW-G-U9kaledUiFF4VezHzILY_2xZ2gpWjqsKgqj5-ll2q2sYriih80bjX_qA7mZu5iPl8yLRjzraA-4jPYPWo494psRBB9UdoouVDSxEJmfjDZuvhff9WRgM76bvO5uTACUw7qYDgo-2OW-KVDfnshYfV4hTLDdMl37rZ5A6Z0QiWF6gRsUvSYmNOAojbpQueRbwUfHKQaiCTplMzw6Xk-HjMein2vkE0t3jWFs3ZCNhV7gg46nO9TQe7glizdDA9Sy-V0jCqQ4lBqMkHu9MnjVQqKpp7D90gfnjQw-Xnrj3bhTuEiTtkVO3L3QC_EzMxbEL65YUPXogB35qaRMmuFN9q-RxRlZRgLkugDnWrSj43rS4JuuaYpARSFZaus18SeJ8nAjdc0RsTxwUkr0KmBC7UZUedXF116y46xkejvjKfloHj2TMKOrIaauM9X5zKaViupAmHbsynhHYX4J1cgE1ZkHPSyg7WNgwbMYKhZ-22trO1WtsAsAHTNCxtyKW8wxUV2-N9h1HKpNc8uBCpVmOSC79TvPBV88CeiAWzkA3MagqI4e61dFWZBm94ICVpxPr5nhTXv5h6diFUYbfwxUhMSB7pMzqVdF3tENC3abFyn4J8ZvuU3pAuad8dABwq7cHEikhU0Gi14f04aa766CcKL22xErhJcfpwuzZOIEQd9cEVYbxm6-Z5e0cdaDWyyHwTWZ5tWw37j6YclzUG1QXY6zrVOnUB2g4rUcCQFkFLlFr_z4CjaCHM7JZ_eLqlz49ofSa8Uz03gwn1TMwt5au28EjNv1MSxnKsTaqRu3EF5S0wBNJ7oqY8I0PsjhfKSkyXV-I7gAkTNNRwgjPgBSvyf3AOAA4_guFpi3xoPu4oOxIJVnrjGMhzX27ptw&sai=AMfl-YRxTi2JHoMSZ76dbOw4aGkkjvul2TGWEYDp1Hct_sGjJNO7tjSeiBuze5SAOuyE3alJ1d9Uu-4mxxvWi7Lw-A38PFaBLd__oZS6HIP0aAbzX2sjxzX9opXTpMF8XW14kb9dQ-_TnbmFRqQ5o4M9iVhDl_xOPqEUpCU680RTq67ImzY4NblizB6Dax3MMWXsKOpWfCSq4Hop-ckUS0h-wjWfO7mmD4s4KbYXYmCCEtdH6XDiYz6j8U4LYlWtioCYbCckSuMYwCzofD9oMFB8VZbKAJNEtMK__38HXeGLvw&sig=Cg0ArKJSzE-1P19n83MTEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=791&vt=11&dtpt=432&dett=3&cstd=354&cisv=r20221206.22422&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame F5DD 106 KB
37 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame F5DD 8 KB
3 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ap5WzWiDZyldwQDNIebErRvyj_gbPjD8YFIU9Clg1d2hyrZxxTdnzEZ_cfwWDp6pGayHFq20CYa9Hf9AYkmEF9g_O-tojexmkRPsrWzh7mJu3Nn9y2eLSY_5y-24UOKc4PmmTntymDxVdpK4XujSVaPoAUEDbNz6VslO2MruIkuGD8GiI&cry=1&dbm_d=AKAmf-AmmskBCKS3ou6HYQFEH41X8w1UMQhS3bgeSlNBUebvFr53TWPTWSB6UkGBPMptF-_mBfJ4wXA31sPGo1X_HQ195kIBtS2TuepxxGBVCIaGnHZPpvC4mS7xf0g2SzlZ_j0tQnsxaBYT4nPqIN2hTFfzp3RipTy9As6cdmMJmj3b2_trQk4XDtPzCQhe5OMZmO-lnbvOPt5HwG8sWrEoO64RyWg5i926h9fOmHSzGEijoYpu6-n9uQGQ_0JtEcl1qURmvSrVia3c8Qts4B3gWtOcsFobvUU4_zDyvedN7qpmI3BoA4gGW1KKUaOhFHRLMjAZSTGVtBytXOEpiBoGJKuS1-6A87FxQf_q7_StxnijkBo2RDEvTvjKCHSBftzL-TK3-G9QcHznqWiXJHJd28Aof5R8vClLy3v9nLTweRmX83oa9ZNUpxrxzfiMnghXP9xetzouz-HaPSGr6kYqE8schhAOEkOuECLQJe-BLnNraxuhI0mEVjzsgBapbKhk6F2CjnP6JmLUsWkGTvtqUF51GCU0qnCzdiwJv6hgB8py5W7fwAFlksV95Ii0dmiVhJPMn_5qxNIPZv8Dwlc7D53BJrxJw6sPYVf_y2f116kpANuTGworEJk1lZ0akclVLwIjlLkj__fDmSFh5PgWVcL68YItK2DtNbim-EegTQH1_klJuJgN8EhRIQ9o1__JHsox5V_NmqdYs48LSUkFm1s3oePSb7yrM8zaLZcCpZOeB5Ke6pPWPZx87W-6Xs6y81DxDruIeoSuQPxfykIvEJ3fVdYKCSxngM9uMHaRaPzLCbFyQ3wFIETKxDuXYUqiSd4M_8_JxfnfNSBGreMvaxP9SXb_ecdeHkWklGzr2nPD0FF50qj_6N6HF5bwpgE1_wi2S9fn_faHcMaRlUvb13jSF-kV7BwC3jTY1sX2_A_4vNgKHw7fLe6Rm5dCMKCX9p_KNhJOgJyNMpzqTDUyq8jtntDgj-wWrwRoqBGukyN6RzWqtUYBkdNpYUJe2vW6nczEX1aYKgEEQ4Olgw_SjN2h1ZEaCmUmIEDq_8SUMVGUWgqBWeNt58lpI-LTijURvl0u-7jpPxPcTWl3bX34YPCW4z1-gprmjyHgbC44Bc8ok8GuJZeCKKfxkGCFpzk2khS7nJIYZu6UGXII7ZwcrAcaRqSxvVYNmHPC__jO4ChmoVHNNY9N7ZCml-BalnHVFS-VAEjqFqfkvwcqT4ZRjEXQhxWYEfFjZYhbnCunXtVXeTFJdO_dr_fNhlVZHqNoZ2WSLwQhkOxahm9Nne0drvxk850vPIqVASvagm1dHKXgcppkF8Dk6W8nSClxrhV3rhcpbi93GCeKGF8XLG0WJzPjFvVBqO6r2qK2bqaMmC7KdVU4Ix-QIXTSwvxMIz49L1VhNwOEDAo4ZEBLC5m9E5xv8RZi6kCoBVo6cB2a-vBnTJo51DG4Jx4iOT8o2RgfySMmfenKEhsWEDvFgZvs_N4AsYeLboeQDob9ksZpgO14VNsWc58DI03Y_y0x4tT7KBCY6DBY079e8VISRp15SN2ZrST01d1wGJXyG0qw6pF0HVTbL-mCxiY0j56HrfVkUPb5ZDxma-TUuE3aaTFUKo5sPlWd1a0Kubu0FOHqghXghuKEi5p3DVqoCI28PJ1j8ufZqBReS92P4m9-y783w3pcKHsCB8enqF7G_G8oVJ0Td0CDShyCIz4NGsvHYJCXoJXWE7of9CzkS8E2FsifSSw_W7e_jNI-A3OjE9ywDNS73VtdY3agNfp_SeHXC2ta66bBWW-7ks98G_kJdZDJkBpXEFN5DcfJjtMTMX7Gr6iFLzpx1dHVR2oiWCKTwOBaGd_d7yjSGy9obl1wXFqSuS9x_HvTFyiY9l7HvbgO9WzB54WzPt_BhCmz-jNcxRpFvE5tBA6KzHKdr_Tdj2kTXYlMFAt-5dhaT8fnSF0mmzcg-smGLsHICPI7C80QYT7irca6ALwETKqfnMbMVnbQd37vFiYrJsyh8sATEMpNpIlVV7fAGVYZlyObbRjkWBiqsle1rEu9udr41KqpVeozo6CplHM6Rz5vJxdwLdfLzogGXmJkQSuDscqh3aMhT250h1xbn1DBl5VQgiRut2NuThd44KYWyWsYtDjQWCGlca6sCJyBKOm5jo_r8yX4kt2OJL_B0jdvyRUax_oye8KcZ_5S94k34HQMRGlb0hUfi5vdIXOWSHi-FveAWQAo4N-g0fFGIcieZ0CEULiFigBXUJ7WLsdnwCPlG9lf5eg2nAyeY6ArdDX--EGWnoMrDRux4ZdLHldN72cQStUOZHEcbmpg_d5OH81eDkf876gf33Z44913mrOKa-cbAAM2uTKwWlaHYOJFkCmFdP9E-seftsoluD4sc3dp_q6eIBd3g5T76YrGp-Y0x2rxFX_RFnevofCjJ9IdpwPTSyEOMhghpuGYnbGYglpXy_ZGA3dy1S6SJA14WMctt8rgC4vYMGJpi8zStcwcpnTS_KGGVKmr9AQRYch8OtH4_2168AokT99wtC-XqoG873-eO_W55qXGfoI29rhe17yttkQP4mXuqqASmMSr8LeGnzFaZNCbmskgZLOd2JX2schjqKJMvFcG5nqLqWziAGpHhEVmnOuHoHPADnR6BCAShS4xhBluDUH8XcXUxzyMYQ94ZRrjU3SNnXvlNvshL7zlikhtonsCeJCviV2pOMd4xWJlaPZMH8hSjUek0XthUA2qn4f6321R9eDr4N-LBM2ga6-y5miFb1mh4AyytIcR6MOgOj2a85LZRLLFyI5AEDOtUeCxSv6Js-MOvWGNvXbIBzCmn1rYGZq3eAimeys3EqWMnLr_k01heWZsVCc1kcgoXsvtfHnRXQO7iX_PcuY00Fd1iSB0QHl5LSGZ8C4liCo_yW2ORYzLNe-K91lQwoAxGht2BnduKBQzTvkzgNVvtsEmkqUDnuUjd7Kj1GC-5--xIkUuLsnNBeCK3zQMGBLOQ8KkijpmW_pJLa3qwp-u5b1b85GIuuOq1bo780laRtCWoxInSw6ksqnHtbcqf9YIua2zc1J7sRKFQd_jCn6Q4-w_4j5IHrrl97l-a7wj0wWTwqQujE5NcXa9s-PM5DCz4gtVLWsl-BHxmywSg_dNKXAfn9Jb7Na_3p-PBzylCa6YLe89TAcbuSqcAUHLdD_6u8vFzKt65FdN-OoPd2h-2kkSEIMPGYR4WAkBEIl-zx0BkFSg7HZntSy9f5Bs9a4jl7taywIybhg3-GW6H5aaWofISaMfNnJ3nNbQtTpeQ61D_qA9fzunOnZwMfVVImVA384clLsVduu1TjG39KM8_UwuziFm2GN5FbhLe_s1OMFoXRYJBRrUKgj9KJtGNR8UbsWIUDv4tNiytkdp8Mtpsh4JjJUU1lPMaGhNJftCov2lmAZpKjgA0Ld9W6LNy08az5azSS75tgptfSCG_mC1zNBi5-D5Vye-iW_G9L4MP6fuPw9dT2iVHe9LeUjFRm18xtr4HKy4kuOpKNKGXD18arbBoEuPX-xD58YzEUmSQ-BFYALZPMGgETHq2Ad2KdSSuZN67_L7OlBJsIrTJUjQ_EzHj-uzSe5fS7SQLU9wxO8XvSpi8_kz65WkrSf3GMLlFJUtuq9KHiZsyIh1h2N5WidaN806A5bbCSYanAEUv29OFSQMW9ONaxRCr0GdXjoIZgo52xVoidVhq-Rbma9VscTSGQ_3-SGWQ_6ZQL2hw8zqPSG3FKIZqK6KcPct-xP0-_LtpWjQfSBnpCXOCWpr5MuAd99oEWiLx1VDwm1qPoDAF5KOOi6R27yXYZpytppttAg1Xw6EMevMonzI&cid=CAQSSwDq26N92H9HC2X3u_aWYx3vSGGEfzoPpwZai7TEJkZc7-IxijwM97cGfkv8MY9_hHgrC_S52aUhp9akU9GlAqWSzt5Ismz8dYpFUhgBIBM&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame F5DD 30 KB
11 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame C7B7 170 KB
59 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame C7B7 8 KB
3 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CzcYGiDqWPr079onWtICP1wznZeHVtmrv1orebceZt4cM443viHW-LfcSqQf7QF6fBM0fmrBeGxXiCKIU13h0NdjduI1nSEkLQestFWc_Wqsn3-mZFeDjTwQbJgkffd56miDvLeQPk444uq6ZJwUix7KIHXIazYkDjimHds0FeDzOyqdY&dbm_d=AKAmf-Dsl8LrwrdvmLEiDznb_pJnxiKyx7zM_KPS-108MIX7v9kWSUZFp955CGpdpT5kxjvgOWkrytW4leVvxLcDJpYX2-R3Nj51kCU6ePix3DSmXCSFbW8wILLBXD4FRar3Uv6P-BsPjTsqw5xyjdgrD4fMlslyeFXMzYMWuLf1S3Gyg9InsAeRtVQjMXCOnO3ualTX68I2rXJA_bQUDDFdsBChLsaeJ2rakoCyDgbb9XnPCS2OS-V1wu2e8OHd2RYiaZrv-9ArvYH0-vSFuE_qgI7zXyO5aSvkviyxYgSdb4aqcebxgoRcf5IPkgwLJ5hvt9HWhB9YlZD4pwmaEvYN_dLYfjzlbpLcCikWRNywbiM7DTQkTkZun79bhmJDp1ozwelEf8gEri8ExYYIE0JG16qxC2SLcIfrw2m5-eDaHpZfYThS9mz3gEWzacc9dk7eqt5b0-sG60JjtKXe9gKeqKXR45QOyz8oWlsMU1sgM3gpk5b8xqu-bz0V90bzM7gkNtROp5X8SSgA8iwqmLstdDNys8a8FO_XP1U4keUv3Iub2bZIzpN4ibKf_QhmI6agZDX9LOcr2vAKvVKj0uglaMC0VTI5rkw0AVADCCGVyLe8Yn9A0syEUMTOvfbh9vBWYWAFr2AwzrAczHzyeUOMwmQvKcp3qTlE1zad3RjgjMntbTkS2R8lM-VpJcKImHMNlESz2i8RhK4ITEHil2Ui2nOboAlMoK_O5Kc4ryAY0xdeeavPMpU-zARGAMCL11x0VvELig27U2JIDip1VmGWP7uwwpsvhAuWZ9fPivQt6-LkCstt7ApI-l_-KkniIc_LPzBaCyo3e46x8NmctF7SeSJqM-iP3UlH3IN9o246I7zaHhzWaRLHZFSesCJyGv6R1hGxrmoTLS1Y5IJf_D4qZYeXZplEyECG_QSqLRdDfnGj7P3F1uCUpt3IGAMTLWQYi4PC0ENa6aSt0Y3BkhVx1yWlEb9ttxmDYUajOHWDHODCRFbDJAzvG_mDGtoVOQOsO74o0WAZRYO3e3ZTtUpYqV-_9fq9UboQ459FEnEm5FGgPSkevu82o56DB5pGGMBYNp2Wqx2tbjBE1J15HwJElePMHU3L8MOKCUra0CsBAYLJFj6afU1-QQoB3CZdtF-aYOvdMKAWuFlzCUocaRKEP6w-KRN0HWW13g5h3Bti2qPGKoET7B_1sxmNYJHduHCNkHRYaJMN-61X1E7M4nlbAco6u8gE7CEPAIgaCwyp3xED-t8oelOLrGeDSZ_t-41m-FS6VKu9M-Wf_M_ousBabujgXiBkSvMNQ26S_E3Vp8VtX8xARyHzG8-ka_04R4b1Cs4S_yM5lW_zFXv5GL5TVc7BACJo3Ejq9EemBrY99TtRta9MB7GZeYEY-8mm7cK-nT23ar4pmeKqMOGIWrDkf9OyhIDUGazy0MR1dkEGtCrhokiLBDzQWjAYrgk-SMuI9XE398mFFMW7bzdUTPFRAIiH17h9oFSpiukKWLRUAtcaa5bRyoSXzhkyn62o4tcQvzTYr32c8agMxN_UniYXkRPRvYyA69MW6SWdZRz_xq52OpWsCuNZmNbDg0156rqaof6N3n6k6b63E1_f9qFlySUzWntt64U6OjzIKWnNK6oIG09DnVBEAp3zQofBnlNlyMqKFj1APmFK6RUe4gLqhaR2GI92aytUZOcymCuvvtfrv2wIrGeyo04UzSS8sVqyCjM0WjD7BJrnuu0hQLcHZH3MYV_R9l5IdVAmEgD75BwN90jJkmts8xN1U5ws7fmbNOa-XHz2fPVhmVnEYMhY66GHWr7bw3ROfsMgLZyv5ADiAh93wJDzOcLM4NSfYfPSJm8KA1NtsNSHynhdeC1WHdLNEySVeEBfka8CXW1gCBgLNQcdPm86CQHthJABOMtHG72nFKpHF6IGEOkNPQpouFy_RWIP8f-X5-zMZexREOnsOkxVFrLBrvaSVb2akMO2GFQZM3E3ihTpdHXjef4H0_yj8kLbadBzA-2POEmKIR9oPEjBXvwrtEgjMz0aovJiKVeaRHNUMVfXavqR7Zu15z5x1Dfjf6wvjD_N1dcLOYEIIH0_k6dG_nsY8CDgGhHt6AfOnwlGuPQEHctr5kEiwRRoaHHL44g6IYLq8EOEG5iYPxxyu2ezzgWGifrNwPKfj7p3J9PWUrUSc3L8nXDlKV4n95fpdL1AcwT19HSOx3BRwCIkbv9wIb1akMi-AwusO52fyTaZguhDzf18hd1nmzigByUf65pL7_lPDeVkuUXTq6Ft0qsxvb5CDd6uExnky38JJqG6BMxe7qQT1d4kVpdDp9mwxFt6EKhfZnkMlHVwjf-sf5Wittq9jjdHMlZ_BZaQrK9T1aeizLB_njknfQj12-67fJH2b7zf0afIJHML34boDnCkf623jSYtIBpJ5ELrEvlR2nOuwuB3pqeEnP6RA5RiVu1MmdO0Pr5jl_ciFGDKCzxcQsRrnhBUOsn_ZmY90k04KKvQ5XnGUdVQ-9fWuJC0C2QDdRp5dpHBrwJ0wlO5PNX3hp3a3rH1cwL5UuYdXGy9NqXVIHGSE3VxucG4EhL3gRsd6Q7sVOUlqLh1rhghyANhkvzO3xCDlmCQCWIHOkcEtJN2-1x7fudvxW8z_PdZDIpW6WJrvDg_v9bUOe9Zjug4YEaofk5XpDvibGkZ8jtmybTTCLM6kHLPYnIoyCJfonJDuA85MEPxFupHW9yBearNoBWREfrTpUwSQYxnSO8KZcmYhRD0dPxeXmkRiR8F1oSQUdxCLRhBjzfcTSkhGbyvcVeqjNXYa_UV7HRtUXx_MLTAR4jDdyFPjNxhkKzoev9vuZRra7PJaY3vPWxqEyUs2GidNGOYzxHV4NDCxYYMfQEQaL4Jc0ymKsRUObDyLgmyNFndhE_x40Y85wUDgxKGHOu9vVXtZpp2ModS_rDW9_-0P1NefjDHtK-8Tw7L2jefxBe8JZJMaoF17_yZ7n8xBhXI_iijK0gdEp5ZYfLkFzP1QkAjJCR-fCPHj-lE2XPio6THt_eWzbT6LfAsULYkKtwnN03Yv0h-DSFCGLEMGyCD4iSROdMbJpz3BzJEinysiOf-QImy5tX9_GZVzx80aitC0i4tD8vfRRNz9yvXOf5Qk-2JklmFMgFevgeLESoHv0zsU-EJoEnXqxutlhGwkU4U6WX5wX53plKscaXG7MQ_cF36rrUFo79e-3xdCCcxlcacVqb5kR8ZryqiFxb3V4XdJcosbtZ4ViaGaw73mrgBuLIZq_FTvpOq4wlI0kykA-kh_TKM2JI9X3OZYGKbi1LJw4DV1zx6oeFnFoAlkKFXKvjCn0s7NzzyJCBxaZtLGE_hw3ZFWLnn4fMmidhcyISz8hUoDwjqpRfiy-LdRHATNZnOd-abdsLd5E4hODU7tFEI7bE3bH_hj05njNabWKrwgVbJJ-K-HCN9KPH3ZKOdkfCvQkP5ry3NsQzwPj14eTUsHi4F2Z-Ciohq8SY&cid=CAQSTADq26N9ZqDNozvP5H0TCDPN7N6hj3b9T2N-qn11AA-EmSrzFd_lCFhxEKDJ7duslJ2ud8qyth0Ely_GCJJrEbfQf_QGHDEvUPn34kgYASAT&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame C7B7 30 KB
11 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C785 0
0 50ms
49ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvqxvm3PrLn9s4gLlCX2CxuP3LTofArCrX0RkePkzJWhD6SLk1BsdAQDs4qTU5ILl4f_NTReoCrv9KqZQO10CZsbdjvUBEfUxyaUFMLobLV_UwZBFQuAxzv5rbjWReKOBdKaX33ZkdLHB7r_zK5DqTArOdN0KqSCQEpm8KWERUkKhKLC5EVDEqM08-MDOHyYXLgQ28tefXBMzDXNIh-s1h45w-BVDUJpdzF51wlrZ3krAHw8nsHAeUtlXx7f45AM8MeIre1-dAe_I5qJY6jlzaRytMRbWlq_3e4tyXaTmmT4B5u56WjKMa403su7P4pF1ccsWebR-4XqydOlRFjTedFp3jAozgkAwFRt2ALvqF4qexwjT4r86vpupAxG-fDVs--94Ia8k8eIkpUdt3JgO6kcZOiZSS3wu9jwkg4by51fekYmAl1XOVs36kx2ZLQ9vJSL70-ZxYr0MjbE2w8HvBxc7IuQxQdQ2uTddY832RogizMqC-OSUzMexrOv62AFi0Q5HqmeNuhIe1L565WhXicsONPz29Z7zgGbcR6SgfbDlIAEjkk5baVbuYW7LyIPJi4cNdZXTmwqsAs0TO91M7clfHO4lpyINbd2lxz16m8Drt216ygAziiG02S0gaZl9N_VYcX_9WIN50_ofpTbTF6US4jy-tohct5xNhA4fd3t-QAalLUMkjk4W64CAjkfjLApB4n7eR60XF6R352WE2JHGm1IwmbAhie1czASNfqrmiAvGkssiu7C5ERFc4fv3YhBpRwpbUfQZyitCk1TLAVl8ikYFonJsBAHdlOYv26dvSYtiNTPlRcMPkUUrp8Wx9CryZV3uH4666MobdAp05keYUwUay0DtrCRyS-dsELcG13OGTEAwWgG4PAJvBDcdPLkNwnWyMeDrQZXebg2q50WfzXCa4E6S-aWc7xPgGozusN5AI7hZZS6N4eYjj7QEJrMh2rXG3TGMD5hIDKEQblYOQ8Oeguq3FFs_TpFVznU-wHZNoBXN1EY4vnXTmIUDMfW7JtVzP-Xrtx6RqG9ZblzUR2z1jMLj1he18zPj2kJmFXbTr9V6PndolOTK9Nlh74657x2SWwPxAI2v2ePttykjp7PNFIBNDKO8v7_yA_OtZpnVRYYGfRHlZH5a_5EQ9bLMqudegOFxQzQEwzQYtsk8a1l5HEfD14V7dg9eaqn-wIp8ss6VK7mcM0BXLSKxRpyeH8TigDgOsFXslD5vS90NNQXKCi6JcD3x3aDF7fNyYAN4VpE4Q2yi_jjXKzUJKDeu2W&sai=AMfl-YRhhfc6klviX7TDwydzMdiuc2GprYoXwOqeG5dJL3y5cxayutvZUKr-o_AKw0lAXB8bJeyAdF3z3t7YPORrEewnFw22KmOrA97rrM05GsDrkOb89IvkUXLp4R0viBL9MehzUSliHxR0R9P1Hlfcp8FFZQfeZ39YZQycqd7SuEP23eHtFkMzpdGxouaKRDiXGSvoqzKvv7v0Bsbs9zYD26TH874ngRa770umTCMF4Bq61xH2i9IEmeRkYdsZqgCNavDb1P2QsKIhG6KR9guEGSc4W28_CD2P-UQdATY&sig=Cg0ArKJSzN0MAEndNTVAEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=489&vt=11&dtpt=304&dett=3&cstd=182&cisv=r20221206.55493&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 52ED 0
0 49ms
49ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuoyGyLOBBAMPTOs05U98Q6b7zaJyVx_STWojxpA0CChyOI2RAaSGKuTxOoB19a0qaIu4kQ48Eta9FlGvfdA4pSOckAx23bvnEucqrTXg8Lh_PdD0-TqpCx-OEtefj4PhuxXzfNdNwyVZGuYpPEpSa70ciN3RXvT-u6dS2ug9q7dpusHiWDi4UhmIzYzxXzRhxap_9lnUeviI6CW759BjK-Yr8swZXe7bPiK9Z9UpvvPGxcOFQsfvgqGtjZULu_Y902ududor-2_cyTHjE751JsUMGGjgpZYnZfVEwQVExyx3ovy1rOPuBuc_sHAGRGazpNH8INvFIwfVbt-zFol_bsrRowwgc4wyfWoXnSlr5yOc39wheHZrBlIbCHVhEfDXYdE0XXDC4VnTHdJsaK2w509hAPWItX4ACkIAeZ9Sk8pPfXwGP-tHQFTiEAhT_jmuuK1mMfCIxotjPJPDUepZ1o7NUUWAf-1ggGsP8Eruo4F9rkPrKHtZXmQc8IPosMI0oK-gNdmEZB7wuC5_3PLc2_f7QRluwm3gnlf7WMrs9irp0rSngHHqyXjngtpdrStJd-LZBxgEuZDktx7inHbYSEdSAIzYHlnmQTvq8C83AgYqodzpLLwexkx_Og1E6wrFppjICu5zzbhNp5HCgdWKiDc4xueC3cmBGXMfzCJT-EZhMEMnjSnyGwc6Qg0LefE_hpb63GD4ZngPjyFvloUpogbo2gsP6_gTHiv95yuF2jLFAnqVyopvmF5oKHb7Ck0y5wh8Hr27MGG93J303QBbEDWtb8JuWVnF4CFdsz3vTCfrNne-7wiRWxMY74VooUPj4Y0e4WJQyF5L_eGt7nErXrYP6JdlaKUEycokIjO3JwCy98_8I8yeQJi1VdV2sivolsM_f7tXpPHMNU0Qcpney9vBsmZYopAs_KlKH21EGRxcIWiFyp1U2Xo495jpDu9WP5NfsI4qQetDcreTVUzxHQQYwuxOwCIn9cTm8AXSD_0gzwTmNKy5MUR-Ga-QN_DSRPyoh78XQ1x3imApQEWCxJxrbb_ZgB5C1TzJX8oNFppg737eQHhy5Eli1QS-1YAXFj4SMCVkLCmq6c5ezBScqf0uc6N_BkEHFYWQaPe1c-pmUgqtgiUyEYUY728CGiq4ISbSzidCMSUgvsalaislCncFowhrX2SJg0_fsHtN5Y6ERv6aFfvXIKW4oHBvfMYS56qaLjQldHNLuVSx5u-5zb_eDsQKq3vtlnAIg5_DOlueiAnx3WOH1W4dHNe6nU5OooDE2oqrdLZb9OykfB_38&sai=AMfl-YTzlHBLdpjTDQ3AZncTHcNstp5TFTXBYecXl-w24ktu-1haDTFUmZ_rw5rcXfW13LHJ3oVn_S1DjoRO9BywDyxudZZ6Zm6HO4mWXkrc9S9633d8NIiXwzMkeFfF0Lmq952McI4BBm2m69o-KPiUWuWUSiMfUExvAkdcEmlBFYXGDIQPU3IwJ9lhW3wUfkQTkHTV2aM3-APImfXGmkWIVIYZdix2kFirsg7_YuDYafrWcj4RgiY6uEQQREGVmP_ifYNxA9BlxOJAj9z-tV2cmRnKZZeuSi-Hjn8bkTrLow&sig=Cg0ArKJSzJOV5_wMRotJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=595&vt=11&dtpt=459&dett=3&cstd=130&cisv=r20221206.09293&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:03 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F0D6 22 KB
8 KB 12ms
11ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465439
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DDD1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

19ms
17ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Redirect headers

date: Sun, 11 Dec 2022 00:50:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame E8E6 13 KB
6 KB 56ms
15ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136172
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 11:00:32 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E8E6 7 KB
6 KB 25ms
25ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

650c95e86d1bf49c7aa956d1830e1b4cdc6aff9fb54cf8ab72658ba003dd079e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5727
x-xss-protection: 0

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 20AB 36 KB
16 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 02E8 0
20 B 54ms
53ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6diKOimVY9vMOuvR7_UPoumj0AcAAAAAOAHgBAI&bg=!1tWl1ZHNAAYgquz3AKo7ACkAdvg8Wq4eC3AsX8WEcnlVsuO1npLR8_88YZ4Hb7h0Yk78LSSs9ZBptgIAAAF5UgAAAAJoAQeZAu2Ap0U4uzi5UU1L8SYoAdRDOhYRbFSnMwCd2lcij_EZdqfPelPe-mFQbrpcKyenCIFmaGKPSekGr0HahW6O2MxufZmhfQEEaUL60xofWbY78PVnvkf0s8Av0Udiq6FXUL_s2bSKdZoNgtPIpRhb744WblDlVmvxn8Il32u8kZ0M5_RtYIdgR2gcYePkjdTHjt4T51PpRm7MOXTSynz4mu3G0K21oaIg_yK3JSH-aKBAmry1rXMkDUwU7DACTi2pXVCn4MXCAS72jieANiqw3hmXHCaNV_WLRjr6aNm7bXkWPGh7Ago4w9Tcw38KfGhCAbVJpRXw1HYD79c-O0m1vOe10CuPjndOcOSN7KaNnu5xvAvqvSnh78o1gGwKNFEfpy9hbazMbZluG_g6EBzDoIVktS6eRAYPWb15CpxGCVQ5fM01VEd5-J-kT46djXPu615elmxGLZpUyMyEAAoHVgPjU_nM72v4epli8s2tXR5_F3o_E_Zek5zcZ7a4XSr1V9gKxP3PQNL30CqTjLjocyV-8ltnxF8SxN4dg9GUb7QN-uxPhmomz9kprsfYK-QdgUrmVZ58_QgbDPGWUtA4Jw_PszjAs6aYbj03qBz5kkPgAwN-imdqFwPfk0SnARulWwN1BaI-LDNdq82sFjCnBtPwa5VthZz0brtbO2eXQqX4U1Bo6-dGRTl4SFh_Fo_MhmslP_gGKOs7UOKz8OpFGWjFq7e5erwxKAfWMl7WNcoTFkM6c1Zmx9E67SSHTE95TREppNZAKLNO7aXFOm0lGBo3lP65iiCmlE1cW8WI4dJsKYYQObOBfvQLYbnD-BZ5wAHLQsKcrX8LApMCPUvjXf23y9EbrsdGnoWJMZEJ0_qv7fLELs1_Kw3EAvDn6BxcV_Vv9986gP_WU3BHxFhrsnKhErygvbX_yy-EWAFJ59CyuiAuqS4h186uKadGc42XFeZeG9fOl0fEU9qXbwauerigg5Y9P8odBVzBIi_rig

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 0EFF 13 KB
5 KB 51ms
16ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136172
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 11:00:32 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0EFF 7 KB
5 KB 25ms
25ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a8d4cf95138d5f8dc174e25298897b6697caf5a7d69b386aec5266d2e8929a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5592
x-xss-protection: 0

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DDD1 2 KB
2 KB 14ms
14ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:16:18 GMT
x-content-type-options: nosniff
server: cafe
age: 52426
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 11 Dec 2022 10:16:18 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DDD1 295 B
320 B 14ms
14ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 53841
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 11 Dec 2022 09:52:43 GMT

GET
H3 200 eurostile-regular-condensed.woff
s0.2mdn.net/sadbundle/11194968340574837653/ Frame C821 32 KB
32 KB 18ms
18ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11194968340574837653/eurostile-regular-condensed.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bb99de687740f817536e5974135fe5058ea3e4882c83903eabd88759a4966f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 03:58:47 GMT
x-content-type-options: nosniff
age: 75077
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32696
x-xss-protection: 0
last-modified: Wed, 28 Sep 2022 06:59:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 03:58:47 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2BDC 7 KB
6 KB 26ms
26ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fa14d3899fa7e5ad5dbfb611019764670f42886e47525eec637beb2341c4c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5688
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame 2BDC 31 KB
10 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 21:28:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12091
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 21:28:33 GMT

GET
H2 200 publishertag.prebid.132.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 23ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.132.js

Requested by

Host: cdn.adapex.io
URL: https://cdn.adapex.io/hb/aaw.afl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 12 Dec 2022 00:50:04 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3570360399091990528/ Frame 1249 4 KB
2 KB 15ms
13ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3570360399091990528/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7325feaa1b71456c5dc73e5fe6f2d694a15c83c950e2c544c82e0c79536b2d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 133000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1628
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 11:53:24 GMT
expires: Sat, 09 Dec 2023 11:53:24 GMT
last-modified: Mon, 05 Dec 2022 16:50:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F5DD 0
0 62ms
61ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstGi4RDl7o-TiqO_jgQXv2FTSks3uJJ3gBJFJXoeBItujaTTeHlMqP0oSKGFnuXBUePuWwG6JYWlNrgsBaoyOTwrysxR6C3pSrAcR_PlcfDZr6TrS8CKrS4do8KVmHcF35eIeNQqKPR-Sj9JtTWEXHljborv0M4zbsjWMK-jGL7dUjcaeTCPr0fN28BeG9xO3hJF1kCi1njVeRLS2oPEPyaNaK55YuY2cv0T6qHmf0i5ie3jMWG6kelpR91WfZmYwHlRow1qGNxAsaeVd31rHLs8C-xlRMRdqHk5_cTbq35xQ5_hCiYBuXA3HQJ7OkkLi9B5cZfEFENiqXpoigTDtZAFPXIvo3G-WMKScdvv-pRaaKMOHS-LCPY6x-La0KXLQ2m5Yc6fZnxCF1uXiDxKdIq30wZJuerOBZpIRhfRaYHnNBABBlWntTSPoSfPOEPRGnwlYvFJkEB9bEIaw1cM42_ZyIM4s3reBzQhrT6PE06zCudKEwqPnnn8C6RCvvYkdemSxKWireyO3y8mgh8IXLodCp60mDWZxSX4rK2Vf2yjSwoMiUYcS94bcNB5xB7RBD_ZLSlE_af3YLnrXRn0ovkgg3Hp-sp6MzFIJ3QacxorPKlt0o54UcmphoJYnO6NOnHoJv7k04cHvrv9YXkbO8qJ2RCZKeC8Wvg1m1hLCD51UG9gUHPKHC0NPvjKdlgtsePlFuKUVJwne5hBpk_Sp8Ljfvi0g-uV2nT5DYANf695R4UrqbeRhBb7fpsK-iltUQLE_36UejbKJCch6X_PXj2jhdUPbEZT9swBU1578z_H_eKtf8r0wcvFvojjhAkOyjbK1cZjcZCzqZIcF8Wy_Zph_rVrDylrvMGsEwOLxzF3tNCxO59NUeYLKxe30Ae27IGpfJSy6FUpQIHqsy2kCyDuhnk2qO6eFKgPJkZsPIowIG9wDittn6OXFO9wb9oKBlqpNrFaBxbdcOfhxKFHdEy-cILzG7Zma9MCQv2eBOz7k06uq8wl-8UyHtOZ4vv27YEtpc8wl9RMEz1LS3v-6P0_fF0dRqWD8ysWqfDkRlAbpkeJA9pG4lqWgT7kuIVaPNl6zfJuL10mlogJhUZccb4MZTChS0-C47KkwJ9CsFfQwED7JdRVHExIJg814qXMQLnSU9Ch8166H0WyOhpFDmd8FSMjX9MuHrTNdYWWnVbYN2rKFy6CaJo0ugSjxLlZSPkwQ9AnMMw-6pwWeG14RLtRdpKvDmSFyqFsJ6LfEHXhxlpp4bCSzT0-owbrEA7s2SG3Q2tNgoYshILhUFqZU4Oii4_K8Xz&sai=AMfl-YRslrgAj2--rkZUcmuJFuMKGFuwmLDbLAgoBRL_lck-W3LsPvqklN8E7Ou0HV7cXIMicWQ8QhpZwhyE_85LE0_wVEG8acNOjRtXl3xmnLQ6Rk52I8E5xuasYOmTkEqyjZQPDjiBk3NzSHNHEU6RFZu1rwL2KXX2aIaFuj4rXM-tX6LN_zXawrM0Rs6hm77unmfi-tTNfGDwBk-WW1n09Ndj4QVLXpuD1Lp8t_SWyoeYKgHiZoUfYXfswfuvoh2eREKDjZifGupMAreWPR0q0bfWyq1qUJhwmYpu7ADXcKzcbu2M_0u381cRk5grQ_k&sig=Cg0ArKJSzKNUHqCga7EOEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=193&cbvp=1&cstd=190&cisv=r20221206.31781&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12809638294083468348/ Frame 82C5 15 KB
2 KB 18ms
17ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ae70b7413b2252f3215889731e38f7192c1d3f061d04e8e496725b76f7723f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2279
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:04 GMT
expires: Mon, 11 Dec 2023 00:50:04 GMT
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C7B7 0
0 59ms
58ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPISOcvMJ9cIo3AD9LtskU-2VThm8hWYyvE7w7O95FSC6FI95bG3VLfnrFkMX90te5ApJYDX82mCQEFTrYN0233NdRSlciLI8SkY2IIXVIWxYQG0pN0bKkBEaf3qXUxPwf5mOp4gf_GII8wE6AL_EAXaio2XWyjXk9sxl8hxQOYAufzkbwv2H9nqnsG1536dUx0EBqFWluwcJBkFYMCQMHnMgwubIIAStfZshdQEgmnPgIj7sU9mPRLG9CMVFFIsVA59VBXGDnSF6aKniFQl_RkaWX3yhYQutdVzrL-N7zvZKhscEcLcbfgy84uyuf7fZWSVeo2Dqbs9XZxqmTJrCK0t5VdHsFG7SfeZnSAK3m82eZJZabTs5DimHMDWgenWNb1VanQVZCILAc3lgDIG7xluNsWC1rQi1LuiIuUjDCX-K5POdFKNkJfak7rdlrYaag5bPqFfjleXOS97alTL6Pug2EbBZgRpkUEddcbgazqfzVfDHWX8pxSHtCKYvcyuuF-ohjQkoA0J3D-A5tkRii0hI1dUzjIRIzr3Vmxuj8QxuXj_dOxGOmUP3c3NozVsWABOfbDkN-3S6gzbuU4qCNjLY4P_-2ee3fqZcZm8eWDG7V9Z2esuDi7qeFYFhuG2NYYVRqBRm74cyq0zhHqO5DUiVVjfiCUz_Y0-bXnNh2iv9QswtgzcDCvWbxjtjPnMrXu39sORAZdghKKN548exPLuXRByfpawj-NPgKQx0hYn7PzoqzdiRAh5r3qulN56cI-1mvGwKLz7BM913PUFddvhlclAa2ZIjVuWExcZ-z3JUPxZml-l70MVpEL7n6IQ8DqEfYpcbQSQtXqIJFf-jTf4JamjHg5F82m2y8qhKrhL6Q1iStJ0m04ZJqazVHPI8AU2Eo6CE6qkpGxMNl7L977iBMuIJQLnkT8aoQb02jadUV_Tgz3NpYJAVy0OASGnGhQzFUeqYfODFvIbSVtIhrpZet4jRKJ2EZ7g4HHMIVnE9bvdnJHItkXmud_EKuWo7yHqzUjWapPPNhWN-7AR9WXXSKDsM5ppPy4kwfb1v8zd-iNp16MVVKlxxkPv8X-N84B_Owb_URIvbsou3srsq_WWS8XsGNsxoXMQXjBUSQl-LxmxJk0XDgTX6DMAP2SyyKwuDuSHVp6WTiK4EJutnPBYIRljwPcegYhKBbuN-0kTqH4R_UteUnUAIgWhHfA7u0AK3MFTpz2BXOXedEyBXMoFTqJgauARCYEz-SjqU_3vOEQNlB29VdJora7rk1pcFQd73upw&sai=AMfl-YSTetLLr06IzHouDq_16TPgpv87z_zAkbWYATl3gTYdqB0lTs8ybbKKP8rhB3zoFP3KUa5YJjh59VK2mHFy1bj1e2iijX12U8j4ye2wfw23PZK66z9jo9jdX0-42Qszf6Ah_TprXl2hcfVoiwHy1mSHs_U88_OTVy7uYTUIIEGb_acN_QxgRgC6YvUN-wJ-dhvR8TaBhZ7t42_2CBZK1KRAlm9bJlumfWHWJdpIrTwfqchL-QHijIlqR61ZBexlklCrpN4m7wyVh9jWFvfOaZzY0vS2nY2jw5wiMkkUaA&sig=Cg0ArKJSzOKbx_UdHms6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=196&cbvp=1&cstd=193&cisv=r20221206.98262&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3E13 0
0 49ms
48ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuPNQfxWOsQrJcq8SjNTCMPBgNly6wamhWVzAWXoULulonuygRvx0fnZ0JMPGE4gLZLKnERBo6E6xhgijtw13n0AQl7ju1_sXIVNNV3WscO5x4yyyQ4Rd7ECvuWGKrYdBrYFORqwE57s1nTOBFj40d9NSWsnI74oIpSD9WN49j333-J2wgh_FxGZiyQvh3CcbczWgRJyPslcL5b7tt7s6X4c7-T45yJfZdHK6RDdYPZ90ztfHA53pPTeTtGL9dKUczHcNVa2G7813khg61WnEJldRWYApY4L9Iw2rvpXGcfBmc12LSna9e6RnusBW1fBp27wqbMnik3OqeSEoq4z-K16YOhPRX_p7xTUM_4a0suMxf3CVgAmpbJzuvj2bkdMwdKB8QHC_IAhvM311739KhHR48eft_sQ13YDDHypmvnh5uvS-0coyRYEoXna2-vhmHAZVMi-aocNaV3ux26NIEUH5nK05LFUDwHvrADo35-5K9wHR2SDmrHS7Yxu-nUAmS0qLLDBQXAbzHnOVwk-StMcJgsOaKrg7LtNgyQjoCKFh1WwEA8IkutlA8rWmoA45LC1pt9Plju8pvyGMGkgKkq22rFNDfpGRP1V034vNj_MbT7bXaSgyLuipTP68Jjxnktq97rOlE5tBJp1zewW5bZKF14cJMquRm09_TPmZ6oCW_Pmez8D6JpiVthqO-g7rtr1loIc49zySzbbvCni5dnr3A4EJQDhpqWTp8VhzY3zVO4nLd-CHAgbsuzhRy-fE48WnHfzf-YxWsZUGK7z6Pv8ZLoMHmJfxCi3mU9_D2wNQ71scSoPRQCGimlbVe1qKtIGdfoItp9wU6mzBAt4ViYPatFPXMfusC0Vg5rhvKmhFLO-SPCVVTHdD9yk89uzAgURrk52fQ42NY3N-0bESQHeP7PneBvr8Npbx3nKztXXOHgoh49poN2LS3G5C9S-MTiVfD-_bttELw81TpuVCKuoQHaEz0-OZsgpIywfBx5wj9cvayIwSDR3Cs74xj3vtlE2CCIdRBVEzuW5OPvko1N0QmMd8tTswyR5PmuUO55Rd7hGlM3KEUNyaZsajD-EluM5btldleRR6AkAaMd8E9Eet1jLBHvUyID0sHEE16q-xZeYz3dyp1mVH-fs4aFfX3x_0G5jC8lIrVlRdmDAEnZS5jTpUsR8ugIK8kBlzoIYVJ394eT7oCxUf9MVwbITtbIiCUNvSWNRGOMvsQodRGntIUuX5r9Uu0i52aKiZLcyFb0j4G9RwIAUvdGffFCR6rSivuVq2Ta&sai=AMfl-YQN7jPhdLNXSGQ9NJ4kYtcDCjpyvtJMStJKYtWfoYZMakOb2r0lwMzpRhAPjzNcUrLPatAgbHqna7S4Kq5Lyecxd8T3IBJPrSh88PdvSWY_o-roZ4Ln3sTb9MlQHAzqbK5HNi5VjtgdkWpUtZszLf-ckT6U1o3SCFbeQTJ3mi6EsnJC-apTYy3gxeLVJCNpKHq2MPvtFdmhOrfTa2jyZJxaRsd-txGB9FIAM6MXBVH8EWa1SKqc1OKTGxoxN4D6ECmiIX4D5_YJ_ah4Sl5WYm4oEAAc0cAdzlrHfFVJmQ&sig=Cg0ArKJSzB95d958JbjlEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=532&vt=11&dtpt=377&dett=3&cstd=152&cisv=r20221206.85783&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2BDC 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 35EB 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1222 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9C2D 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:02 GMT
expires: Mon, 11 Dec 2023 00:50:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 banner.jpeg
s0.2mdn.net/sadbundle/3570360399091990528/ Frame 1249 78 KB
78 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3570360399091990528/banner.jpeg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3570360399091990528/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f5881aeeec4d885fdf983961fa4d05b52f772df256786bbe59a44b7667dd9ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3570360399091990528/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:53:24 GMT
x-content-type-options: nosniff
age: 133000
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80124
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 16:50:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:53:24 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E8E6 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C7B7 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465453
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
DATA 200
OK truncated
/ Frame C7B7 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b827999fefba7886d702a4d6c446f842e822b01eadf4bc9a6fb10393ee616f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0EFF 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F5DD 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465453
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
DATA 200
OK truncated
/ Frame F5DD 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4d82d11995567f21d803110f9c37a1737db84063d0a6aa9c1d6147866a6b988

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 1661867165592.css
s0.2mdn.net/sadbundle/12809638294083468348/ Frame 82C5 10 KB
2 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e0c6eb6c36c30e5c53ee42f1b98270759035c32f99889f11ea7808d80d3fb56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:06:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 301426
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2353
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 13:06:18 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 82C5 118 KB
40 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 200 1661867165592.js Show response
s0.2mdn.net/sadbundle/12809638294083468348/ Frame 82C5 34 KB
11 KB 10ms
9ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/index.html?e=69&leftOffset=0&topOffset=0&c=7kvgAbGeyc&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:01:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103706
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11482
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 20:01:38 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame F0D6 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3

200

src=5281021;dc_pre=CImJzqOs8PsCFfxKkQUd-McLjw;type=nra;cat=nra_p0;u9=pa:922025bb-68fe-4c20-ac75-ece0977279ff;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8670792606
adservice.google.com/ddm/fls/z/ Frame 1249
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=5281021;type=nra;cat=nra_p0;u9=pa:922025bb-68fe-4c20-ac75-ece0977279ff;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8670792606
https://ad.doubleclick.net/ddm/activity/src=5281021;dc_pre=CImJzqOs8PsCFfxKkQUd-McLjw;type=nra;cat=nra_p0;u9=pa:922025bb-68fe-4c20-ac75-ece0977279ff;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://adservice.google.com/ddm/fls/z/src=5281021;dc_pre=CImJzqOs8PsCFfxKkQUd-McLjw;type=nra;cat=nra_p0;u9=pa:922025bb-68fe-4c20-ac75-ece0977279ff;dc_lat=;dc_rdid=;tag_for_child_directed_treatment...

42 B
63 B

47ms
47ms

Image
image/gif

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=5281021;dc_pre=CImJzqOs8PsCFfxKkQUd-McLjw;type=nra;cat=nra_p0;u9=pa:922025bb-68fe-4c20-ac75-ece0977279ff;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8670792606

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3570360399091990528/index.html

Protocol

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=5281021;dc_pre=CImJzqOs8PsCFfxKkQUd-McLjw;type=nra;cat=nra_p0;u9=pa:922025bb-68fe-4c20-ac75-ece0977279ff;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8670792606
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C821 7 KB
5 KB 27ms
27ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

431de3d47c25e02bf413c6301228d790d821b5ea228c03ce0eb6cc72f4c18e74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5591
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame C821 31 KB
10 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 21:28:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12091
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 21:28:33 GMT

POST
H/1.1 204
No Content mut Show response
ghb.adtelligent.com/adunit/ Frame 5FC9 0
228 B 22ms
22ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/mut
Requested by: Host: p.jcontentcdn.com
URL: https://p.jcontentcdn.com/prebidlink/y19337/hbw_master_307825_11595.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://p.jcontentcdn.com
Date: Sun, 11 Dec 2022 00:50:03 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
X-Robots-Tag: noindex

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 35EB 24 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 09 Dec 2023 13:45:20 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 35EB 27 KB
10 KB 72ms
17ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e36be95a997321cf95e79310394b551a93a1fefb55c7dca4669137c0946f2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10250
x-jsd-version: 1.14.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230118-FRA, cache-yyz4527-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"6c5a-5kbBcMwAuv899TsKizV+K03Rtig"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4aMmKSYjfmgrQGaczVCAfXUpEGKZC3aihvvx%2FNrqSK8xq0CTdxBVWZNK6rvk4vye5F%2BFPamMfrZMPe35PoPU%2FQzsiSU4By3spz%2Fj5YQsnxRIOw3Gg6stINJUCUj13GG8g1UXueDGeKQL%2F6Z8Ehs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 777a3958fef29153-FRA

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 35EB 153 KB
47 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1222 24 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 09 Dec 2023 13:45:20 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 1222 27 KB
9 KB 70ms
23ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e36be95a997321cf95e79310394b551a93a1fefb55c7dca4669137c0946f2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10250
x-jsd-version: 1.14.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230118-FRA, cache-yyz4527-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"6c5a-5kbBcMwAuv899TsKizV+K03Rtig"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e1OYJvwjr%2BXQfcChbKVLMJnI%2FakobaCXiOol%2Fv6OX6rJNGrt22h63DyVagKMPsKinT8S%2BNef5klqDwCAw4fXkMr1ze4NDkg%2BSTNZA4ncvJWlf2JBVWxTDDeTvZT3JFHQzI29LGqv6GQaZe%2B5%2Bg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 777a3958fef49153-FRA

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1222 153 KB
47 KB 36ms
34ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5CCA 0
16 B 32ms
29ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLiT5AEQ07PmARic7dutATAB&v=APEucNWv3DKInakpovmqHn0ADZ5flwEOpRNJLXqVWWFyCUAJnPul21re8xjtm1tRVG01RnenkDSietWccded5ov-sLHaMqDRVbNKsyRAYSSodVaNJPT-e93WM205gOq-IOhqZLNvv6ueU-1ovpxH9YfqOdxa2wHTvFIw8Ge-DbX7jS5meOKUHyA

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9C2D 83 KB
34 KB 65ms
62ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BkhEoKDsNKocbyuntXEHH48xlx0yercOwY4DyeKK6EK2uhKtSucA1KmLpg8plJk633otKI-qMqMu4gGiXgoSryr5IEbPc_bgZeRBNtLQ-K7sykvUE5SYVlsQ5UDpSTaPPWTYWOm7SdMh8VMVd26ny4AV4z3qLkt-1QmqYZgp60ertHgOE&dbm_d=AKAmf-A29HT6wO11_GEZUUda7CBd5mhIz7MJyKfA77DksIePwxDrKaMQsTy1yox2yl9q-jS4kzXKBRAGnNiiekWUXHpw64Zs7hPlPd6N0LVBrwjnZCJOw9XJpZnHDKGZHjg5UNkrHczFwTpJZuff9iMIbPQ3ssNc-YxDfeH3pffQWojc9UP6IGgcZLg8xjYt4jc8iJx7EbzKFqEMsE07gZcnL8-udZx9z9LGPspQXOub_mlxHnzJgwGAK7R2lHB3lf8P5A5TSXMbuwYGh7yWM_R-aXubbCP5TeuG4q-mrn7Gl-C2i6wgfJDud0Qmzs0wzvUgZVzD3xQ3tWsg5AWUHnq5lGpLQMidrO8_wzks2b_QvxDsVNz0wBhI4o2dsILKX7yly_fGc-M5pwM1Vfw36QTg97cUrITg8S9ZMD-0KBrwgEC9_iZoH6Gg1Oh_gIbPHL-4gpuBF6XW0dN1Eem63fEVNkjd7Qr6i31UJDvOuRnlb24VI6ok28GmJhiALtxgkH4siXrorT0o2Hmp_kQvvDXx6xafO9gP0Ard_3zzphZmwa4yLwWfnclOgujZtg67UHHLBv6us2HBeHxP2GpxtpxWf-n7WiB9dFpRZmrt3gCVvKMt0SqLxLW0YLqk5k-OYudSeiHgKPuxjYfWJfWMYqZfS10iLeLIlw4DkF3UuVl38ztwQklGb1eQApEsNtWBi1TlfZ6KnxBBY7_q8cQPNhXJhOioZsdet4uNtpOk6c2gdF10puIq946jYSr9UNlxPWa0hCDen8nBKstnFnhdhTlnnnN6nh-r-8rsKHTgIluiRTKBQPj8VMYLOq6iv9Lq34aJd6rpekgB9NN-30s9Jtml0d5WA2rJwynwBVfacF0uaeUy8z8xSTEWhVeMzArAa7lrJVwHrHaCvvh1n86aPHF6k1780ippOM0BR7ilZd9izGyFPs6ici71WRnhIoWh-jRZnhRmqftuOlQ6jN-ZHh_Jtt2dVgjkfQg_RDLUDDNMXDgK7csEpeZDgJXYPjmLT2BxxXhyrrWPfwmNuYua6xyMonXruz1xtONDkgcBP-v7_2xeW3HQ9t0D96hm0GBhwnbh5DdTsFV46cKPotFoA1uPhZm8SMoYppmxCztaiiH6pGM5SiG632J4AME0N-jdai5AGT0KeJRL5VYBKnON529rnyJHGMPbxoZav6vVVYv8kHs00EGutbVCejo5FWRNibElfiFDFdbxjuHd71WarwI6_6NhLqjYANiGzjfMkfVUbb1dMXqbuhm4QHz9q0TYq__Y9jzO3o1PpZ44K6idBpy-9UQI5tRk_LyG4Odlp8x0B3nEDAR3B4NiZrQVciUkRb8Zfijik1ICQEelLfk97pmSYdv1ptTUxlOX5dgvUaC16L7YFFJx71g4EW332U1Q6NKUOqwtU-75q_zeY5TFJaoPl8e5FcNXBVBS2iBTmeaT_l7tP3aYvv_uhZZo0bXZovI4gJHjm3owraLb8cdgnBj2fv12UbXxR8dCKFe_RzmO_LJH45rbdX15EiXnzRZMengeuYWHHz4swYxwA0wcqXqk0vxc7C-LA_WZLHaQunYWn3c-Qj4FHJtDM1SiC5Os8ZjXR9AmLb8eNFYUTSGj1XHnOR9dXtnGsz5Q23KP0qIlNf_eFldAsWRBxfphzHhqw-fzoMSnYXDICI-NsaiKnZ8D1wMkCglWrmu1yKgSnLvKZgSNvXTiSx4f7EUPOCbZHrqE8zSdBC58ZdRSamsM6M0OgDgMluvhBhCE45zRzwrbWseIp2wQGj8cEJ5K0PeBSkziakpvJ0oSJJ_FujrrWcBQ1ROgcssOibZkCmqP7-Zuk4SBGXtC2YL2mriwlJ8brFT3CkX-zzoBS_X1l_Tu9pBveK1KBO5LS1PvvAUvHl-ZQ33Vs5f8wpao_XhqHfnxlnh6evSN2wOhoK78m15IT77efpExXQMJBno9ANHp9SVT7z07nO7s_nCNkcnyZGa4x6inGvjrfhZTSry8dRHmrDf5fayOSA7z1pd1bpMqHmhVEwZjeO_xKf8nTpE0kn_yFmJAo4gaX1ZIOAKP7NYrZr33wQ-MxChEeur6CEjnHl_Exdf0H2SiEkN-tXBJYj90Kqb_RxY4qnfTvHZ-i7mTpEOqhbSF7vPR544rnn6J7OsK7Atqjvb9JvCs0Kk1f8HD3pXFYmfsDSMAg9UB3N5nVVRsT-x_KLfRqpLm9cGGLAxfHreddTlAGcvPQ86bVPwXYCcaVh4kU2F0_ETYPhyRCGgmutzYrYDXt04yJyYyjVfNsOEpevTtp4B3DL0c0yVT1jV8roHXUHjYrS1k9c79HZwANhq2ONeXeSD5vSfN-_2wVWyAiLDH4x6ZbYLRytHo5zD6nESuGfz66FICE7NKlCYUsCrruxI19x6FvKb9xpdjb-PAcR0IMe3-T_yYO169PAfH1JE-8hyaZM8f_3mzRfAw6unyRgDPfAt_aOnOn_Pk0iiXY6zyp9WW6ccusAra62hBuoa0LMSOxIkVGzKtvk50GexiOuuyyMUo0DgA179Xl3oIH_eRQfObvOmrOuxz5tFGKQjPESCNoAy6LAYpDYN8YGgvSRQKJnzaHfjGI7wn2HzX8HNfDMgBphsow9V6UGenPn2FCQwLrBNVfuWuGN7cUdEQ9vlUNoOQsTzEnYsNU5Gj_U7vcMyuikEnCc1A1pNQrVo-8sWHyubhu2ENU8xodlWRe6NApJK8Rfa6JhmaakLNxVw3_mVKyS9QQ-LMXll1zizPNGl6UY5-IbnXWHm6oEaORx0-NOjZrk3Y0nAVJQF3nTr3JbyzTm4SuuRTtpHhMT1UGnJscU3hDl1xHG3ApU2BCnjUOm7jW8R6sgoz6-1fHKZ_aArFoRws5v93RipmxOla5fpWuU_S5RaJ817fQ7Ed3R5XiaYBZVyZEKRcqTS7sAKzWhOV38P2I6e7cJbPVID-bslj7-7QziJaCneAc88kSdRHqZWiL9y_LgI8XY3vneA1jEhwVoLUWYzlV5evHDHUBj7kZbWuussUzm7kZzMSOMPGFgvsNCTUzSsLcfky6dd2Up-NwT9JcES2J3EqVEQT8d4lNPh8IVknaXYs5UfcNU2cCho2AGy8Z56QPHqPMDDIFXNRXDULm-tNPvVUE1jADwHKqpdJVV8mEwvUU5SUf4F6dDw4a2p3OxS--j4ygriKQpyE4kzfYJXJHwBEcszHZ0ORIQoUi2meVLQFUydGlo31WpMj-G2rX5hiv3bGfyT9EqF_5G6weGfPWNzzAgEgWKfHn515r3a1d0SswgzAuGOnvxdJ9SvPR0ANEN4JIx8wXI2uXqKgOcR3u1P2s2eh67rdCBrvs4NTDA7_EsxLONH3ATdDWMtrerIX7fsUglMVDVpbQqDQWwJH-sSwcaRTZGpwE6c__XFuLe5C5stxlAl3aU69RUpC846kY9Ux6nqhvV3Di-ERmgjrkUoq1jTz-TmOg0z2cu3mIrRePdSxOOqFFbRtEIKgukuvB3h8sPCpv2E&cid=CAQSOwDq26N9cG6QcfWuKIWdlg9FYXnaBcnfQgfRfV5Fc_mrqMAcOGgCxrwrCzg9Ahmb2-vTX0uE5k4nPukJGAEgEw&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97e5d01f75a0455d877e6f557424675e1ad2b43b08c2044c20f2262d460398b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35052
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C2D 42 B
63 B 50ms
47ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CsZy2dzLmR3HYriaq-1qnpm-8rsSyuem8z1OSpCEz4mlgOlFuBG5auXwrA6JtiZppAbruP8YM9swrcDvgl_1E1Qt_rOfRyv8vrEXh13EyDeSMH1Vg

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 9C2D 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8538
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 22:27:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 9C2D 18 KB
7 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39884
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 13:45:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9C2D 0
0 28ms
26ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ9rM3uioxhc8w01juauJgQhRKPpkQiyTRcw-pVHye_iG87nQLyX3uhtOi3_3eSEKFLKgrmhfzHcZyF4I_CMspafeAUmw
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C2D 153 KB
47 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 9C2D 23 KB
9 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 23:50:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3562
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 23:50:42 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 62ms
16ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.132.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 12 Dec 2022 00:50:04 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame E8E6 98 KB
98 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:44:30 GMT
x-content-type-options: nosniff
age: 334
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 00:59:30 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame E8E6 57 KB
57 KB 31ms
31ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:47:30 GMT
x-content-type-options: nosniff
age: 154
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 01:02:30 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 0EFF 98 KB
98 KB 32ms
31ms Font
font/woff2 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:44:30 GMT
x-content-type-options: nosniff
age: 334
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 00:59:30 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 0EFF 57 KB
57 KB 34ms
34ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4169285169137119543/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:47:30 GMT
x-content-type-options: nosniff
age: 154
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 01:02:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C821 17 KB
6 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 44CD 22 KB
8 KB 9ms
9ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465440
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 273E 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465440
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 11C4 36 KB
16 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame EAC6 36 KB
16 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 12415855096560190219
s0.2mdn.net/simgad/ Frame 2BDC 3 KB
3 KB 10ms
9ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/12415855096560190219

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23b41d0e6d4809b3adf959f5c5ac60be35c28566abba95157785844acd51adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:41:21 GMT
x-content-type-options: nosniff
age: 133723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3002
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 08:27:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:41:21 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/11194968340574837653/ Frame 2BDC 1 KB
623 B 18ms
17ms Image
image/svg+xml 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11194968340574837653/arrow.svg

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22cae58f83ee6bc5fffb63a24e299211825d8f1b293f4682b27885db7a59e746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 12:40:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389393
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 585
x-xss-protection: 0
last-modified: Wed, 28 Sep 2022 06:59:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 12:40:11 GMT

GET
H3 200 14559087041597115752
s0.2mdn.net/simgad/ Frame 2BDC 9 KB
9 KB 17ms
15ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14559087041597115752

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef4aa7407f46d0bcefeda285f53cce6c56aeb9a81d4c4d0eb9b0ffd831937d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8706
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 13809871492651471192
s0.2mdn.net/simgad/ Frame 2BDC 11 KB
11 KB 18ms
16ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13809871492651471192

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a022dbc0b389adf471d8acd0e801b13e6e42d0da31b6e46333eae8fd75542e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10757
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 15231738500925652179
s0.2mdn.net/simgad/ Frame 2BDC 19 KB
19 KB 18ms
17ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15231738500925652179

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4efc682e2462231e09afc77b76f1fb34c70c95950878b5fe53d4f33158219c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19726
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 16098046385756737840
s0.2mdn.net/simgad/ Frame 2BDC 53 KB
53 KB 19ms
18ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16098046385756737840

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61d518c8efe91ab0b950d750e0787867996dfbee25fd7fad044cab28088864ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54058
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 64CB 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/12809638294083468348/ Frame 82C5 3 KB
1 KB 8ms
8ms Image
image/svg+xml 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12809638294083468348/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 10:43:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396416
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1365
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 10:43:08 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 35EB 0
0 48ms
48ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuGrA3ECyxCv7mSsfTI_RD-oPvLs3AyMQ6MQM6E60IFc4MhRVVcXTVmRQoUQm69IMJtYSjPGMwK2q_o_57EA8IiJSdV0sLNMMkX-yt4txAT6pktHj3PbrDhrc-OLslMc3YpIXeuMl9X8GVTn7x6IDIjKpEPisjnZ-fB3Ef-rItDf-Xwq2VskGBiRZ4fq5C4GPEmSE6vnDZm5LzaRiS86YNYHaOCEq3M2ZaoXJ1fe4lWMF9FWkLacmfaj0hcUfE9yi2J6n29jTvHQ3uGHDsTXLhUFHOHbKg5tUF4gb9_Dk5kvWpQ3ri17xA7THUiqz6jB_61t4YH&sai=AMfl-YS25FrJdlmcaGIfHbvKm6Ldpc_1UgD_3BD79OUp15lIPKE84T7Ow3zPYjTdEnc7PvIs_M2GQcuV01WAFy58LnV_YYFDGY07hAdA42oRGh5HuOvel6jWxBq2qWCMW8E1&sig=Cg0ArKJSzKi9CaVofzBjEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1222 0
0 48ms
47ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssH5YKxLGuFn53llwKn75_X_Zq_9H_c9aqjxToYE911di0gBNelcUhuqWv-gj2zv3Lq9mckPQGrP9R1jCUsmB4N__FRadYgeB1SWmmuuEsSuxh_TsWxT8WGGRR0DQlTfzIwffYYccjKcHleybQqybJcT3-uJBPX8mXz4I1LMKUU4XnzenpaS3yqrArIuHwNy595_MF5KTzMJrLFQNfbw91VQU90_xgN507xzaMtBZZRPoWKQw3UoPkA6NIN7zel4cgSpcElNadTNjF8ZDd0LkJ7dEu-gApG77NPMw1dnj_woP3IVlV8xd0vwDxd13gbtSxatY7Nqg&sai=AMfl-YRk2QYjw4X23yszdwCMRz8dIn3VDlIIuBsPp3lUU41sAJg-VF9B-AkZmGL7eBUJ3F8l5q5a2NJldsK4RLjjkD1Td90ohYCncka-zGNi5xKSqmjOqVyEArMtG_UOy7oT&sig=Cg0ArKJSzHiUsx9Ey4YnEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 9C2D 170 KB
59 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52755
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 9C2D 8 KB
3 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BkhEoKDsNKocbyuntXEHH48xlx0yercOwY4DyeKK6EK2uhKtSucA1KmLpg8plJk633otKI-qMqMu4gGiXgoSryr5IEbPc_bgZeRBNtLQ-K7sykvUE5SYVlsQ5UDpSTaPPWTYWOm7SdMh8VMVd26ny4AV4z3qLkt-1QmqYZgp60ertHgOE&dbm_d=AKAmf-A29HT6wO11_GEZUUda7CBd5mhIz7MJyKfA77DksIePwxDrKaMQsTy1yox2yl9q-jS4kzXKBRAGnNiiekWUXHpw64Zs7hPlPd6N0LVBrwjnZCJOw9XJpZnHDKGZHjg5UNkrHczFwTpJZuff9iMIbPQ3ssNc-YxDfeH3pffQWojc9UP6IGgcZLg8xjYt4jc8iJx7EbzKFqEMsE07gZcnL8-udZx9z9LGPspQXOub_mlxHnzJgwGAK7R2lHB3lf8P5A5TSXMbuwYGh7yWM_R-aXubbCP5TeuG4q-mrn7Gl-C2i6wgfJDud0Qmzs0wzvUgZVzD3xQ3tWsg5AWUHnq5lGpLQMidrO8_wzks2b_QvxDsVNz0wBhI4o2dsILKX7yly_fGc-M5pwM1Vfw36QTg97cUrITg8S9ZMD-0KBrwgEC9_iZoH6Gg1Oh_gIbPHL-4gpuBF6XW0dN1Eem63fEVNkjd7Qr6i31UJDvOuRnlb24VI6ok28GmJhiALtxgkH4siXrorT0o2Hmp_kQvvDXx6xafO9gP0Ard_3zzphZmwa4yLwWfnclOgujZtg67UHHLBv6us2HBeHxP2GpxtpxWf-n7WiB9dFpRZmrt3gCVvKMt0SqLxLW0YLqk5k-OYudSeiHgKPuxjYfWJfWMYqZfS10iLeLIlw4DkF3UuVl38ztwQklGb1eQApEsNtWBi1TlfZ6KnxBBY7_q8cQPNhXJhOioZsdet4uNtpOk6c2gdF10puIq946jYSr9UNlxPWa0hCDen8nBKstnFnhdhTlnnnN6nh-r-8rsKHTgIluiRTKBQPj8VMYLOq6iv9Lq34aJd6rpekgB9NN-30s9Jtml0d5WA2rJwynwBVfacF0uaeUy8z8xSTEWhVeMzArAa7lrJVwHrHaCvvh1n86aPHF6k1780ippOM0BR7ilZd9izGyFPs6ici71WRnhIoWh-jRZnhRmqftuOlQ6jN-ZHh_Jtt2dVgjkfQg_RDLUDDNMXDgK7csEpeZDgJXYPjmLT2BxxXhyrrWPfwmNuYua6xyMonXruz1xtONDkgcBP-v7_2xeW3HQ9t0D96hm0GBhwnbh5DdTsFV46cKPotFoA1uPhZm8SMoYppmxCztaiiH6pGM5SiG632J4AME0N-jdai5AGT0KeJRL5VYBKnON529rnyJHGMPbxoZav6vVVYv8kHs00EGutbVCejo5FWRNibElfiFDFdbxjuHd71WarwI6_6NhLqjYANiGzjfMkfVUbb1dMXqbuhm4QHz9q0TYq__Y9jzO3o1PpZ44K6idBpy-9UQI5tRk_LyG4Odlp8x0B3nEDAR3B4NiZrQVciUkRb8Zfijik1ICQEelLfk97pmSYdv1ptTUxlOX5dgvUaC16L7YFFJx71g4EW332U1Q6NKUOqwtU-75q_zeY5TFJaoPl8e5FcNXBVBS2iBTmeaT_l7tP3aYvv_uhZZo0bXZovI4gJHjm3owraLb8cdgnBj2fv12UbXxR8dCKFe_RzmO_LJH45rbdX15EiXnzRZMengeuYWHHz4swYxwA0wcqXqk0vxc7C-LA_WZLHaQunYWn3c-Qj4FHJtDM1SiC5Os8ZjXR9AmLb8eNFYUTSGj1XHnOR9dXtnGsz5Q23KP0qIlNf_eFldAsWRBxfphzHhqw-fzoMSnYXDICI-NsaiKnZ8D1wMkCglWrmu1yKgSnLvKZgSNvXTiSx4f7EUPOCbZHrqE8zSdBC58ZdRSamsM6M0OgDgMluvhBhCE45zRzwrbWseIp2wQGj8cEJ5K0PeBSkziakpvJ0oSJJ_FujrrWcBQ1ROgcssOibZkCmqP7-Zuk4SBGXtC2YL2mriwlJ8brFT3CkX-zzoBS_X1l_Tu9pBveK1KBO5LS1PvvAUvHl-ZQ33Vs5f8wpao_XhqHfnxlnh6evSN2wOhoK78m15IT77efpExXQMJBno9ANHp9SVT7z07nO7s_nCNkcnyZGa4x6inGvjrfhZTSry8dRHmrDf5fayOSA7z1pd1bpMqHmhVEwZjeO_xKf8nTpE0kn_yFmJAo4gaX1ZIOAKP7NYrZr33wQ-MxChEeur6CEjnHl_Exdf0H2SiEkN-tXBJYj90Kqb_RxY4qnfTvHZ-i7mTpEOqhbSF7vPR544rnn6J7OsK7Atqjvb9JvCs0Kk1f8HD3pXFYmfsDSMAg9UB3N5nVVRsT-x_KLfRqpLm9cGGLAxfHreddTlAGcvPQ86bVPwXYCcaVh4kU2F0_ETYPhyRCGgmutzYrYDXt04yJyYyjVfNsOEpevTtp4B3DL0c0yVT1jV8roHXUHjYrS1k9c79HZwANhq2ONeXeSD5vSfN-_2wVWyAiLDH4x6ZbYLRytHo5zD6nESuGfz66FICE7NKlCYUsCrruxI19x6FvKb9xpdjb-PAcR0IMe3-T_yYO169PAfH1JE-8hyaZM8f_3mzRfAw6unyRgDPfAt_aOnOn_Pk0iiXY6zyp9WW6ccusAra62hBuoa0LMSOxIkVGzKtvk50GexiOuuyyMUo0DgA179Xl3oIH_eRQfObvOmrOuxz5tFGKQjPESCNoAy6LAYpDYN8YGgvSRQKJnzaHfjGI7wn2HzX8HNfDMgBphsow9V6UGenPn2FCQwLrBNVfuWuGN7cUdEQ9vlUNoOQsTzEnYsNU5Gj_U7vcMyuikEnCc1A1pNQrVo-8sWHyubhu2ENU8xodlWRe6NApJK8Rfa6JhmaakLNxVw3_mVKyS9QQ-LMXll1zizPNGl6UY5-IbnXWHm6oEaORx0-NOjZrk3Y0nAVJQF3nTr3JbyzTm4SuuRTtpHhMT1UGnJscU3hDl1xHG3ApU2BCnjUOm7jW8R6sgoz6-1fHKZ_aArFoRws5v93RipmxOla5fpWuU_S5RaJ817fQ7Ed3R5XiaYBZVyZEKRcqTS7sAKzWhOV38P2I6e7cJbPVID-bslj7-7QziJaCneAc88kSdRHqZWiL9y_LgI8XY3vneA1jEhwVoLUWYzlV5evHDHUBj7kZbWuussUzm7kZzMSOMPGFgvsNCTUzSsLcfky6dd2Up-NwT9JcES2J3EqVEQT8d4lNPh8IVknaXYs5UfcNU2cCho2AGy8Z56QPHqPMDDIFXNRXDULm-tNPvVUE1jADwHKqpdJVV8mEwvUU5SUf4F6dDw4a2p3OxS--j4ygriKQpyE4kzfYJXJHwBEcszHZ0ORIQoUi2meVLQFUydGlo31WpMj-G2rX5hiv3bGfyT9EqF_5G6weGfPWNzzAgEgWKfHn515r3a1d0SswgzAuGOnvxdJ9SvPR0ANEN4JIx8wXI2uXqKgOcR3u1P2s2eh67rdCBrvs4NTDA7_EsxLONH3ATdDWMtrerIX7fsUglMVDVpbQqDQWwJH-sSwcaRTZGpwE6c__XFuLe5C5stxlAl3aU69RUpC846kY9Ux6nqhvV3Di-ERmgjrkUoq1jTz-TmOg0z2cu3mIrRePdSxOOqFFbRtEIKgukuvB3h8sPCpv2E&cid=CAQSOwDq26N9cG6QcfWuKIWdlg9FYXnaBcnfQgfRfV5Fc_mrqMAcOGgCxrwrCzg9Ahmb2-vTX0uE5k4nPukJGAEgEw&rfl=1%2Chttps%253A%252F%252Fi.afly.pro%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23982
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 9C2D 30 KB
11 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33113
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032211111611000/ Frame 9D32 221 KB
60 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032211111611000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f55c14576b73b1fa761c9722153509875403c18b3a6916045fd146f3e3a6a00

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:57 GMT
age: 347407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61627
x-xss-protection: 0
server: sffe
etag: "0be482f0352f4793"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:57 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032211111611000/v0/ Frame 9D32 14 KB
5 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032211111611000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4529063318c99582948589c202835d859092d2a24e417f4f0a3ccfe8211ad37e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:57 GMT
age: 347407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5201
x-xss-protection: 0
server: sffe
etag: "0e2d67a193799b94"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:57 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032211111611000/v0/ Frame 9D32 94 KB
28 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032211111611000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7b74f18b90d3a161b71d0fef3b4de6db5cdb3732dfaa445740bfd2042f78b9f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:57 GMT
age: 347407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28866
x-xss-protection: 0
server: sffe
etag: "61003bcde0ed5887"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:57 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032211111611000/v0/ Frame 9D32 5 KB
2 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032211111611000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3b63fa8f90f3f8b30a8c57665c86ad065073211f0f55a51d3b6f8cee295e3aa

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:57 GMT
age: 347407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1906
x-xss-protection: 0
server: sffe
etag: "d44263764bdab45e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:57 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032211111611000/v0/ Frame 9D32 40 KB
13 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032211111611000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99c69003f1b475f64a578b13fdfd566cc32c9ec0d7e51aabfe5c2b58de70918f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 00:19:57 GMT
age: 347407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12947
x-xss-protection: 0
server: sffe
etag: "9cd92599851d18a1"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 00:19:57 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9D32 8 KB
895 B 20ms
18ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 00:46:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9D32 2 KB
2 KB 10ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:16:18 GMT
x-content-type-options: nosniff
server: cafe
age: 52426
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 11 Dec 2022 10:16:18 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9D32 295 B
320 B 11ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 53841
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 11 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9D32 0
0 64ms
63ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8d17OimVY_z0H56K9u8Pk-eckA33o-TKbaPWsavREKTn8u2VAhABIIb3hiZglYKAgLgHoAGtrpCfA8gBAeACAKgDAcgDCqoEhQJP0Js2MAcRzWAjRO9AU-2ECEKV5hAl0gkEhlnDQuCk12tCkICqO_0QQ5bYLSCtsQD9bkWk_TNJNy95cuEcG2-yiOQ-87So-WeAdmXoVuMMJADCZx8de50Ce59HNPmmpIo2reug62sJHru4z6FMaltbB-q_UcBUHM-r-baFReV3F9cWT-jRxfYcg_EHB8k32FA3LzRKRk8DufgCTpmQX4afY3gSei6mOnTpTuu0QeUS4yEKW7Allb_oD0EVsVZ3r_j7HXMOG6F0fiA6xRlgcgZvZYAJobsh6BmDpDo0qhfQKSB7ZAz6R-IoXqI1grme6zbZYAgmlsgLAzUn53OBc1QTJe79WxvABN6oj7yNBOAEAZIFBAgEGAGSBQQIBRgEoAZmgAe70e9gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ_LYe0ggRCIDhgBAQARgdMgKqAjoCgECACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMTA2Mjk3Mjg2MTU1MzMwMxiB1Bw&sigh=6uHjd2vY1lQ&uach_m=[UACH]&cid=CAQSSwDq26N9IIpFII2ZC3W3Qy5l0a82NHOEx3tDSXQAvhiDj0fgJE1n5EwTpuc2zl2bc7xU6yvjSuliRMMPNgc4T5Ke22SAg5AcB5hd0xgBIBM
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 22ms
22ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 12 Dec 2022 00:50:04 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C7B7 0
0 49ms
48ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPISOcvMJ9cIo3AD9LtskU-2VThm8hWYyvE7w7O95FSC6FI95bG3VLfnrFkMX90te5ApJYDX82mCQEFTrYN0233NdRSlciLI8SkY2IIXVIWxYQG0pN0bKkBEaf3qXUxPwf5mOp4gf_GII8wE6AL_EAXaio2XWyjXk9sxl8hxQOYAufzkbwv2H9nqnsG1536dUx0EBqFWluwcJBkFYMCQMHnMgwubIIAStfZshdQEgmnPgIj7sU9mPRLG9CMVFFIsVA59VBXGDnSF6aKniFQl_RkaWX3yhYQutdVzrL-N7zvZKhscEcLcbfgy84uyuf7fZWSVeo2Dqbs9XZxqmTJrCK0t5VdHsFG7SfeZnSAK3m82eZJZabTs5DimHMDWgenWNb1VanQVZCILAc3lgDIG7xluNsWC1rQi1LuiIuUjDCX-K5POdFKNkJfak7rdlrYaag5bPqFfjleXOS97alTL6Pug2EbBZgRpkUEddcbgazqfzVfDHWX8pxSHtCKYvcyuuF-ohjQkoA0J3D-A5tkRii0hI1dUzjIRIzr3Vmxuj8QxuXj_dOxGOmUP3c3NozVsWABOfbDkN-3S6gzbuU4qCNjLY4P_-2ee3fqZcZm8eWDG7V9Z2esuDi7qeFYFhuG2NYYVRqBRm74cyq0zhHqO5DUiVVjfiCUz_Y0-bXnNh2iv9QswtgzcDCvWbxjtjPnMrXu39sORAZdghKKN548exPLuXRByfpawj-NPgKQx0hYn7PzoqzdiRAh5r3qulN56cI-1mvGwKLz7BM913PUFddvhlclAa2ZIjVuWExcZ-z3JUPxZml-l70MVpEL7n6IQ8DqEfYpcbQSQtXqIJFf-jTf4JamjHg5F82m2y8qhKrhL6Q1iStJ0m04ZJqazVHPI8AU2Eo6CE6qkpGxMNl7L977iBMuIJQLnkT8aoQb02jadUV_Tgz3NpYJAVy0OASGnGhQzFUeqYfODFvIbSVtIhrpZet4jRKJ2EZ7g4HHMIVnE9bvdnJHItkXmud_EKuWo7yHqzUjWapPPNhWN-7AR9WXXSKDsM5ppPy4kwfb1v8zd-iNp16MVVKlxxkPv8X-N84B_Owb_URIvbsou3srsq_WWS8XsGNsxoXMQXjBUSQl-LxmxJk0XDgTX6DMAP2SyyKwuDuSHVp6WTiK4EJutnPBYIRljwPcegYhKBbuN-0kTqH4R_UteUnUAIgWhHfA7u0AK3MFTpz2BXOXedEyBXMoFTqJgauARCYEz-SjqU_3vOEQNlB29VdJora7rk1pcFQd73upw&sai=AMfl-YSTetLLr06IzHouDq_16TPgpv87z_zAkbWYATl3gTYdqB0lTs8ybbKKP8rhB3zoFP3KUa5YJjh59VK2mHFy1bj1e2iijX12U8j4ye2wfw23PZK66z9jo9jdX0-42Qszf6Ah_TprXl2hcfVoiwHy1mSHs_U88_OTVy7uYTUIIEGb_acN_QxgRgC6YvUN-wJ-dhvR8TaBhZ7t42_2CBZK1KRAlm9bJlumfWHWJdpIrTwfqchL-QHijIlqR61ZBexlklCrpN4m7wyVh9jWFvfOaZzY0vS2nY2jw5wiMkkUaA&sig=Cg0ArKJSzOKbx_UdHms6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=592&vt=11&dtpt=396&dett=3&cstd=193&cisv=r20221206.98262&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
DATA 200
OK truncated
/ Frame 1222 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cd14267a654d3389a84d90c26f06d3fc88425eaa309126deb92df31a35af09b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1222 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEWO591VxMVv2l_VTCY6vHd49wr-9x-ugVIbjn4mwMND5RraDKmjLUd6FywgptZVxJWgeShzkxC_a7E4TST-NphTpYjmbrnyVRFiRPMYyAtubBE3I0mbNLNQoBa7hwcHRexWWjqEX_3NPx9W0pbxlErsLgBztZGNd4xn_pwEE6yqEgFys1d7GbYwBIYaiNZBQSFy78C9P9OQpzZerqIq5cLySiIEx_5_13jCQGw7CeV9zExZ_ad-BPVJ8ybwaQNYuwFiqQEIAd8coSAW01hNk96zAnsCX4pEOlMM-WJpFfIO2_nqCFoRWD9rmZ03Kk1ivGzKY_qZYe&sai=AMfl-YQE9Qv28S3DL7c-6HEHE7Lme9at-JBPN10xgPH6vqqFCsmSfoFJqsupOSEY1w2HNtGKq1rnrIU5MZ_wk7_Xv6l18BT-uPEYVsPEcJGWFYcht8kh24gdvVVt0NzZ4gaW&sig=Cg0ArKJSzBEeTOA3Mwo5EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiO...
d1dgf5fdrpyfo7.cloudfront.net/ Frame E8E6 150 KB
151 KB 64ms
17ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiOjUwMCwiZml0IjoiaW5zaWRlIn19fQ==
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 47cbdcc8fd93889fd743dd5b15b167780fbd1b785ae0af0c6e8c4e327a27248e

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:51:06 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565938
x-amzn-requestid: ba640313-3fa2-408a-90bd-83f68a6125fa
x-cache: Hit from cloudfront
x-amz-apigw-id: cBebbFSEFiAFuAA=
content-length: 153979
last-modified: Tue, 22 Nov 2022 15:10:19 GMT
x-amzn-trace-id: Root=1-637d4448-71c824654051ceb424f50bd1
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: mAEKjq8V6MEdABdgYjrBb7_xg2hYYcPqrF2J5El0BnL2HGoDv-fe3w==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJzdG9lcmVyLWdicGx1cy0yemVpbGlnLTJlOTFkNDI0Ni0xNjA1LTRhODctOTg1OS1kM2NlZWZhZjY3ODcucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjo2MDAsI...
d1dgf5fdrpyfo7.cloudfront.net/ Frame E8E6 74 KB
74 KB 97ms
51ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJzdG9lcmVyLWdicGx1cy0yemVpbGlnLTJlOTFkNDI0Ni0xNjA1LTRhODctOTg1OS1kM2NlZWZhZjY3ODcucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjo2MDAsImhlaWdodCI6NTAwLCJmaXQiOiJpbnNpZGUifX19
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5441af786457415967493aeb981685f4b501b786df64d733bfdebe3368f02b66

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:51:05 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565939
x-amzn-requestid: 181eb211-e4b1-484a-a088-2192dc7c9891
x-cache: Hit from cloudfront
x-amz-apigw-id: cBebbHdZFiAFd7g=
content-length: 75274
last-modified: Tue, 22 Nov 2022 15:09:05 GMT
x-amzn-trace-id: Root=1-637d4448-4bb6949409e15959475087db
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: UO_4owBz0RXKaOYtHUlr-Q9IGAS2qKnXQEtj5cZ9lT8WkxZ51eO1yA==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJoXzQ2MHg3MDBfMjIxMC1hbmYtbS1pY29uczdiODMzMzZkLTE0ZDQtNDMxZi05YTViLTkwNjY1OWM4ZmQxMS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE5N...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 0EFF 33 KB
34 KB 116ms
71ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJoXzQ2MHg3MDBfMjIxMC1hbmYtbS1pY29uczdiODMzMzZkLTE0ZDQtNDMxZi05YTViLTkwNjY1OWM4ZmQxMS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE5NDAsImhlaWdodCI6MTgwLCJmaXQiOiJpbnNpZGUifX19
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2193428af051da0e8a8213ccf644a3c1d27227fe83216033af2dc03f286537f5

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:59:15 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565449
x-amzn-requestid: 24f06617-ad25-4ced-87a3-0675fcb56e68
x-cache: Hit from cloudfront
x-amz-apigw-id: cBfoGFgzFiAFavA=
content-length: 33972
last-modified: Tue, 22 Nov 2022 15:10:18 GMT
x-amzn-trace-id: Root=1-637d4633-10ea1434556652df08498a5e
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: nEjCHL9GncvbB2f1FzWnQevgW9DICPGTeWf-a-xWnm1Zg0zCcWE7BQ==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiI3MjB4NjEwX3N0b2VyZXItZ2JwbHVzXzJ6ZWlsaWc1YzY3ZDhjZi03MDk0LTQ2ZGYtYmM1NS1iM2ZkYTRkODJhZDgucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoI...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 0EFF 28 KB
28 KB 118ms
73ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiI3MjB4NjEwX3N0b2VyZXItZ2JwbHVzXzJ6ZWlsaWc1YzY3ZDhjZi03MDk0LTQ2ZGYtYmM1NS1iM2ZkYTRkODJhZDgucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjoxOTQwLCJoZWlnaHQiOjE4MCwiZml0IjoiaW5zaWRlIn19fQ==
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6b3c0d6e9af3bb47acb61218183e4a9fe96561c1f0d8b4fd495ff7e20623288b

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:59:15 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565449
x-amzn-requestid: e7234b7d-5c08-4eea-89e7-8dc9e48e0152
x-cache: Hit from cloudfront
x-amz-apigw-id: cBfoGFsUliAFk1w=
content-length: 28203
last-modified: Tue, 22 Nov 2022 15:10:17 GMT
x-amzn-trace-id: Root=1-637d4633-4414df30139f47016d04cbc1
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: 4KCyR9B7l2tGrFgiZ6YEkOk9eG38cBnNEsSPruBT5OSUom-Y1Dxy1A==

GET
DATA 200
OK truncated
/ Frame 2BDC 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 12415855096560190219
s0.2mdn.net/simgad/ Frame 2BDC 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/12415855096560190219

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23b41d0e6d4809b3adf959f5c5ac60be35c28566abba95157785844acd51adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:41:21 GMT
x-content-type-options: nosniff
age: 133723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3002
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 08:27:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:41:21 GMT

GET
H3 200 15231738500925652179
s0.2mdn.net/simgad/ Frame 2BDC 19 KB
19 KB 9ms
8ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15231738500925652179

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4efc682e2462231e09afc77b76f1fb34c70c95950878b5fe53d4f33158219c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19726
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 13809871492651471192
s0.2mdn.net/simgad/ Frame 2BDC 11 KB
11 KB 11ms
11ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13809871492651471192

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a022dbc0b389adf471d8acd0e801b13e6e42d0da31b6e46333eae8fd75542e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10757
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 14559087041597115752
s0.2mdn.net/simgad/ Frame 2BDC 9 KB
9 KB 12ms
11ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14559087041597115752

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef4aa7407f46d0bcefeda285f53cce6c56aeb9a81d4c4d0eb9b0ffd831937d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8706
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 16098046385756737840
s0.2mdn.net/simgad/ Frame 2BDC 53 KB
53 KB 11ms
10ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16098046385756737840

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61d518c8efe91ab0b950d750e0787867996dfbee25fd7fad044cab28088864ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=w1CQLUnHWp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54058
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
DATA 200
OK truncated
/ Frame 9D32 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45b5801a20344c2265010947691a928a88f5ca7355413d4cfd5658ce457dc97a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 12415855096560190219
s0.2mdn.net/simgad/ Frame C821 3 KB
3 KB 12ms
11ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/12415855096560190219

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23b41d0e6d4809b3adf959f5c5ac60be35c28566abba95157785844acd51adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:41:21 GMT
x-content-type-options: nosniff
age: 133723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3002
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 08:27:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:41:21 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/11194968340574837653/ Frame C821 1 KB
623 B 13ms
11ms Image
image/svg+xml 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11194968340574837653/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22cae58f83ee6bc5fffb63a24e299211825d8f1b293f4682b27885db7a59e746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 12:40:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389393
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 585
x-xss-protection: 0
last-modified: Wed, 28 Sep 2022 06:59:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 12:40:11 GMT

GET
H3 200 14559087041597115752
s0.2mdn.net/simgad/ Frame C821 9 KB
9 KB 13ms
11ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14559087041597115752

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef4aa7407f46d0bcefeda285f53cce6c56aeb9a81d4c4d0eb9b0ffd831937d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8706
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 13809871492651471192
s0.2mdn.net/simgad/ Frame C821 11 KB
11 KB 13ms
12ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13809871492651471192

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a022dbc0b389adf471d8acd0e801b13e6e42d0da31b6e46333eae8fd75542e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10757
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 15231738500925652179
s0.2mdn.net/simgad/ Frame C821 19 KB
19 KB 14ms
12ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15231738500925652179

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4efc682e2462231e09afc77b76f1fb34c70c95950878b5fe53d4f33158219c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19726
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 16098046385756737840
s0.2mdn.net/simgad/ Frame C821 53 KB
53 KB 12ms
12ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16098046385756737840

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61d518c8efe91ab0b950d750e0787867996dfbee25fd7fad044cab28088864ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54058
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 44CD 36 KB
16 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 1DA1 36 KB
16 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 273E 36 KB
16 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 9D32 28 KB
28 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://i.afly.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:03:51 GMT
x-content-type-options: nosniff
age: 315973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 09:03:51 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F5DD 0
0 46ms
46ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstGi4RDl7o-TiqO_jgQXv2FTSks3uJJ3gBJFJXoeBItujaTTeHlMqP0oSKGFnuXBUePuWwG6JYWlNrgsBaoyOTwrysxR6C3pSrAcR_PlcfDZr6TrS8CKrS4do8KVmHcF35eIeNQqKPR-Sj9JtTWEXHljborv0M4zbsjWMK-jGL7dUjcaeTCPr0fN28BeG9xO3hJF1kCi1njVeRLS2oPEPyaNaK55YuY2cv0T6qHmf0i5ie3jMWG6kelpR91WfZmYwHlRow1qGNxAsaeVd31rHLs8C-xlRMRdqHk5_cTbq35xQ5_hCiYBuXA3HQJ7OkkLi9B5cZfEFENiqXpoigTDtZAFPXIvo3G-WMKScdvv-pRaaKMOHS-LCPY6x-La0KXLQ2m5Yc6fZnxCF1uXiDxKdIq30wZJuerOBZpIRhfRaYHnNBABBlWntTSPoSfPOEPRGnwlYvFJkEB9bEIaw1cM42_ZyIM4s3reBzQhrT6PE06zCudKEwqPnnn8C6RCvvYkdemSxKWireyO3y8mgh8IXLodCp60mDWZxSX4rK2Vf2yjSwoMiUYcS94bcNB5xB7RBD_ZLSlE_af3YLnrXRn0ovkgg3Hp-sp6MzFIJ3QacxorPKlt0o54UcmphoJYnO6NOnHoJv7k04cHvrv9YXkbO8qJ2RCZKeC8Wvg1m1hLCD51UG9gUHPKHC0NPvjKdlgtsePlFuKUVJwne5hBpk_Sp8Ljfvi0g-uV2nT5DYANf695R4UrqbeRhBb7fpsK-iltUQLE_36UejbKJCch6X_PXj2jhdUPbEZT9swBU1578z_H_eKtf8r0wcvFvojjhAkOyjbK1cZjcZCzqZIcF8Wy_Zph_rVrDylrvMGsEwOLxzF3tNCxO59NUeYLKxe30Ae27IGpfJSy6FUpQIHqsy2kCyDuhnk2qO6eFKgPJkZsPIowIG9wDittn6OXFO9wb9oKBlqpNrFaBxbdcOfhxKFHdEy-cILzG7Zma9MCQv2eBOz7k06uq8wl-8UyHtOZ4vv27YEtpc8wl9RMEz1LS3v-6P0_fF0dRqWD8ysWqfDkRlAbpkeJA9pG4lqWgT7kuIVaPNl6zfJuL10mlogJhUZccb4MZTChS0-C47KkwJ9CsFfQwED7JdRVHExIJg814qXMQLnSU9Ch8166H0WyOhpFDmd8FSMjX9MuHrTNdYWWnVbYN2rKFy6CaJo0ugSjxLlZSPkwQ9AnMMw-6pwWeG14RLtRdpKvDmSFyqFsJ6LfEHXhxlpp4bCSzT0-owbrEA7s2SG3Q2tNgoYshILhUFqZU4Oii4_K8Xz&sai=AMfl-YRslrgAj2--rkZUcmuJFuMKGFuwmLDbLAgoBRL_lck-W3LsPvqklN8E7Ou0HV7cXIMicWQ8QhpZwhyE_85LE0_wVEG8acNOjRtXl3xmnLQ6Rk52I8E5xuasYOmTkEqyjZQPDjiBk3NzSHNHEU6RFZu1rwL2KXX2aIaFuj4rXM-tX6LN_zXawrM0Rs6hm77unmfi-tTNfGDwBk-WW1n09Ndj4QVLXpuD1Lp8t_SWyoeYKgHiZoUfYXfswfuvoh2eREKDjZifGupMAreWPR0q0bfWyq1qUJhwmYpu7ADXcKzcbu2M_0u381cRk5grQ_k&sig=Cg0ArKJSzKNUHqCga7EOEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=765&vt=11&dtpt=572&dett=3&cstd=190&cisv=r20221206.31781&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5DD 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=fb.1141,e2e.2187,fs.1126,reqs.1131,ress.1141,rese.1142&srt=45&e=&id=csi_pagead&gqid=&qqid=CPeA5aKs8PsCFdiB_Qcdr9EGcg&rt=lb.566,ol.1046

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 35EB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7a4e7f5fffc59b4c232154a2b57b78daa28ad2440ff7440b90560807403de8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31252/ Frame DD83
Redirect Chain

https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5...
https://assets.scoota.co/serving/31252/placement.js?ts=1670719804652

68 KB
23 KB

77ms
13ms

Script
application/javascript

13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/placement.js?ts=1670719804652
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a5265602d90330cd7be8ce447b30a8ec64d0a4e7422c3f7445ce0582b065f1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:42:31 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 455
etag: W/"63c965f8f56f044546d2644b98c5af14"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: QXlzUyRnnY_BjKdZGtd1K8hM6l10xiAFwdoKp7rgrxZugbGkim8itA==

Redirect headers

location: https://assets.scoota.co/serving/31252/placement.js?ts=1670719804652
x-cloud-trace-context: 41746a367c8234d0e6aa93e53c4be999
date: Sun, 11 Dec 2022 00:50:04 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame D42D 52 KB
17 KB 101ms
19ms Document
text/html 88.221.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=2003356
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.189 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-189.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 11 Dec 2022 00:50:04 GMT
ETag: "623de86a-cf34"
Expires: Mon, 12 Dec 2022 00:50:06 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame DD83 0
809 B 46ms
10ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fi.afly.pro%2FLclT&e=wqT_3QK4D_BMuAcAAAMA1gAFAQi60tScBhDXxOzl6KGasSkYpaSiwfDN_MdNKjYJILqgvmWOC0ARVi2dmsFr6j8ZAAAAIIXrCUAhVi2dmsFr6j8pH7oJJNAxAAAAQOF61D8wxtjPCjilFUCcWkgCUPiTibwBWPq8lgFgAGiztyt4kNkFgAEBigEDVVNEkgUG8EyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTI1MDE4NywgMCk7dWYoJ2knLCA3NzU4MTI4LCAwKQUULGcnLCAxOTQ3NzY5MxUpMHMnLCAyODAzNTM4MTkVFjByJywgMzk0NDE0NTg0BRbwtpICzQUhRkpJeG13ajNsdnNaRVBpVGlid0JHQUFnLXJ5V0FUQUFPQUJBQUVpY1dsREcyTThLV0FCZ2JXZ0FjQUI0QUlBQkFJZ0JBSkFCQVpnQkFhQUJBYWdCQWJBQkFMa0JvaTQ4ZEZjYkNrREJBUUV4NURsbmpndEF5UUVBQUFBQUFBRHdQOWtCY0Y4SHpobFI3al9nQWJEQzJRUDFBUU5PYmtDWUFnQ2dBZ0cxQWdBQUFBQzlBZwE58KpEQUFnRElBZ0RRQWdEWUFnRGdBZ0RvQWdENEFnR0FBd0dZQXdHaUF3NEl6OTd2SmhBQkdBSXRBQUJ3UWFJRERnalAzdThtRUFzWUFpMEFBSEJCdWdNSlJsSkJNVG8xTXpFMDRBUDZMNEFFeUtqTENZZ0V3S25MQ1pBRUFaZ0VBYklFQ1FqcHVTNFEwc1dqRGJJRUNRaW5oMUlRMHNXakRib0VVQWlRQ2hFQUEBrxRBRFFQeGsFCgUB2ENEcHVTNGd6YktvQ1NDQmo1UU1JTmVRbEF3ZzFNaWREQ0NyeVowTUlNVEpuUXdnek1tZERDRDYFFFRONkdqZzBnNW9hT0RTRHZobzROd1FRBVcFaAg4a0UNDQEQFFlCQUR4QgELDQFcaUFYQ0taQUYtNWRWbUFXYnVOZUZBYWtGDR8UQThELXhCEU8UQUFBd1FVAQcBAQh1UU0JKBw0RWNoempfUi4oAAAyFSjwQ0R3UC1BRmhZTVY4QVc5NmFRSi1BV0x1Y0FDZ2dZRFJWVlNpQVlFa0FZQm1BWUFvUWJhRzN4aE1sV3dQNmdHQkxJR0pBPSwAQh3PBEJrAYgJAQBDHRhETGdHQ2cuLpoCmQEhRnhpZ3hnOtEC2FBxOGxnRWdBQ2dBTWRvYmZHRXlWYkFfT2dsR1VrRXhPalV6TVRSQS1pOUpjRjhIemhsUjdqOVIJagEBBEJaAQYJAQRCaAkIFEFBMEQ5cBEMDEFBQngdDAw0QUlrNXjYOEQ4LtgC6hDgAqboVOoCF2h0dHBzOi8vaS5hZmx5LnByby9MY2xU8gIRCgZBRFZfSUQSBzUyNWH_HPICEgoGQ1BHARQACHHrARUIBUNQARQACXXqPPICDQoIQURWX0ZSRVESATAFEBxSRU1fVVNFUgUQAAwJIBhDT0RFEgDyAQ8BWREPEAsKB0NQFQ4sEAoFSU9fSUQSBzc3hXQA8gEhBElPFSE4EwoPQ1VTVE9NX01PREVMASsUAPICGgoWMhYAHExFQUZfTkFNBXEIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnZ8JqAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3kK4B4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIECjgxLjk1LjUuNDKoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAS34LUiyAQA0gQPMTE1NDgjRlJBMTo1MzE02gQCCAHgBAHwBPiTibwBiAUBmAUAoAX______wEFGAHABQDJBQAFARTwP9IFCQkFC4AAAADYBQHgBQHwBVn6BQQIABAAkAYAmAYAogYOMjcyNSMFYSA2NjIwuAYAwQYBMDAAAPA_0AatRNoGFgoQCREZAVwQABgA4AYB8gaPAQj7l1USiAFfeFpZUFdlB_BAREFBa0NCUUVJM3BmTENCRHhqdTRDR1BtMXVBTWdCeWdBT2dVSXliYTVEa0NDMExnSVNKei12QWhRLWk5WTNETng2ugIARVW6VEFBQ0lBUUNRQVFDYUFRSUlBS2dCQUwuIAA0QS6ABwGIBwCgBwG6Bw8B50gYACAAMAA4ugZAAMgHkNkF0gcNLRMETkABxgjaBwYJJ2jgBwDqBwIIAPAHlPkDiggCEACVCAAAgD-YCAE.&s=afe4bbeb7ad63f9b82db8e4244a65bbc7e8274ac&bdref=https%3A%2F%2Fi.afly.pro%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fi.afly.pro%2F,https%3A%2F%2Ff580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html,https%3A%2F%2Ff580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:04 GMT
AN-X-Request-Uuid: 1bcbdc01-f96d-4133-8741-ed5c78eb0eaa
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame DD83 80 KB
27 KB 64ms
13ms Script
application/x-javascript 88.221.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.189 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-189.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27455
Expires: Mon, 11 Dec 2023 00:50:04 GMT

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame DD83 0
809 B 47ms
11ms Image
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fi.afly.pro%252FLclT&e=wqT_3QKhDfBMoQYAAAMA1gAFAQi60tScBhDXxOzl6KGasSkYpaSiwfDN_MdNKjYJILqgvmWOC0ARVi2dmsFr6j8ZAAAAIIXrCUAhVi2dmsFr6j8pH7oJJNAxAAAAQOF61D8wxtjPCjilFUCcWkgCUPiTibwBWPq8lgFgAGiztyt4kNkFgAEBigEDVVNEkgUG8EyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTI1MDE4NywgMCk7dWYoJ2knLCA3NzU4MTI4LCAwKQUULGcnLCAxOTQ3NzY5MxUpMHMnLCAyODAzNTM4MTkVFjByJywgMzk0NDE0NTg0BRbwtpICzQUhRkpJeG13ajNsdnNaRVBpVGlid0JHQUFnLXJ5V0FUQUFPQUJBQUVpY1dsREcyTThLV0FCZ2JXZ0FjQUI0QUlBQkFJZ0JBSkFCQVpnQkFhQUJBYWdCQWJBQkFMa0JvaTQ4ZEZjYkNrREJBUUV4NURsbmpndEF5UUVBQUFBQUFBRHdQOWtCY0Y4SHpobFI3al9nQWJEQzJRUDFBUU5PYmtDWUFnQ2dBZ0cxQWdBQUFBQzlBZwE58KpEQUFnRElBZ0RRQWdEWUFnRGdBZ0RvQWdENEFnR0FBd0dZQXdHaUF3NEl6OTd2SmhBQkdBSXRBQUJ3UWFJRERnalAzdThtRUFzWUFpMEFBSEJCdWdNSlJsSkJNVG8xTXpFMDRBUDZMNEFFeUtqTENZZ0V3S25MQ1pBRUFaZ0VBYklFQ1FqcHVTNFEwc1dqRGJJRUNRaW5oMUlRMHNXakRib0VVQWlRQ2hFQUEBrxRBRFFQeGsFCgUB2ENEcHVTNGd6YktvQ1NDQmo1UU1JTmVRbEF3ZzFNaWREQ0NyeVowTUlNVEpuUXdnek1tZERDRDYFFFRONkdqZzBnNW9hT0RTRHZobzROd1FRBVcFaAg4a0UNDQEQFFlCQUR4QgELDQFcaUFYQ0taQUYtNWRWbUFXYnVOZUZBYWtGDR8UQThELXhCEU8UQUFBd1FVAQcBAQh1UU0JKBw0RWNoempfUi4oAAAyFSjwQ0R3UC1BRmhZTVY4QVc5NmFRSi1BV0x1Y0FDZ2dZRFJWVlNpQVlFa0FZQm1BWUFvUWJhRzN4aE1sV3dQNmdHQkxJR0pBPSwAQh3PBEJrAYgJAQBDHRhETGdHQ2cuLpoCmQEhRnhpZ3hnOtEC2FBxOGxnRWdBQ2dBTWRvYmZHRXlWYkFfT2dsR1VrRXhPalV6TVRSQS1pOUpjRjhIemhsUjdqOVIJagEBBEJaAQYJAQRCaAkIFEFBMEQ5cBEMDEFBQngdDAw0QUlrNXjwsDhEOC7YAuoQ4AKm6FTqAhdodHRwczovL2kuYWZseS5wcm8vTGNsVIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_eQrgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQKODEuOTUuNS40MqgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABLfgtSLIBADSBA8xMTU0OCNGUkExOjUzMTTaBAIIAeAEAfAE-IHMIIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC7gAAADYBQHgBQHwBVn6BQQIABAAkAYAmAYAogYOMjcyNSNGUkExOjY2MjC4BgDBBgEwMAAA8D_QBq1E2gYWChAJERkBXBAAGADgBgHyBo8BCPuXVRKIAV94WllQVyXw8EBEQUFrQ0JRRUkzcGZMQ0JEeGp1NENHUG0xdUFNZ0J5Z0FPZ1VJeWJhNURrQ0MwTGdJU0p6LXZBaFEtaTlZM0ROeDajAQBFNaNUQUFDSUFRQ1FBUUNhQVFJSUFLZ0JBTC4gADRBLoAHAYgHAKAHAboHDwHnSBgAIAAwADi6BkAAyAeQ2QXSBw0tEwROQAHGCNoHBgknaOAHAOoHAggA8AeU-QOKCAIQAJUIAACAP5gIAQ..&s=40701ac224b05f1d08c8d8395f12fa4266b3e17c

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:04 GMT
AN-X-Request-Uuid: 9425512a-b805-4223-bcec-04afc9e94176
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 82C5 13 KB
5 KB 27ms
10ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136172
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 11:00:32 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 82C5 7 KB
6 KB 20ms
20ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c28e1b97ad428ade73ef0728daed94bf40702aacc99c4fe048b850e73ffef4ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5660
x-xss-protection: 0

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31252/ Frame 98F3
Redirect Chain

https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5...
https://assets.scoota.co/serving/31252/placement.js?ts=1670719804669

68 KB
23 KB

84ms
20ms

Script
application/javascript

13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/placement.js?ts=1670719804669
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a5265602d90330cd7be8ce447b30a8ec64d0a4e7422c3f7445ce0582b065f1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:42:31 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 455
etag: W/"63c965f8f56f044546d2644b98c5af14"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: LG72ftcpoI_biF68E1rEptNBXYY3KEuNNlF6PeMsFFCWsehVmJuOsw==

Redirect headers

location: https://assets.scoota.co/serving/31252/placement.js?ts=1670719804669
x-cloud-trace-context: 9d06d242ecd97a0a4793913b9f72389b
date: Sun, 11 Dec 2022 00:50:04 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 074D 52 KB
17 KB 83ms
19ms Document
text/html 88.221.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=2003356
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.189 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-189.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 11 Dec 2022 00:50:04 GMT
ETag: "623de86a-cf34"
Expires: Mon, 12 Dec 2022 00:50:06 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 98F3 0
809 B 30ms
11ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:04 GMT
AN-X-Request-Uuid: a771cf0f-a5f2-4e71-a66c-dc62e56638b6
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 98F3 80 KB
27 KB 47ms
14ms Script
application/x-javascript 88.221.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.189 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-189.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27455
Expires: Mon, 11 Dec 2023 00:50:04 GMT

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 98F3 0
809 B 30ms
12ms Image
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fi.afly.pro%252FLclT&e=wqT_3QKhDfBMoQYAAAMA1gAFAQi60tScBhC84d7_wP-svDEYpaSiwfDN_MdNKjYJILqgvmWOC0ARVi2dmsFr6j8ZAAAAIIXrCUAhVi2dmsFr6j8pH7oJJNAxAAAAQOF61D8wxtjPCjilFUCcWkgCUPiTibwBWPq8lgFgAGiztyt4kNkFgAEBigEDVVNEkgUG8EyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTI1MDE4NywgMCk7dWYoJ2knLCA3NzU4MTI4LCAwKQUULGcnLCAxOTQ3NzY5MxUpMHMnLCAyODAzNTM4MTkVFjByJywgMzk0NDE0NTg0BRbwtpICzQUheEpHN1N3ajNsdnNaRVBpVGlid0JHQUFnLXJ5V0FUQUFPQUJBQUVpY1dsREcyTThLV0FCZ2JXZ0FjQUI0QUlBQkFJZ0JBSkFCQVpnQkFhQUJBYWdCQWJBQkFMa0JvaTQ4ZEZjYkNrREJBUUV4NURsbmpndEF5UUVBQUFBQUFBRHdQOWtCY0Y4SHpobFI3al9nQWJEQzJRUDFBUU5PYmtDWUFnQ2dBZ0cxQWdBQUFBQzlBZwE58KpEQUFnRElBZ0RRQWdEWUFnRGdBZ0RvQWdENEFnR0FBd0dZQXdHaUF3NEl6OTd2SmhBQkdBSXRBQUJ3UWFJRERnalAzdThtRUFzWUFpMEFBSEJCdWdNSlJsSkJNVG8xTXpFMDRBUDZMNEFFeUtqTENZZ0V3S25MQ1pBRUFaZ0VBYklFQ1FqcHVTNFEwc1dqRGJJRUNRaW5oMUlRMHNXakRib0VVQWlRQ2hFQUEBrxRBRFFQeGsFCgUB2ENDbmgxSWd6YktvQ1NDQmo1UU1JTmVRbEF3ZzFNaWREQ0NyeVowTUlNVEpuUXdnek1tZERDRDYFFFRONkdqZzBnNW9hT0RTRHZobzROd1FRBVcFaAg4a0UNDQEQFFlCQUR4QgELDQFcaUFYQ0taQUYtNWRWbUFXYnVOZUZBYWtGDR8UQThELXhCEU8UQUFBd1FVAQcBAQh1UU0JKBw0RWNoempfUi4oAAAyFSjwQ0R3UC1BRmhZTVY4QVc5NmFRSi1BV0x1Y0FDZ2dZRFJWVlNpQVlFa0FZQm1BWUFvUWJhRzN4aE1sV3dQNmdHQkxJR0pBPSwAQh3PBEJrAYgJAQBDHRhETGdHQ2cuLpoCmQEhRnhpZ3hnOtEC2FBxOGxnRWdBQ2dBTWRvYmZHRXlWYkFfT2dsR1VrRXhPalV6TVRSQS1pOUpjRjhIemhsUjdqOVIJagEBBEJaAQYJAQRCaAkIFEFBMEQ5cBEMDEFBQngdDAw0QUlrNXjwsDhEOC7YAuoQ4AKm6FTqAhdodHRwczovL2kuYWZseS5wcm8vTGNsVIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_eQrgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQKODEuOTUuNS40MqgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABLfgtSLIBADSBA8xMTU0OCNGUkExOjUzMTTaBAIIAeAEAfAE-IHMIIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC7gAAADYBQHgBQHwBVn6BQQIABAAkAYAmAYAogYOMjcyNSNGUkExOjY2MjC4BgDBBgEwMAAA8D_QBq1E2gYWChAJERkBXBAAGADgBgHyBo8BCPuXVRKIAV94WllQVyXw8EBEQUFrQ0JRRUkzcGZMQ0JEeGp1NENHUG0xdUFNZ0J5Z0FPZ1VJeWJhNURrQ0MwTGdJU0p6LXZBaFEtaTlZM0ROeDajAQBFNaNUQUFDSUFRQ1FBUUNhQVFJSUFLZ0JBTC4gADRBLoAHAYgHAKAHAboHDwHnSBgAIAAwADi6BkAAyAeQ2QXSBw0tEwROQAHGCNoHBgknaOAHAOoHAggA8AeU-QOKCAIQAJUIAACAP5gIAQ..&s=3ba3f6d7d9ae9fdbde56d1f09d7d7cfd20b2a2a9

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:04 GMT
AN-X-Request-Uuid: 8d978d6b-1fe6-4e49-bef3-5a0f6e3fd39f
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73C9 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpsQ7OymVY5L3DoOJlQf6qqeoCgAAAAA4AeAEAg&bg=!09Cl0JTNAAYgquz3AKo7ACkAdvg8WlqZVqj4HTXhOe2TJodqulmpB4R4-63_oEsKOEJ-SuEHVBB7kQIAAAIUUgAAAANoAQcKAICqqyopXWbPmdTHkSkY0q_GpOAfalytNMhmenN4P491uS3F207YIaTX7Kiwqj4m-pXMuYKBCzQzr04q-xU6QnAvsVYv95eevwRdEEph5i-Jqm4-ZuC0NTcZUJPX1ZhzXaJjoEAEi5f5FrNIL5L31561cAnsoOZKARNGyeh2xWaAdZkC3VEJHqiKclxEXIDuB_m_uEceczog_lazHl3Nbf1sXGw-SiJ8ONxLfv7SoztcYsJe69sa373SImba7176CWKNc9VgXo3RaHl4o_haiPdwuuMYqwfocYNtAc8LDZ6U_Szf1Wzt7Yd3E0hQUJLnokaQYMvC4WcFdyiXlQcx-xCTsLvx-npyiTVqO1TBw1yKEYR9wlXr4r4PUx9dmEK-lLCM4Yn6E50DapTkL0iXyhVSo-scn1nncCnG1HvKB7O3jVvCtn9YcLmhujPD380E0Hg7eKpwuzhmEBI9dBNqoaDDosGtnG9XRdOG_scAUIGbTVjqzjXux7e_ZSIGsvXo3sU3C6rS6Y_weXW6nR_1Bm6Ot77jsLRFjSdOrv9ielRRuKMbe_rvnelU8-SaIMIdN1hnoUaVYqyPBa5vI3CSkmSTEAAHEimBT1ohQWSDkoS--gLS6E9m53AF10L1RgFPKuxlS0gxuRisMazRceyMBoU6iN0NYj1UGD5t7QheEr8VTfpGA6mx1iWgHJXq16ISS3SaUuX9o2T89i_q-Ev5hIryHlu5H-hNqktCWncoqFMmLtSA3KU-xGcdoFQTCmUqGKplcjZsFu7GEVaBTsWUDfQoSnga7f6lPWbW9P9ipfvuPaZupRQgqQHs_CMwneluDGHugeoleVimoT5xFq7PPjaA9aBsVVl04HnltfBOdna5VSCy0zT_OHhm_3EeAnCELidG4hopU2akWngRKd_j6_Q4l5inENhsWaLcqqLhi_lEpxmb2Ef2gkbPbDg3X34sgv-3uC2d8chS-f3JbJ-wmQuF7mudTCYVWiIMpUpsCo2mao76t2MS1__GCi30jUCHfy8nNuTb8x2Y7LJxn1sIhjS7fUwMO0Mx-9MTN8oF3ykMSNL6bcAjoN9rCuVD48yV8UAbO52hX3HaFHKki-yPqd9l09T5JlWUmPpI-rzeba9Pa-I49N3bW4y9CpOjjFwW-ZI

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12015261515640113651/ Frame CA56 103 KB
25 KB 20ms
19ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0a79be832aeda685a870f0143273a61f8a656382607f9f1f633a0140877d9f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:04 GMT
expires: Mon, 11 Dec 2023 00:50:04 GMT
last-modified: Fri, 19 Aug 2022 18:11:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9C2D 0
0 57ms
56ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstvp2A2PDoTaAdoJ9-cdp-PpfoDDenfeQf5a2emmxu6A8ohQdo98piSUpoYUzVooepWUo8f5CTtu5mgwZ933QaXiGCwHHcFL2cTDLPH6o6HChsH_CqZIeBE5OJSeKxr4b5_aspK_O31waRBLivS_2Jd-w3ecQamDiGJ1l6uS5OqTI575Y8Hu-Z9NvqQp-cVz7nR8vXsv7Yyv7CKAZ3k5Ku4Zi3c1k7IIvVxhn5jZlkF8l6F-7ENErhpAOqo_uw8Me6-7xPS-ZCIISmsRuQGaaW7Hb_nbTTNfTsNMmsroxpv4kca7lhXS_dyeQzif7syAnIrkT7xPrtsSEIhrKwXdFfbDZWA6CgDz4BZ49ILafsweAnWTDqxsZVvVOX9Q4ipq7u7yJtanAKDMCowFXw6MIaCPGHbpMKhoFvyhL_l4UofN9RSE53dimtfDjrDKv3Dre372epheUH0ELNOTJrMabBYt3DKbwutphdYWNJLapDyE-PVFkbCQEAairj0uhV-MHc3D1TRilypj27-4wCRE_RFfYGhmNlPUnu558V4GcU1Rzw1zwUrMTP00RCv1Q_vKFLBc1yECEfZjb8IQM4vtvpp7r00Y1N8eJcBFU2KXK_BM4adbMEL0W7dKKrII5a_F7ZGsl8-AdNByZxX5uIhDgFUblDkcCWp-H37JXuyO-t7iDojop_NpKA9csdcrbP3dvDW3UicnXkZm-S7WW8hxbT1pB7d8GLFnJEgar_45n8qtY1BAWklnu_3_tl1EPNDfAW257AH-vg5njQVsnwFSv1oTPIefWiFun7k5q6fFZRaBvjf59UYqIcW7pHcCdEXRXNjk0YsCZQyT9lw8XuxnRTDjVXH6A75qngSbBuhC-7B_ua25y-ZcEdHyoOpOGxwggJlNFlH8pzMcXdfo2TYytNarfrAvX_WbWdOnTRYuVTYtgbcq1LJvnnmaNSXSOY2YtctpSFmG51HYo9SXkuRVvjtkH2stMp_by4isMhsGEAqcO5-MAH9SRfZ0qgUVc-ThvDoPrLpNQeUPvsKdKiGCS_WigOBpcUT3_b8HbidMNc9uMvIdii_IxbQ31p6rwyFlzl-rbkjw66Oqc6srKGlCGBuVej2GuHYisCd8yx8t1z2p89ds-uEHtAFanHAvsdBQD4KDeOnAgZBxBaZybZH9gcLc1UZuQkLtw6V3jKoF82JyXUL_uqqb95BrTGcjSs_ZIyORBzXL6DJX0zMM0mvUJnic8htsxgq6fs9KUXVDk-fOQbFkJ6ImLQ&sai=AMfl-YR9WBVoZcVc2_pvepWIMud98a78X8bJQT-i0nSwMS32xOpLM4vE0CZ1JH9MHACjC7I6QalSCm-wN0hCLA3gOPAo9EXCjqNaA_jGnQNwqvrsFyCblYPaYVDj4avr4btb0Q8kcSfrlx-k8pIiX9xPCHYtQm1S44VGNI16qTjsIo71NXE6J2-2R6vV69D3uR2HQxzbN_mT7BRJdRUIx_2qaSONBR43vW4ZzSCXCOuq12VwgB1LoTD-J-zQ_eMyGRagaS57XF2tIiA&sig=Cg0ArKJSzPvqqsAViphREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=270&cbvp=1&cstd=266&cisv=r20221206.80646&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiO...
d1dgf5fdrpyfo7.cloudfront.net/ Frame E8E6 150 KB
151 KB 42ms
13ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiOjUwMCwiZml0IjoiaW5zaWRlIn19fQ==
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 47cbdcc8fd93889fd743dd5b15b167780fbd1b785ae0af0c6e8c4e327a27248e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 22:05:08 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565096
x-amzn-requestid: d2385a93-1242-4fdd-a652-8728ac92275e
x-cache: Hit from cloudfront
x-amz-apigw-id: cBgfAExAFiAFfpA=
content-length: 153979
last-modified: Tue, 22 Nov 2022 15:10:19 GMT
x-amzn-trace-id: Root=1-637d4793-34e24a777c49a6b0008ee32b
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: hm4e82RHFfCKWyh25-vT16v-Xg2Qzo1ijESfE9QWM81G73V-ZBPgUA==

GET
DATA 200
OK truncated
/ Frame C821 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 12415855096560190219
s0.2mdn.net/simgad/ Frame C821 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/12415855096560190219

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23b41d0e6d4809b3adf959f5c5ac60be35c28566abba95157785844acd51adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:41:21 GMT
x-content-type-options: nosniff
age: 133723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3002
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 08:27:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:41:21 GMT

GET
H3 200 15231738500925652179
s0.2mdn.net/simgad/ Frame C821 19 KB
19 KB 9ms
8ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15231738500925652179

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4efc682e2462231e09afc77b76f1fb34c70c95950878b5fe53d4f33158219c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19726
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 13809871492651471192
s0.2mdn.net/simgad/ Frame C821 11 KB
11 KB 10ms
10ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13809871492651471192

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a022dbc0b389adf471d8acd0e801b13e6e42d0da31b6e46333eae8fd75542e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10757
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 14559087041597115752
s0.2mdn.net/simgad/ Frame C821 9 KB
9 KB 11ms
10ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14559087041597115752

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef4aa7407f46d0bcefeda285f53cce6c56aeb9a81d4c4d0eb9b0ffd831937d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8706
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H3 200 16098046385756737840
s0.2mdn.net/simgad/ Frame C821 53 KB
53 KB 17ms
17ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16098046385756737840

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61d518c8efe91ab0b950d750e0787867996dfbee25fd7fad044cab28088864ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11194968340574837653/index.html?e=69&leftOffset=0&topOffset=0&c=3BBjpCBbV9&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:57:10 GMT
x-content-type-options: nosniff
age: 442374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54058
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 14:17:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 21:57:10 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJoXzQ2MHg3MDBfMjIxMC1hbmYtbS1pY29uczdiODMzMzZkLTE0ZDQtNDMxZi05YTViLTkwNjY1OWM4ZmQxMS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE5N...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 0EFF 33 KB
34 KB 32ms
15ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJoXzQ2MHg3MDBfMjIxMC1hbmYtbS1pY29uczdiODMzMzZkLTE0ZDQtNDMxZi05YTViLTkwNjY1OWM4ZmQxMS5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjE5NDAsImhlaWdodCI6MTgwLCJmaXQiOiJpbnNpZGUifX19
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2193428af051da0e8a8213ccf644a3c1d27227fe83216033af2dc03f286537f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 00:55:57 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1554847
x-amzn-requestid: 8bb03ba9-57f3-4f0f-85b6-d75ec92a87e9
x-cache: Hit from cloudfront
x-amz-apigw-id: cB5gjGIhliAFuUQ=
content-length: 33972
last-modified: Tue, 22 Nov 2022 15:10:18 GMT
x-amzn-trace-id: Root=1-637d6f9c-424249ed4e46a3fd252fd247
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: KoQFdKgHOrvNOlpQ3E7D_tdtTc2bUUA7MAQJY96J4XZGHB096ZgjuQ==

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 5FC9 87 KB
28 KB 33ms
33ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 12 Dec 2022 00:50:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2F4F 0
0 50ms
50ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=1988564500604290&bg=!WVqlWh7NAAYgquz3AKo7ACkAdvg8Wgxi4lXnbbyZEfaItK43Yu6VpIqDcLjDcJ6xGPjXgU-c4PdTHAIAAAF9UgAAAAFoAQeZAxUoXceZ-GOChgCcrpeKCrqYh5mARp2Bzzjj9LrblpqgmlPe2gq1G-gd9_GZ_WI3MZzzHPhBZ_ilbeG4Pv-6epl-3zhjGbigF7jt4UoooJMJkTJR83wgbeqd8q4_3VZP7PfelOaOvKbj-BfcE4KSYNVdAlt89jLSRrTWZf3SBaGC27b1UWCQ5wbAORDIW8kF_0Ei0zh10bvncWWLmoZvlBOV7kx1RtpePBgw6jvZ62gplxbksMVKloNWbSZiP8YMoIbx-JPwbmujaNtqMx9xBTPdP0Cm7trA2S4OrCow_SZZB4P7kldrIzkieRPNSKDmqkZ92Codx0jcep31NXea1A5gKyv1pPP6Ri_9qV4E2P1F6_xHnLziBCv-qsK6Eevof3SyWH25s1VWoziyUY_El_cx0sq_wnXyfTJiTs58DfsdxJ20JB0eOZb0aMQpCSprChZ6u8wL9rVO7DJQyfpQpk09-EA2juJt1ts8B1STLJCDJjfAnNwS0inzDR7pxCbX8G8niLZGZ15_BFIkM-kEgn46FdpbVnfTH7zJnIhkLiyOaV_C0sD0jFk3CepQcket_vXqMsjELLB7pOFzSRvxiH0LfxIInW606GEsahBSWGxtU3OXOORnvml4UPjqJvHPn8aK-bLa41J824kjTO0lWUx5lIB826MMn0m78dCupU3gw5_q2WFfZvHQeCSReqL9PvAOI6eBfAW3lezdUlEixlEkCZ3htmuSjZDcfQXtLNX-j9fftlLac-ldzu0l2-Sn-HyaLYTcVQUO723mB4VDfWMlMEs1i7n3TroD8Cmtq8EUHUgemb-lS86I7Svdhrz_o2DI_XMbH8DNL4RdGokP-WkGPMmUURe6nBiUZ98dUEQ88gHxqeygc2HX-7h0qaaarvT7Egfj7zEuLQU6P-Ajb9kzAfYTKqLIYyAk3q12OAN44W5NYBUBwK1M5PfGovIyQRl12LH8Rrx97ZqN2zD9jrk1Xba1VZCHS-t6EhUUCFq6qLk7UFDLQAqUIRsuF24hbXACslM9QMrWB-u-FS0t5XYaPRClcZg
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.de.cloud.ovh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame CA56 118 KB
40 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9D32
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

24ms
24ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H3
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Redirect headers

date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 20AB 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbHDgOymVY9yQE73Y7_UPmciDsAoAAAAAOAHgBAI&bg=!WVqlWh7NAAYgquz3AKo7ACkAdvg8WshAlIUmsyZn-OK6hCzH65IMv7EOdDFY0azEg1ihh2bxuXABSwIAAAH5UgAAAANoAQeZA0bd4fiNGW_Qkb71CRHSv3rK--x7AwMx_FjvudMNgIS2QcVSe4iP0wVyhTNwN2GRVKGw4igv0bKU4ndR_PUP4fvEmm8KUICUBygFmNNzlERWloclEEHxjKMPXMtnrpSwCmfXPJT96I1E8QHUw5nVdr3bz2Qp7iAXWUWt1qytF1cET93kUf6hLO6yIR_NSmrY5E_LP_vhUNafD7WDjKIJly0w91UzzbQMfViv3RANbpt2hWuWkNWbl6u6L_IZsnd-4g1mFB4uxF1wCGoJQ7RyokSKQCNjKOhn3bohwmkekJxlpT865sBVSWRuwOzJVV7LGBO_1A6vJldmDK0T0CnEYAQKittD_VtWRG8ieTdD595sUSWdNjS2_lcDBAnsKTKF8LnI6K8vsMj4VHs0V3CAL6RElk8q7iqzJJytth2SeFNNETSX0BzlKtHZBIi-Yg1jy6m6uTkG3xETxzWSBkgepljWMJNPXzcZITk0JUKSSY2IOW6tVKg3WDPLlixRN7XiaDGYQ9U7WPfhIH_6xQJyAQqhKFYdKp6iaoYrkPllmAbejTqke7dgq9SespQj6mUN6rXebchL4oRlWW9uFWgKu3eleLPnQo6POG_LErZaq-LPvyerZHaY8puhkxI15BarC8WwUXmG_GnSe6GTrSL16myC7sCXsJFWA7cRZx9R9gqK15rnw4dmVPBB-PF8H92S6Yk22Ef2gmHAmzjLAhqnqfwtkXJHhg9Wa55lTUFF4SeZNZD4RAaekt1Z0Q_ARkb_pkw3XbORBtoukNMP4L9OzQOrNtHR61AzUMp4qaFMLo9w0oBYqv6D2JQyfxKJhXez9X51GLRpLyWJI6VdVvkwekHQvsEP_PgtVIWEcG7Ha9aCAQLQWLcxveY5uxmOnve35W8XG5_IIFm9CpoH-J18PGtIK4POBVzZwQsduHnUOPkX1NgaVbuIX_ViMv0d5RqaoelhSdUeFMAYBTen0F8K_OjLMKS1pdOQbY1WK-10_ik93s6VlXyNlhKpgWmKsSj3bWVb7Pb8_RjDARREiGgBgPls2_LvMnBHQ2uiXcGBs6TC57L2tx3xUXU3471pj3f0H0MyRHsUtIzUYlJZfKEikCfYU2MGwG9v

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9C2D 41 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 15:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465453
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 15:32:31 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 12AE 1 KB
643 B 8ms
8ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55185
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 09:30:19 GMT
etag: 48472445140208031
expires: Sun, 11 Dec 2022 09:30:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9C2D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dae3cf6016ee9ff84c652cc0da9dc9d3b05345cdf8d928cdb6a8a4a42af8f386

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 82C5 17 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:04 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D42D 0
737 B 10ms
10ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=2003356&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=2003356

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:04 GMT
AN-X-Request-Uuid: 4401a6ea-9ffb-4c96-9e97-fe1906301614
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 074D 0
737 B 8ms
7ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=2003356&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=2003356

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:04 GMT
AN-X-Request-Uuid: 347f27ec-b4bd-4106-93d7-cab512412202
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame DD83 0
880 B 15ms
15ms Ping
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fi.afly.pro%2FLclT&e=wqT_3QKhDfBMoQYAAAMA1gAFAQi60tScBhDXxOzl6KGasSkYpaSiwfDN_MdNKjYJILqgvmWOC0ARVi2dmsFr6j8ZAAAAIIXrCUAhVi2dmsFr6j8pH7oJJNAxAAAAQOF61D8wxtjPCjilFUCcWkgCUPiTibwBWPq8lgFgAGiztyt4kNkFgAEBigEDVVNEkgUG8EyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTI1MDE4NywgMCk7dWYoJ2knLCA3NzU4MTI4LCAwKQUULGcnLCAxOTQ3NzY5MxUpMHMnLCAyODAzNTM4MTkVFjByJywgMzk0NDE0NTg0BRbwtpICzQUhRkpJeG13ajNsdnNaRVBpVGlid0JHQUFnLXJ5V0FUQUFPQUJBQUVpY1dsREcyTThLV0FCZ2JXZ0FjQUI0QUlBQkFJZ0JBSkFCQVpnQkFhQUJBYWdCQWJBQkFMa0JvaTQ4ZEZjYkNrREJBUUV4NURsbmpndEF5UUVBQUFBQUFBRHdQOWtCY0Y4SHpobFI3al9nQWJEQzJRUDFBUU5PYmtDWUFnQ2dBZ0cxQWdBQUFBQzlBZwE58KpEQUFnRElBZ0RRQWdEWUFnRGdBZ0RvQWdENEFnR0FBd0dZQXdHaUF3NEl6OTd2SmhBQkdBSXRBQUJ3UWFJRERnalAzdThtRUFzWUFpMEFBSEJCdWdNSlJsSkJNVG8xTXpFMDRBUDZMNEFFeUtqTENZZ0V3S25MQ1pBRUFaZ0VBYklFQ1FqcHVTNFEwc1dqRGJJRUNRaW5oMUlRMHNXakRib0VVQWlRQ2hFQUEBrxRBRFFQeGsFCgUB2ENEcHVTNGd6YktvQ1NDQmo1UU1JTmVRbEF3ZzFNaWREQ0NyeVowTUlNVEpuUXdnek1tZERDRDYFFFRONkdqZzBnNW9hT0RTRHZobzROd1FRBVcFaAg4a0UNDQEQFFlCQUR4QgELDQFcaUFYQ0taQUYtNWRWbUFXYnVOZUZBYWtGDR8UQThELXhCEU8UQUFBd1FVAQcBAQh1UU0JKBw0RWNoempfUi4oAAAyFSjwQ0R3UC1BRmhZTVY4QVc5NmFRSi1BV0x1Y0FDZ2dZRFJWVlNpQVlFa0FZQm1BWUFvUWJhRzN4aE1sV3dQNmdHQkxJR0pBPSwAQh3PBEJrAYgJAQBDHRhETGdHQ2cuLpoCmQEhRnhpZ3hnOtEC2FBxOGxnRWdBQ2dBTWRvYmZHRXlWYkFfT2dsR1VrRXhPalV6TVRSQS1pOUpjRjhIemhsUjdqOVIJagEBBEJaAQYJAQRCaAkIFEFBMEQ5cBEMDEFBQngdDAw0QUlrNXjwsDhEOC7YAuoQ4AKm6FTqAhdodHRwczovL2kuYWZseS5wcm8vTGNsVIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_eQrgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQKODEuOTUuNS40MqgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABLfgtSLIBADSBA8xMTU0OCNGUkExOjUzMTTaBAIIAeAEAfAE-IHMIIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC7gAAADYBQHgBQHwBVn6BQQIABAAkAYAmAYAogYOMjcyNSNGUkExOjY2MjC4BgDBBgEwMAAA8D_QBq1E2gYWChAJERkBXBAAGADgBgHyBo8BCPuXVRKIAV94WllQVyXw8EBEQUFrQ0JRRUkzcGZMQ0JEeGp1NENHUG0xdUFNZ0J5Z0FPZ1VJeWJhNURrQ0MwTGdJU0p6LXZBaFEtaTlZM0ROeDajAQBFNaNUQUFDSUFRQ1FBUUNhQVFJSUFLZ0JBTC4gADRBLoAHAYgHAKAHAboHDwHnSBgAIAAwADi6BkAAyAeQ2QXSBw0tEwROQAHGCNoHBgknaOAHAOoHAggA8AeU-QOKCAIQAJUIAACAP5gIAQ..&s=40701ac224b05f1d08c8d8395f12fa4266b3e17c&type=nv&nvt=5&jm=1003&sid=7628096501862805038&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22277190&sw=1600&sh=1200&pw=300&ph=254&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:05 GMT
AN-X-Request-Uuid: 5c63d7f6-6277-41f5-953a-415f499ab318
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 82C5 98 KB
98 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:44:30 GMT
x-content-type-options: nosniff
age: 335
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 00:59:30 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 82C5 57 KB
57 KB 13ms
12ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:47:30 GMT
x-content-type-options: nosniff
age: 155
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 01:02:30 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 98F3 0
880 B 7ms
7ms Ping
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fi.afly.pro%2FLclT&e=wqT_3QKhDfBMoQYAAAMA1gAFAQi60tScBhC84d7_wP-svDEYpaSiwfDN_MdNKjYJILqgvmWOC0ARVi2dmsFr6j8ZAAAAIIXrCUAhVi2dmsFr6j8pH7oJJNAxAAAAQOF61D8wxtjPCjilFUCcWkgCUPiTibwBWPq8lgFgAGiztyt4kNkFgAEBigEDVVNEkgUG8EyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTI1MDE4NywgMCk7dWYoJ2knLCA3NzU4MTI4LCAwKQUULGcnLCAxOTQ3NzY5MxUpMHMnLCAyODAzNTM4MTkVFjByJywgMzk0NDE0NTg0BRbwtpICzQUheEpHN1N3ajNsdnNaRVBpVGlid0JHQUFnLXJ5V0FUQUFPQUJBQUVpY1dsREcyTThLV0FCZ2JXZ0FjQUI0QUlBQkFJZ0JBSkFCQVpnQkFhQUJBYWdCQWJBQkFMa0JvaTQ4ZEZjYkNrREJBUUV4NURsbmpndEF5UUVBQUFBQUFBRHdQOWtCY0Y4SHpobFI3al9nQWJEQzJRUDFBUU5PYmtDWUFnQ2dBZ0cxQWdBQUFBQzlBZwE58KpEQUFnRElBZ0RRQWdEWUFnRGdBZ0RvQWdENEFnR0FBd0dZQXdHaUF3NEl6OTd2SmhBQkdBSXRBQUJ3UWFJRERnalAzdThtRUFzWUFpMEFBSEJCdWdNSlJsSkJNVG8xTXpFMDRBUDZMNEFFeUtqTENZZ0V3S25MQ1pBRUFaZ0VBYklFQ1FqcHVTNFEwc1dqRGJJRUNRaW5oMUlRMHNXakRib0VVQWlRQ2hFQUEBrxRBRFFQeGsFCgUB2ENDbmgxSWd6YktvQ1NDQmo1UU1JTmVRbEF3ZzFNaWREQ0NyeVowTUlNVEpuUXdnek1tZERDRDYFFFRONkdqZzBnNW9hT0RTRHZobzROd1FRBVcFaAg4a0UNDQEQFFlCQUR4QgELDQFcaUFYQ0taQUYtNWRWbUFXYnVOZUZBYWtGDR8UQThELXhCEU8UQUFBd1FVAQcBAQh1UU0JKBw0RWNoempfUi4oAAAyFSjwQ0R3UC1BRmhZTVY4QVc5NmFRSi1BV0x1Y0FDZ2dZRFJWVlNpQVlFa0FZQm1BWUFvUWJhRzN4aE1sV3dQNmdHQkxJR0pBPSwAQh3PBEJrAYgJAQBDHRhETGdHQ2cuLpoCmQEhRnhpZ3hnOtEC2FBxOGxnRWdBQ2dBTWRvYmZHRXlWYkFfT2dsR1VrRXhPalV6TVRSQS1pOUpjRjhIemhsUjdqOVIJagEBBEJaAQYJAQRCaAkIFEFBMEQ5cBEMDEFBQngdDAw0QUlrNXjwsDhEOC7YAuoQ4AKm6FTqAhdodHRwczovL2kuYWZseS5wcm8vTGNsVIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_eQrgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQKODEuOTUuNS40MqgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABLfgtSLIBADSBA8xMTU0OCNGUkExOjUzMTTaBAIIAeAEAfAE-IHMIIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC7gAAADYBQHgBQHwBVn6BQQIABAAkAYAmAYAogYOMjcyNSNGUkExOjY2MjC4BgDBBgEwMAAA8D_QBq1E2gYWChAJERkBXBAAGADgBgHyBo8BCPuXVRKIAV94WllQVyXw8EBEQUFrQ0JRRUkzcGZMQ0JEeGp1NENHUG0xdUFNZ0J5Z0FPZ1VJeWJhNURrQ0MwTGdJU0p6LXZBaFEtaTlZM0ROeDajAQBFNaNUQUFDSUFRQ1FBUUNhQVFJSUFLZ0JBTC4gADRBLoAHAYgHAKAHAboHDwHnSBgAIAAwADi6BkAAyAeQ2QXSBw0tEwROQAHGCNoHBgknaOAHAOoHAggA8AeU-QOKCAIQAJUIAACAP5gIAQ..&s=3ba3f6d7d9ae9fdbde56d1f09d7d7cfd20b2a2a9&type=nv&nvt=5&jm=1003&sid=7628096501862805038&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22277190&sw=1600&sh=1200&pw=300&ph=254&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:05 GMT
AN-X-Request-Uuid: ff344ce7-9f61-44d5-8ab2-62952ec8a27a
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7C27 15 KB
6 KB 25ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=i.afly.pro

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://p.jcontentcdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 00:50:04 GMT
server: Kestrel
server-processing-duration-in-ticks: 1907843
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 5FC9 89 KB
29 KB 19ms
18ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 12 Dec 2022 00:50:05 GMT

GET
H3 200 aspira_heavy.woff
s0.2mdn.net/sadbundle/12015261515640113651/ Frame CA56 48 KB
48 KB 13ms
13ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12015261515640113651/aspira_heavy.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed9d26bb70cd13054b952651e6cc9e02584c4078969248c36ed93f1b149e05e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 00:16:07 GMT
x-content-type-options: nosniff
age: 88438
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49012
x-xss-protection: 0
last-modified: Fri, 19 Aug 2022 18:11:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 00:16:07 GMT

GET
H2 200 14d96d8a1935f8de42a4.1.js Show response
assets.scoota.co/serving/31252/ Frame DD83 5 KB
3 KB 12ms
12ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/14d96d8a1935f8de42a4.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c07e5dc36be5aab35856aaaebbad2afa60a0d1db47eb33677bc81d5e0ec7534d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 05:50:12 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 68394
etag: W/"5272a6a8c44818f8ac42b1b9b95b508a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: l3swgAeh7XSwVUYR7ZX_lGGkxhBpO1ZStHlg5X0UaXLWK5CN6lsN0A==

GET
H2 200 14d96d8a1935f8de42a4.1.js Show response
assets.scoota.co/serving/31252/ Frame 98F3 5 KB
3 KB 10ms
10ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/14d96d8a1935f8de42a4.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c07e5dc36be5aab35856aaaebbad2afa60a0d1db47eb33677bc81d5e0ec7534d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 05:50:12 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 68394
etag: W/"5272a6a8c44818f8ac42b1b9b95b508a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: dwMwjnEefoLL6XDGZmkp5AWzsRs0bM0TY6249QKOpHrEc2IpokqCxg==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CA7A 22 KB
8 KB 10ms
9ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 465441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 15:32:44 GMT
expires: Tue, 05 Dec 2023 15:32:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 12AE 43 B
350 B 80ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESECHlsBQQqaOo0LTDSSDK3Nk&google_cver=1&google_push=ASkJ3FaAN70zzu0JyVwvUAJ4FrKX7fTSy6b1i0AkfXZvsXUpLBb8j6bVNc4vakO8jaiw3i-pynC78uQMCm59PJCUelPA-EHBg_Xf
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: kgsl08o7rm0btrinipn76s2265iu46d9

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 12AE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBqD_qlCP7KlCmHwvVA779w&google_cver=1&google_push=ASkJ3FbaupvXauIHsB5VTGEHpe_mh5MhETLcWGkoSjoclmhNwVk9V1yZ082Ln2B_DbaDg9csTgm...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJJTkZNMzktSy03Wkkz&google_push=ASkJ3FbaupvXauIHsB5VTGEHpe_mh5MhETLcWGkoSjoclmhNwVk9V1yZ082Ln2B_DbaDg9csTgm9TdNP2KRZCkNNgWiOqN8fs_7gog

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJJTkZNMzktSy03Wkkz&google_push=ASkJ3FbaupvXauIHsB5VTGEHpe_mh5MhETLcWGkoSjoclmhNwVk9V1yZ082Ln2B_DbaDg9csTgm9TdNP2KRZCkNNgWiOqN8fs_7gog

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJJTkZNMzktSy03Wkkz&google_push=ASkJ3FbaupvXauIHsB5VTGEHpe_mh5MhETLcWGkoSjoclmhNwVk9V1yZ082Ln2B_DbaDg9csTgm9TdNP2KRZCkNNgWiOqN8fs_7gog
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 12AE
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEBsO686fBt5yaKurEXYp4sI&google_cver=1&google_push=ASkJ3FYwS406quw2h6qYYSr0lODzuEYGzrmQCODNPplnT4AOvlIfLcmjimpvh7D8qojfHd5abtlgsAxgcFv9xTbM3...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3FYwS406quw2h6qYYSr0lODzuEYGzrmQCODNPplnT4AOvlIfLcmjimpvh7D8qojfHd5abtlgsAxgcFv9xTbM3d9cioRTGzzs&google_hm=Fy6SvBZH3hatdsOISZ2afAD-

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3FYwS406quw2h6qYYSr0lODzuEYGzrmQCODNPplnT4AOvlIfLcmjimpvh7D8qojfHd5abtlgsAxgcFv9xTbM3d9cioRTGzzs&google_hm=Fy6SvBZH3hatdsOISZ2afAD-

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 11 Dec 2022 00:50:05 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3FYwS406quw2h6qYYSr0lODzuEYGzrmQCODNPplnT4AOvlIfLcmjimpvh7D8qojfHd5abtlgsAxgcFv9xTbM3d9cioRTGzzs&google_hm=Fy6SvBZH3hatdsOISZ2afAD-
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 12AE
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEC3IzczHr-2ICmV6hy6u2ro&google_cver=1&google_push=ASkJ3FYvqZIydbzJVPBccdkAkR1ly8uo-jKkiID9WBr_v1_lvLcxeENycyV0MEfDbb6bJiFl3pEUSjfCPI9...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FYvqZIydbzJVPBccdkAkR1ly8uo-jKkiID9WBr_v1_lvLcxeENycyV0MEfDbb6bJiFl3pEUSjfCPI9_B_NVxHz6X8yMws30pfY
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
9ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 12AE 0
12 B 18ms
17ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LusNj6a-OctPBN1n5sgBN1PQHnWWELI6WdpcXUkrwmqdztnKeZOg

Requested by

Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 6C12 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0D6 0
20 B 49ms
48ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTB5dOymVY9jlGpTD7_UPiquloAYAAAAAOAHgBAI&bg=!8fKl8rbNAAYgquz3AKo7ACkAdvg8Wv7R_A9E_sleOKqH6ENFl44QJRz70RxgOk-cVGLwe8yrGKJ16wIAAAKlUgAAAAFoAQcKADcxKMm2mSUarsc1CF1OdU-X3gqTNr81iyRyJW0BpLGZqb1-rCT81BcdnZo3l63YMHuFSeKLf9ntmQLnIl21z1U9OJd_CUzfL2e3-WAzcKn4J5pCVGkUKQrhIEwSsEjNkfxMpZI3cdnQ1VJg1LAEAhWSbGxmqYcDTqj2PWpFv4A9GJkuC7g4GcIBRv-91599fkKuqDlJCgg7quBk9Jq27twXiNicZpxnZxtfgUc7LSupWlTFo2IKVqVHd0CFB6YkB3XcZiy06DZp8SlvxQ9qzRFC0ZhJSQXYo0APdmI6DdQR1h1F-omE4gMzP0Sgy3CdAj570r0zbddmFYRJxbOAffLZ0nOyZxZlhlRxbfXTsB136YyNa3OrQGHEIMw3rXnOOn3MkSzbsZLrTccMkAJAZsRELRHk3UNgsUjUO_rB25xtpihluvyzeRPHn0NjhWf5lshV5nyb7GVOMuXtrmRpjJ7oz3_Cj_5qn6FzQyq_uFvlxVIJ6Kxov1NXEiDkOKe_UypWaViwdSVA_rUJmjYtsur0fo3UTpozeXozLlksWNWGOF8tX9iDL77IZ7rOF4RpOTjlhg94w2WK1QAAMSK5GKjI1LgwVYRGRG9Sixv0DAsiknUb-ZzG1Zub3Glyb5dvA6nHZ4mNeJlnfecNYx3FrKb7ddV7FNJhJFE_agNNjtS8t8BhOi_sr-xaLbthsWt3moTHjo16L_593H4thZJe-nIv4tMYoAHfRRapyw7HCzglyj6XeQC31xrJWol-7YE-nh9SOBfUM8rISf_j3kYclP8Jb8_AokJY-QLNFPWLvOkrEIkaSBXNZy_YVI9oOSl5JLOLlWDuDq9yN9mZW7UmB6QPirshDfR3eTZc0SC5jFf4WIO23Mo6KV6TULixZpl9368HoPkGSlkv8IU7GZ85nvR1h4mwqXe5FLXw_sNju3VVfY_NOs-__XVa8Q-6TztcYlfbipMkalY6ZZtmq27-H4NFCjdGEv6pZa40F9DQ-WAdSKwi_mEgGTl9ypJb-oHQw4baLbxHeK6a507MYqhMNMxihudK-fjf5s13biCIedhMJWE

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9C2D 0
0 47ms
47ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstvp2A2PDoTaAdoJ9-cdp-PpfoDDenfeQf5a2emmxu6A8ohQdo98piSUpoYUzVooepWUo8f5CTtu5mgwZ933QaXiGCwHHcFL2cTDLPH6o6HChsH_CqZIeBE5OJSeKxr4b5_aspK_O31waRBLivS_2Jd-w3ecQamDiGJ1l6uS5OqTI575Y8Hu-Z9NvqQp-cVz7nR8vXsv7Yyv7CKAZ3k5Ku4Zi3c1k7IIvVxhn5jZlkF8l6F-7ENErhpAOqo_uw8Me6-7xPS-ZCIISmsRuQGaaW7Hb_nbTTNfTsNMmsroxpv4kca7lhXS_dyeQzif7syAnIrkT7xPrtsSEIhrKwXdFfbDZWA6CgDz4BZ49ILafsweAnWTDqxsZVvVOX9Q4ipq7u7yJtanAKDMCowFXw6MIaCPGHbpMKhoFvyhL_l4UofN9RSE53dimtfDjrDKv3Dre372epheUH0ELNOTJrMabBYt3DKbwutphdYWNJLapDyE-PVFkbCQEAairj0uhV-MHc3D1TRilypj27-4wCRE_RFfYGhmNlPUnu558V4GcU1Rzw1zwUrMTP00RCv1Q_vKFLBc1yECEfZjb8IQM4vtvpp7r00Y1N8eJcBFU2KXK_BM4adbMEL0W7dKKrII5a_F7ZGsl8-AdNByZxX5uIhDgFUblDkcCWp-H37JXuyO-t7iDojop_NpKA9csdcrbP3dvDW3UicnXkZm-S7WW8hxbT1pB7d8GLFnJEgar_45n8qtY1BAWklnu_3_tl1EPNDfAW257AH-vg5njQVsnwFSv1oTPIefWiFun7k5q6fFZRaBvjf59UYqIcW7pHcCdEXRXNjk0YsCZQyT9lw8XuxnRTDjVXH6A75qngSbBuhC-7B_ua25y-ZcEdHyoOpOGxwggJlNFlH8pzMcXdfo2TYytNarfrAvX_WbWdOnTRYuVTYtgbcq1LJvnnmaNSXSOY2YtctpSFmG51HYo9SXkuRVvjtkH2stMp_by4isMhsGEAqcO5-MAH9SRfZ0qgUVc-ThvDoPrLpNQeUPvsKdKiGCS_WigOBpcUT3_b8HbidMNc9uMvIdii_IxbQ31p6rwyFlzl-rbkjw66Oqc6srKGlCGBuVej2GuHYisCd8yx8t1z2p89ds-uEHtAFanHAvsdBQD4KDeOnAgZBxBaZybZH9gcLc1UZuQkLtw6V3jKoF82JyXUL_uqqb95BrTGcjSs_ZIyORBzXL6DJX0zMM0mvUJnic8htsxgq6fs9KUXVDk-fOQbFkJ6ImLQ&sai=AMfl-YR9WBVoZcVc2_pvepWIMud98a78X8bJQT-i0nSwMS32xOpLM4vE0CZ1JH9MHACjC7I6QalSCm-wN0hCLA3gOPAo9EXCjqNaA_jGnQNwqvrsFyCblYPaYVDj4avr4btb0Q8kcSfrlx-k8pIiX9xPCHYtQm1S44VGNI16qTjsIo71NXE6J2-2R6vV69D3uR2HQxzbN_mT7BRJdRUIx_2qaSONBR43vW4ZzSCXCOuq12VwgB1LoTD-J-zQ_eMyGRagaS57XF2tIiA&sig=Cg0ArKJSzPvqqsAViphREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=716&vt=11&dtpt=446&dett=3&cstd=266&cisv=r20221206.80646&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:05 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7C27
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=p.jcontentcdn.com&sn=ChromeSyncframe&so=0&topUrl=i.afly.pro&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=HzILrHxpWklnNTRJSXk3UWRNWXZKOThQUVlYdXNaWXdXTVVhM1BRNDJoelI5UlpNeTVEakFpRFh4QzY1ZHUzaXRJMlRWTitIZ0hSeHk3TUtmenMwQ00zU2ZZbHBOODEyYnNkMFJBYjVocTFhcnhWQWZ3QkNkV2M5Z2VyOD...

425 B
654 B

17ms
16ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=HzILrHxpWklnNTRJSXk3UWRNWXZKOThQUVlYdXNaWXdXTVVhM1BRNDJoelI5UlpNeTVEakFpRFh4QzY1ZHUzaXRJMlRWTitIZ0hSeHk3TUtmenMwQ00zU2ZZbHBOODEyYnNkMFJBYjVocTFhcnhWQWZ3QkNkV2M5Z2VyODBQQ2tyZHFXK2h6Ulp2OStuZExJU2tieUQ5KzN1c1JhUWxPT0hVT1hTSGNRTkE2ZFFVd0Fmajl4cm56M2VtNmRIdk5EeDN5aUQrUVVmOWh4WElVM1FWbVVLci8yVXBuWjBRWHV6QmJPdmhXQittalpuODlrb1NYN285dmdSck05a0M2ci9uMkxKRjk0N0xTUitZU3ZWSENMNnNOR2hCWFFUb3ladXBxOWNMZmEyTlRkeTBmND18&cppv=2

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0cec86f4e20491454c49840f3e5e4bc83f664d942c192e1044ab49b14a916c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1738080
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=HzILrHxpWklnNTRJSXk3UWRNWXZKOThQUVlYdXNaWXdXTVVhM1BRNDJoelI5UlpNeTVEakFpRFh4QzY1ZHUzaXRJMlRWTitIZ0hSeHk3TUtmenMwQ00zU2ZZbHBOODEyYnNkMFJBYjVocTFhcnhWQWZ3QkNkV2M5Z2VyODBQQ2tyZHFXK2h6Ulp2OStuZExJU2tieUQ5KzN1c1JhUWxPT0hVT1hTSGNRTkE2ZFFVd0Fmajl4cm56M2VtNmRIdk5EeDN5aUQrUVVmOWh4WElVM1FWbVVLci8yVXBuWjBRWHV6QmJPdmhXQittalpuODlrb1NYN285dmdSck05a0M2ci9uMkxKRjk0N0xTUitZU3ZWSENMNnNOR2hCWFFUb3ladXBxOWNMZmEyTlRkeTBmND18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 849227
content-length: 0
expires: 0

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiO...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 82C5 150 KB
151 KB 10ms
9ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiOjUwMCwiZml0IjoiaW5zaWRlIn19fQ==
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 47cbdcc8fd93889fd743dd5b15b167780fbd1b785ae0af0c6e8c4e327a27248e

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:51:06 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565939
x-amzn-requestid: ba640313-3fa2-408a-90bd-83f68a6125fa
x-cache: Hit from cloudfront
x-amz-apigw-id: cBebbFSEFiAFuAA=
content-length: 153979
last-modified: Tue, 22 Nov 2022 15:10:19 GMT
x-amzn-trace-id: Root=1-637d4448-71c824654051ceb424f50bd1
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: DFbiOILvAolNqQOIumzQSkeWm-ztmRDkGlw4M7AP35J8ZZNqCiKr-g==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJzdG9lcmVyLWdicGx1cy0yemVpbGlnLTJlOTFkNDI0Ni0xNjA1LTRhODctOTg1OS1kM2NlZWZhZjY3ODcucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjo2MDAsI...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 82C5 74 KB
74 KB 40ms
40ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJzdG9lcmVyLWdicGx1cy0yemVpbGlnLTJlOTFkNDI0Ni0xNjA1LTRhODctOTg1OS1kM2NlZWZhZjY3ODcucG5nIiwiZWRpdHMiOnsicmVzaXplIjp7IndpZHRoIjo2MDAsImhlaWdodCI6NTAwLCJmaXQiOiJpbnNpZGUifX19
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12809638294083468348/1661867165592.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5441af786457415967493aeb981685f4b501b786df64d733bfdebe3368f02b66

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 21:51:05 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565940
x-amzn-requestid: 181eb211-e4b1-484a-a088-2192dc7c9891
x-cache: Hit from cloudfront
x-amz-apigw-id: cBebbHdZFiAFd7g=
content-length: 75274
last-modified: Tue, 22 Nov 2022 15:09:05 GMT
x-amzn-trace-id: Root=1-637d4448-4bb6949409e15959475087db
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: 2Rqr_DUe0hUZsN-0a7ZHtd3YRuPyY9zjhAFp5uLT3P1fqRu68uekjQ==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F5DD 42 B
64 B 51ms
50ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssi27AcWqhLd5oVxodwIb6JY_luCM3zFVxQLT7WqhfiZqg-k3fKF9lyTPxE8tlickFVtnpUpAbdMEABHVDoduYCnLRGPrDsMBRgePitwkk9pZuCiZEzjr14xl7MuEIKrzBEhjQzHw&sai=AMfl-YTSCUN3BdLsN2rMzBbGw4pSeBPiTXSKeAUUjXEPXFQvD2osUEuveowiXP6dHRWVdllDnIMJKAczPUxC2j8xsF83GgNbRud_FKJjbclRDkcy_FMovH81lWqI6JJZRDa_EwQylqTq06Hu66tzz8w&sig=Cg0ArKJSzPa5GsrHHaUhEAE&cid=CAQSSwDq26N92H9HC2X3u_aWYx3vSGGEfzoPpwZai7TEJkZc7-IxijwM97cGfkv8MY9_hHgrC_S52aUhp9akU9GlAqWSzt5Ismz8dYpFUhgBIBM&id=lidar2&mcvt=1029&p=486,650,754,950&mtos=0,1029,1029,1029,1029&tos=0,1029,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&vu=1&app=0&itpl=20&adk=785132224&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670719803554&rpt=608&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C7B7 42 B
64 B 52ms
51ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstamNhgQNoSESu1soB8XqCUBB_u-ASiT5SXuMewBNRJoxDik9SyQYQO0hfehWM-NnLD1Rf9aX31sYsCQav2gpZFL1Pj70pj-gugtYciUthnF33Bjv5IXRfTI9cUqjGG3i8e81vuNw&sai=AMfl-YSHKGbnU0Fnn3dGjszJxTpc3fBR3CLco3CXH1L-z97Ndw2OVuDp7acdk0bVtrKGe5HYyElK2j8vbR6KlJ0sAgvCEB58AmYMMQfwcSy5Z_TrytxxpX2DEDfTDDFL3GbTcraE9HgyUXT3yl_hNMBA&sig=Cg0ArKJSzJD1d4mjIeiiEAE&cid=CAQSTADq26N9ZqDNozvP5H0TCDPN7N6hj3b9T2N-qn11AA-EmSrzFd_lCFhxEKDJ7duslJ2ud8qyth0Ely_GCJJrEbfQf_QGHDEvUPn34kgYASAT&id=lidar2&mcvt=1031&p=125,650,375,950&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1523605918&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670719803476&rpt=668&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CA56 7 KB
6 KB 25ms
24ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45968f065df0b1ce1ae15613c29529738aa5f09e5ecc9979ef8c46d43271e45a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5641
x-xss-protection: 0

GET
H2 200 pro.afly.i Show response
domains.scoota.co/domains/ Frame DD83 2 B
278 B 255ms
200ms XHR
application/json 2600:9000:21f3:7400:c:e236:c200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://domains.scoota.co/domains/pro.afly.i
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:7400:c:e236:c200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/json
access-control-allow-origin: *
content-length: 2
x-amz-cf-id: Ma8hkVpwJParyKpKejtB-7J8Vx_UULEuncohCzZ6bfkxMAiTM07I_Q==

GET
H2 200 pro.afly.i Show response
domains.scoota.co/domains/ Frame 98F3 2 B
261 B 248ms
201ms XHR
application/json 2600:9000:21f3:7400:c:e236:c200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://domains.scoota.co/domains/pro.afly.i
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:7400:c:e236:c200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
content-length: 2
x-amz-cf-id: eyrAi86K06Wd0aXbaLpo9d9MNhHS0Guckwoaa15DIplkIcX4LUtN9g==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 35EB 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvoLW-oBiBSkj3xh5b7ak2IIF114AwNJdzdVEtO1hH7qFofFgqjOqP8AeeHFZnJEcEpR6TI1pmykQLfbro_CLxLuXya9oqPrPtqJ6yv4M1m8OxbituYpniCVJv8rIk1Y12teSCcC7LA2mIxcGRrxHx3t0NrlwOEQXv3LoDXvueQ9hbPv67Mhw1lmEo7SLqZkJ9GX2ZgqoSTVTNRtiUEthODjm6cKBx60Dm7caN1QWtNSIFgKUz5pjiJ0v7ixbVpVk8RgHH_CuIfH_ihB9TELrPgu-91RfLfOmH0zb2yoIaXQPjzSfIrA9_2mA0r8c0nMSBNhfhtfB4&sai=AMfl-YTN8kyvGH-i9Cw1iJwfPLEEdqN8Plcbjmg_MXNpIJtYOu4TXp0QT0tXRTvmqLfZdyaWCdFxDcmzixv5kuKpz-W_3Z1VTMKFGcmxtvpQAKT70C6_U9UE2L7mRowyQ3nu&sig=Cg0ArKJSzIbwaD_k0euUEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 00:50:05 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DDD1 42 B
64 B 58ms
57ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss2-sxGmDgEQsWybFv9OFBOcFeTJ1sSWJDzBoYizsJRDYoRYLTjoId2IWPHL8lZk3ZtA3iFoQ3eKKfhnFDi2OPl18B0AYBAwwYzsgm6v-tostDT7sbCdHfRQ8mBwkFcSeJJDTZO6w&sai=AMfl-YRvr1eyHK9PUfFea5689aetnJ3F3YXUxKHShNV1fbYxQJOQyLcjBZ0q3agojMeDRYHZ6we29mv0FiL4bYUZsymXHNBKcHVNkLJORz_hNUvdol3KAUF7lXOMDMLQRZeRUsK0RhbnRcZKDHjvWCp2&sig=Cg0ArKJSzJzbvk6bb8XdEAE&cid=CAQSTADq26N9x3ExK2BLBeF-AyBKObFLX8hYQw5Y2tfdDaytmHxgKIsEJMMqdmiiO9prdR88sFmPYY3HQNXjn7xJfuuorfnwwA5u25MghlQYASAT&id=ampim&o=650,616&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1033&mtos=0,0,1033,1033,1033&tos=0,0,1033,0,0&tfs=551&tls=1584&g=100&h=100&tt=1584&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame CA7A 36 KB
16 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CA56 17 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 00:50:05 GMT

GET
H3 200 Learn_With_Chegg_Vertical-_1.png_1661995732154_Learn_With_Chegg_Vertical-_1.png
s0.2mdn.net/dynamic/2/10998860/assets.chegg.com/image/upload/v1642528883/brand-assets/Logos/Chegg%20logo%202021/Learn%20with%20Chegg/ Frame CA56 25 KB
25 KB 13ms
12ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10998860/assets.chegg.com/image/upload/v1642528883/brand-assets/Logos/Chegg%20logo%202021/Learn%20with%20Chegg/Learn_With_Chegg_Vertical-_1.png_1661995732154_Learn_With_Chegg_Vertical-_1.png

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96f0df0872141f884e0135a0849ed55968377000782c76ceadfa48417b78f0fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 06:20:02 GMT
x-content-type-options: nosniff
age: 66603
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25666
x-xss-protection: 0
last-modified: Sat, 10 Sep 2022 06:13:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 06:20:02 GMT

GET
H3 200 60010569_20220818065906623_4yr_v1_728x90.png
s0.2mdn.net/ads/richmedia/studio/60010569/ Frame CA56 29 KB
29 KB 14ms
13ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60010569/60010569_20220818065906623_4yr_v1_728x90.png

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd302cd177d4c4536184a1a9577dab0e196e9b794ed64ddb03d2df9fb80bbb6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12015261515640113651/index.html?e=69&leftOffset=0&topOffset=0&c=LNFJN3QsKN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 21:29:55 GMT
x-content-type-options: nosniff
age: 12010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 13:59:06 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 21:29:55 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiO...
d1dgf5fdrpyfo7.cloudfront.net/ Frame 82C5 150 KB
151 KB 14ms
14ms Image
image/png 2600:9000:223c:a600:b:90c6:35c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1dgf5fdrpyfo7.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJQaG9uZV9Eb3BwZWxraW5uZGYwZjg1NDAtYTM5Ni00YjlmLWFlM2ItZDkxOWJlODA1Yzg5LnBuZyIsImVkaXRzIjp7InJlc2l6ZSI6eyJ3aWR0aCI6NjAwLCJoZWlnaHQiOjUwMCwiZml0IjoiaW5zaWRlIn19fQ==
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a600:b:90c6:35c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 47cbdcc8fd93889fd743dd5b15b167780fbd1b785ae0af0c6e8c4e327a27248e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 22:05:08 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1565097
x-amzn-requestid: d2385a93-1242-4fdd-a652-8728ac92275e
x-cache: Hit from cloudfront
x-amz-apigw-id: cBgfAExAFiAFfpA=
content-length: 153979
last-modified: Tue, 22 Nov 2022 15:10:19 GMT
x-amzn-trace-id: Root=1-637d4793-34e24a777c49a6b0008ee32b
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: x5HOR7cr5cbLbOHsYcxMkEizv_xwhWcafmwmHPgH335-MA9kkQG8qQ==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 44CD 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0pQMOymVY-mQKuiH9u8PupqtqAIAAAAAOAHgBAI&bg=!LC-lL2vNAAYgquz3AKo7ACkAdvg8Wg1V2vt5_CpRt5loQQ3Se94TL0ecRI0q-clSeH_lEiB7gX22aAIAAAHBUgAAAAJoAQcKAFAFunUY4ZAC10eqXzaoAXJlrOK1yz0D-yLSxkJWef3PStSk93VHHKpd7Tkd28kiNRkBo9j3kMhorFPChp0i44qeZl2IxhCoflvOvHlcC8ckWpkC3MbAl9I0_1pKc13Egj3dEYdJ2dYW2b_tTvNTVnta3QIr5v1LD6HaXobWGd_6GyCd15yT_u_PbY8gfrN1KOnmOgEUJgoWzUlrq9lCZm8m4WIVEEnWhF7z384KfK5DC9VEHXbSYKwIFLFbiWOSKHokTExR8VYNHTkmffs_XmTLt0qcdM2ndQyvqsLNW9jC9A1tHnxMK3vVRYh3x7lHX4L9Zb4MvlpENTDFJsmAY4YIBiEW_ce6fLhqrlV0AfhfKKYKtbW01GkptzDmWxgWOEXkzO8vJ88aNVkVjjM7G5aQeIOX7dFc0Vi5tjd3c-PK7WMLop7PFAJv8H2xFeWpWQCBM7hk-wrxGe8HQy8NB1njO-duLnuwmuXYDhVSx6O-Xcl_5_TAlJ_jXOAdDMbIjaf9LhH1DybBClwTAvNShNLchz32b4OpMBi-XN-ZgX4C7zdLoDzzhAOQrxJSR1uso1mXLZTxbq3eyRYjUmbNn4LpABk5L1T_rQvFSpgSdWkKqHCE_82DBD91V_vVRS0rjyI8cceb7MJ28wjTiA2vsorzO5sqxEjQU3I8w9Gd3aqUeIoLwoQPSDQgbvHVZ67196F46CQwZLzXjBHBcNT2EQvUMCY0vKpqPogFebqwqXuu0ZZEXZXNTkKdCNPPHDdx9h9RDNaNqgWP3mXPDz3dpz43dNx2kOBPQi8-jeGxxOZ6ZYY8SRgn_nHhPlo4DVy90XDAi6U7RUqmijbKcOvrf6_n8L0N3CICM3ES5r3D4OMfmB044XogfS5NSOvL_GHbVAmPrJP2evBIRpYcxNGHNtnG0YVORq9nFYYU5DstnVLXu_GAayg0FWYEC3r9_YfvewcWJuNGYwyfuV7tucsDayaR1Ia2DKZYs6x4D7Pd5lynUf8K_D8cAF8go0JOnMDiniF-_Aseuf1yfe-ojwOpusNT9RlFVsJsr3ZIXk7fXPjm7-7pT_GfS22Lr9_GsUOUdA

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E0E 36 KB
16 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 273E 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B81DTOymVY979Kve69u8Pk--UoA0AAAAAOAHgBAI&bg=!qaqlqu7NAAYgquz3AKo7ACkAdvg8WhcY2wEvppGplkQxculTZcP4_h3s4y4wUZ1QqUZTxCgyySTZeAIAAAHMUgAAAANoAQcKAGMHrtbnUZ0n6fA_5QamBobOwb1Nz3a4IPehgcOqW2DxSAC2B2pystT1yZBaczpyN_Z9lK8E_LhU2s_1MKW0fAhDPFNikDG7zBf2yNeJkFo-g0nBTIBW9Og9cUA1bI6GwkQWL3aZAujvNRyCnaZBIy13_wB-X5_yV_hMvuv3JICXo9MeA_skXJ_woVN9HuVCDG0jREji9kCMTu2NvjpuYPyKkanc5Wi_Hqbouy_bVmhCnyfDR7Gy-guubLkwUSlMp5QzSfWdUa-dEOj8lUVaxKk-7etoAG-Kz8Ijx6A4g8_Dp5tf4yz3MLtCrJjMpwJWd_CSkJlPz9_JqOvWWJ2GX-2dX6jV5C7dBVdn4aveKuVF2mF-6HUAyGY5XIr3qoZCXHkdvwrfOVF6gJWtkKzX_EXv8U36580pXdc82gNASeQzgKDt8G1Ox4iAdAnxhH2GEc5a0Q9JZPjcrtmtJwR45xf-A8FN6dU5w2-fsAHkwf6G1QuacsJBvs3xTNRePs5H5Onxc2xH2jL7iuj099hRcnNtRGqJiEWEo6CThuHS1b8OL2-tWpzVbTbdRkCwi7bdOq5aQJGuRfA5hey8LAdYKNri2FTIKXdyOHpn6kFdfy9TbJD3rH_9Dpl_kgWDJfG8WK-pf1ismJuIRbE58bjmJO6vsibuyl1KRNQ0TAGG3Lsss1jhl9fENuHENwQbQIb7nhn8JNShNswhYFaJULJYP1zEjP0m6c6DNMOh7nPESv7NhLFvCS73wFo-ouPKIbfizaxV_UhLWv-mVZAI4vY3rZ6NHnFgJuisO1I-uYELwS4V_HFlksUOXNSM7_W1Om6Jd1aigzekonKM_KhLl-AB43cNUrVn3wi5KN4Aepmu1mzDiUkKvlW5wP2OsWvk_ZmRVUIPoMVCTbyuI-TMDLl9_SSX5HIWm1RV5UeD0f6SN7Q-oecQZ9Y-7mUGa2Tv2UOBUhfQsIeWysGek1MstMht9ZQ1FeFVNKHQ8pKWhYR78yfITB5xAS2dPr45G0s_uGESKtcEXnIn1rglLxCSwVnnNAVjQXbCP7LSDSY17rhp4zXhZADGp7YJgMW_Y2SeOGxok4daD5G53zPkr9Wc6BqzjABVSKNygwstQ8Yk0pzn0vg

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame DD83 42 B
135 B 30ms
29ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1670719805497&bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&placement_id=31252&ssp=appnexus_2725&environment_type=access&environment_name=local
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: 102f9e903692a7dac63b1d91726163f6
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame DD83 42 B
123 B 31ms
30ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1670719805498&bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&placement_id=31252&ssp=appnexus_2725&environment_type=serving&environment_name=iframe
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: df1f0c968b4e26559fce24d31504839f
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 1632addf498ee3a179da.1.js Show response
assets.scoota.co/serving/31252/ Frame DD83 2 KB
1 KB 8ms
8ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/1632addf498ee3a179da.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 58a230315d6689a2e3a6388c61d33a4bcdabaa66ef07d8ea8b8270748ea0103a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 02:41:07 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 79739
etag: W/"82bca7d8fec4d931ed5abfa87921bbb2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: Lf_H1JvSe4lztz65P3dn_rD-2-4F5HmjnC6bhn_tclZhqr3suIUAoQ==

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1217620/66438850/ Frame DD83 46 KB
12 KB 201ms
32ms Script
application/javascript 34.251.37.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1217620/66438850/skeleton.js?ias_dspID=2&ias_campId=${CPG_ID}&ias_pubId=${PUBLISHER_ID}&ias_chanId=${SELLER_MEMBER_ID}&ias_placementId=${TAG_ID}&bidurl=${REFERER_URL_ENC}&ias_dealId=${DEAL_ID}&adsafe_par&ias_impId=v4~~${AUCTION_ID}
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.37.52 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-37-52.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 9440eb67891aa2e53acb06874513d61241ff4c5db366401ed2e2eeb848fb4d74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
track.scoota.co/ Frame DD83 42 B
123 B 30ms
29ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1670719805499&bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&placement_id=31252&ssp=appnexus_2725
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: df96b86e8d7ce270bae816c02acd36dc
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28780316.349203301;dc_pre=CMecm6Ss8PsCFZSS_Qcd2-UAcw;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805499;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/ Frame DD83
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805499;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;...
https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_pre=CMecm6Ss8PsCFZSS_Qcd2-UAcw;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805499;dc_lat=;dc_rdid=;tag_fo...

42 B
63 B

39ms
39ms

Image
image/gif

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_pre=CMecm6Ss8PsCFZSS_Qcd2-UAcw;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805499;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_pre=CMecm6Ss8PsCFZSS_Qcd2-UAcw;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805499;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame DD83 42 B
124 B 28ms
27ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1670719805500&bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&placement_id=31252&ssp=appnexus_2725&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fi.afly.pro%2F
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: ac09114b1da62fa1dfaec401687b8767
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 6.json Show response
assets.scoota.co/creative/manifests/1m7pl6d/ Frame DD83 2 KB
894 B 32ms
14ms XHR
application/json 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/1m7pl6d/6.json?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6fc66382c42239db887797bd4da9ad25c425c3c087e44a582d2cae7fd50e5a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 05:56:03 GMT
content-encoding: gzip
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
last-modified: Tue, 11 Oct 2022 14:26:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 68043
etag: W/"d4a0d44e69e59a18d4b0f30d152617a3"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: uQ3PRutDaKCmO8LbdOLcUSqSS_H4ikTjwdWPO3TX1GKALo_yc0ivjQ==

GET
H2 200 env
track.scoota.co/ Frame 98F3 42 B
123 B 28ms
28ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1670719805502&bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&placement_id=31252&ssp=appnexus_2725&environment_type=access&environment_name=local
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: c5d081ae88d68e58d7c27cecf8adf68e
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 98F3 42 B
123 B 27ms
26ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1670719805503&bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&placement_id=31252&ssp=appnexus_2725&environment_type=serving&environment_name=iframe
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: 57f7d83b94720f66755ad4cba62d7e2c
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 1632addf498ee3a179da.1.js Show response
assets.scoota.co/serving/31252/ Frame 98F3 2 KB
1 KB 8ms
8ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/1632addf498ee3a179da.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 58a230315d6689a2e3a6388c61d33a4bcdabaa66ef07d8ea8b8270748ea0103a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 02:41:07 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 79739
etag: W/"82bca7d8fec4d931ed5abfa87921bbb2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: q4GpRqyX44GAIFg1ykTaY5j7WoEfw0ki8YlCrTATR82PWHiOzD-F9Q==

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1217620/66438850/ Frame 98F3 46 KB
12 KB 196ms
31ms Script
application/javascript 34.251.37.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1217620/66438850/skeleton.js?ias_dspID=2&ias_campId=${CPG_ID}&ias_pubId=${PUBLISHER_ID}&ias_chanId=${SELLER_MEMBER_ID}&ias_placementId=${TAG_ID}&bidurl=${REFERER_URL_ENC}&ias_dealId=${DEAL_ID}&adsafe_par&ias_impId=v4~~${AUCTION_ID}
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.37.52 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-37-52.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 83405231bb41b7440ec1c685d6e767e4f3bc2747370434823a1b0dc6c243e1d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
track.scoota.co/ Frame 98F3 42 B
123 B 27ms
26ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1670719805503&bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&placement_id=31252&ssp=appnexus_2725
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: d4256f1c17b49c5b2ae53a536afd15f7
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28780316.349203301;dc_pre=CJa6m6Ss8PsCFcmgewoduwAJww;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/ Frame 98F3
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;...
https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_pre=CJa6m6Ss8PsCFcmgewoduwAJww;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805504;dc_lat=;dc_rdid=;tag_fo...

42 B
63 B

38ms
38ms

Image
image/gif

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_pre=CJa6m6Ss8PsCFcmgewoduwAJww;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N572608.286450AMNET/B28780316.349203301;dc_pre=CJa6m6Ss8PsCFcmgewoduwAJww;dc_trk_aid=540405585;dc_trk_cid=180355821;ord=1670719805504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame 98F3 42 B
123 B 29ms
29ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1670719805504&bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&placement_id=31252&ssp=appnexus_2725&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fi.afly.pro%2F
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: 8638b8db4c9938f0e3d6b2ecf34f09a6
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 6.json Show response
assets.scoota.co/creative/manifests/1m7pl6d/ Frame 98F3 2 KB
893 B 28ms
15ms XHR
application/json 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/1m7pl6d/6.json?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6fc66382c42239db887797bd4da9ad25c425c3c087e44a582d2cae7fd50e5a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 05:56:03 GMT
content-encoding: gzip
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
last-modified: Tue, 11 Oct 2022 14:26:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 68043
etag: W/"d4a0d44e69e59a18d4b0f30d152617a3"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: xFrVT0BcTFzb_u_ncbyfRkaKTjNZsSpxQTJiW9qg0MwagTNPgjA7PQ==

GET
H2 200 cookiesyncendpoint Show response
servs.modoro360.com/ Frame 7A2D 0
234 B 92ms
92ms Document
text/plain 34.192.116.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=133&auid=1670719802608-938354041707-007695-012-004366&key=a6f37f0123013099a595be2217fc435a
Requested by: Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr=1&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D133%26auid%3D1670719802608-938354041707-007695-012-004366%26key%3D%7B%7BVID%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.116.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-116-159.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vid.vidoomy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sun, 11 Dec 2022 00:50:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CA7A 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQODxPCmVY7miEZuT9u8PwJCY8AwAAAAAOAHgBAI&bg=!ra6lrurNAAYgquz3AKo7ACkAdvg8WrZ8iV6Bh1Jc39ljk6H-TiN2Wz2trHFdobgnQwQ5kdIJ16Rr2gIAAACZUgAAAAJoAQcKAJ1ZyijTKnBCDFGJ9nNIkQvoEdNjP4VVoz3p9MHBoAM6b_GsDnEPgMsdWduFkDekUqlzwmrylSFWTB-UUn8C6U1ybgYoNyHulqNN7s5-QUXQX4rcWde6bEerpe4SmbH7lB3IcIsmnO1dEYclMyKex7Wd-9BHzBf0yGaWACbBqueDf5RSbbkTR7hUc4cMdTbbp6Ht3jY974zlNzTx6e1XmQLrImfJhpGuCtzYlgO3HkQu4T6E5egy50b81nHqak7MBu3VlU3-FGX2NN987O9MLWvKU5GQpt8x-bqrLbCLx06GoNQWnUGgQAydc5X2lRhoqflb2sdwjODpD_sJw37DwNf9mx_1qIqe4IDr8ojp-b9Jx8kmBzu-MyZq8_N4bUR6rBjXHkTvgLVQV-ilEIZwaMfGjhV8He3grF0or3sYZgEkYzN-JvUNhZqf3sPwvuX9yiVQfOyIL7cMWEj5qUZSB6BamHKBRMSQcC5yl-53tTjqUNwD02F59DLVqNb1Sf7Nr9wxR2mablEv2OP9DWugVcHQ2IPt2vqf0Lm2ZZhLiU5l3SuULm9jUxdBDjuSjl_CBIdlLDMxAl4kJvCXvphJbCydYp1SvRIh-JTdoKrdjd_g6AIVBJAdB4S7hsIs25c2dK94J2ksJovUTqq9BRyjESwOJxz3zGHdCooNDmGXR7pvEYA1bt0LMTWKLWq4_JivJmOErNbKU2LnUkdgn1_SIY5cgJz4EC2xDbbxy-AToZpEEsxnm08tzyIlSG6eT_0H43twhGmWH7XtI2IsWQ_8WKtvyv2crWL9naXV1LZOSxH1e6fyo2X_Y3ssaZY5sNBaBaJ_aipN4U4cX0pi2Yfrlv98VAcRt7_heNWoZQit3NVUNb99t8UfmSoAqNlQN0HjiEkcpG_1CEScScQRlxMQv1Km3LCtyZu6l2Xzz48rBxT_0kD0n1eQF3sggoVQGPBkw1C9XwzcCp7mrmLzBAh7IJ6NnLIawWd5UOoQeShXhLt7FPJkkkwq7gDG5Q0GYWF0jRY6I7RKQY51ra7x1qOZxjiZrMHA4z1OCNTqxAahUukL2YflehmUDx2Aq_eaj5FaZX3TcYfpc0GGe5QI_OcS1ZHI82jBFzWr9MiwxHhsjLWQ3sG5zgS7rrDQkyJqmyD43MMnm8_0FdKddV732vBo4rSjVfVh2gn6q652UW6OIEKIANqnK__YK03GW-VU

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a4c17b4d68780cfea57f.1.js Show response
assets.scoota.co/serving/31252/ Frame DD83 21 KB
8 KB 10ms
9ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/a4c17b4d68780cfea57f.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1a4e6673d17854cf7591b1fa159d2f463a39e9dcb0cbf58e6fa142f223f0447

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 05:42:18 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 68868
etag: W/"2675e9ddf2ec9e37f699a850a6ee9cb1"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: Lv3iCHtphq99RJAKyW3If9nOpJdmYuQYfuEJFTukAhdHTZkIyRNs-w==

GET
H2 200 3ee4b2e93af29545460c.1.js Show response
assets.scoota.co/serving/31252/ Frame DD83 36 KB
12 KB 11ms
10ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/3ee4b2e93af29545460c.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 24f9f98b4b53484ff06c3532112868c6d0204e6e7fa31a9110acb3b6002b2c8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:30:26 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 8380
etag: W/"a19fd8bfcfbb3548ea9ed591e8a2e934"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: xkMGt5OEEc-sp-4356nCNsfRYrHuAQTxhFyE9x28-f8Dy52ttbvDkg==

GET
H2 200 92c4cf957e4e2f9de505.1.js Show response
assets.scoota.co/serving/31252/ Frame DD83 771 B
1 KB 11ms
11ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/92c4cf957e4e2f9de505.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804652&ts=1670719804652&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8b2bb79f27e7394d85d8612df35beadc3845e3c6184bb0ba1beea532124c2d7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 19:50:52 GMT
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 17954
x-cache: Hit from cloudfront
content-length: 771
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
etag: "3ad57033c7a2680e0ae48bb6f40d847e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: xI9GpO0G7RRb1gaMVbrso6Odwb3uUmhrDkuOx77jDnxtU4m5SkhT-w==

GET
H2 200 a4c17b4d68780cfea57f.1.js Show response
assets.scoota.co/serving/31252/ Frame 98F3 21 KB
8 KB 18ms
17ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/a4c17b4d68780cfea57f.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1a4e6673d17854cf7591b1fa159d2f463a39e9dcb0cbf58e6fa142f223f0447

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 05:42:18 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 68868
etag: W/"2675e9ddf2ec9e37f699a850a6ee9cb1"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 8KSC-V6NDsWs-eUoS0cXdSYAq9-GPYxZ9QzDv682XgAutscwp6gUng==

GET
H2 200 3ee4b2e93af29545460c.1.js Show response
assets.scoota.co/serving/31252/ Frame 98F3 36 KB
12 KB 18ms
17ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/3ee4b2e93af29545460c.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 24f9f98b4b53484ff06c3532112868c6d0204e6e7fa31a9110acb3b6002b2c8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:30:26 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 8380
etag: W/"a19fd8bfcfbb3548ea9ed591e8a2e934"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 4h4cFOXrcPhH4wYC0lpn51H4NXIrIMJFJn1rwKDyL-KbW0Os2CWgqw==

GET
H2 200 92c4cf957e4e2f9de505.1.js Show response
assets.scoota.co/serving/31252/ Frame 98F3 771 B
1 KB 18ms
18ms Script
application/javascript 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31252/92c4cf957e4e2f9de505.1.js?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8b2bb79f27e7394d85d8612df35beadc3845e3c6184bb0ba1beea532124c2d7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 19:50:52 GMT
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 17954
x-cache: Hit from cloudfront
content-length: 771
last-modified: Mon, 17 Oct 2022 11:44:04 GMT
server: AmazonS3
etag: "3ad57033c7a2680e0ae48bb6f40d847e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: r3PEuA34hrVuUb8xZKnY28fGDkJWPd-PvFl2xZIL1DeLA8Yx3sflYg==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1222 42 B
64 B 47ms
46ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst5IKxpysMojpAlyQ0ivwcRSH_vyG5gDvvTyReU25urAsmDAs0TtrTNN0f09ZAPHzGCMKMCRjHWZXoKjrqEFZ94DZ_A_xEmKUI65dUa6GWK0jexmm8N&sig=Cg0ArKJSzOZoQe35iIX4EAE&id=lidar2&mcvt=1001&p=984,650,1234,950&mtos=80,1001,1001,1001,1001&tos=80,921,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3563140142&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670719804112&rpt=378&isd=0&lsd=0&met=ce&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cta.png
assets.scoota.co/creative/assets/1m7pl6d/bundle/7/ Frame DD83 6 KB
6 KB 15ms
14ms Image
image/png 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/1m7pl6d/bundle/7/cta.png?placement_id=31252
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dc88f88248e18ea076541321e2f285e0385efade2035b861547d65b8e06b4782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 06:08:23 GMT
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 67322
x-cache: Hit from cloudfront
content-length: 5953
last-modified: Tue, 11 Oct 2022 14:25:57 GMT
server: AmazonS3
etag: "3c34f0c048c4ca4a5c790e89c8378e42"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 8u9NctUaAEclAWk-X9xcogotlyZWMfDCiFjKLvvPoE7YSsIiFlbesQ==

GET
H2 200 bg.png
assets.scoota.co/creative/assets/1m7pl6d/bundle/7/ Frame DD83 404 KB
405 KB 19ms
18ms Image
image/png 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/1m7pl6d/bundle/7/bg.png?placement_id=31252
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0df374187cc03eefc8c4b0daf175f16d67f828b17fa5f68900b29129c63cb912

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 02:33:16 GMT
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 80233
x-cache: Hit from cloudfront
x-amz-storage-class: ONEZONE_IA
content-length: 413736
last-modified: Tue, 11 Oct 2022 14:25:57 GMT
server: AmazonS3
etag: "f5885c6c99390b1e9ccc488e97fd7624"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: i8uISC3xQbB2Eb9I_G1Mr5sEC45h787eJXFCFi0gsUh7Wv6Br85SlQ==

GET
H2 200 session
track.scoota.co/ Frame DD83 42 B
123 B 33ms
32ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1670719805559&bid_id=2982061414484222551&delivery_id=1f1a0cfb-fb49-482c-8416-2aabca8283d2&placement_id=31252&ssp=appnexus_2725&role=desktop&stage=first&creative_id=27445&creative_version=6
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: eb9cfb30c0750df2a33eac59bf4c12bc
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 cta.png
assets.scoota.co/creative/assets/1m7pl6d/bundle/7/ Frame 98F3 6 KB
6 KB 91ms
91ms Image
image/png 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/1m7pl6d/bundle/7/cta.png?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dc88f88248e18ea076541321e2f285e0385efade2035b861547d65b8e06b4782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 06:08:23 GMT
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 67322
x-cache: Hit from cloudfront
content-length: 5953
last-modified: Tue, 11 Oct 2022 14:25:57 GMT
server: AmazonS3
etag: "3c34f0c048c4ca4a5c790e89c8378e42"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: QTxFMJr8IpG0vOwziaqq-bFbgcUqfhNa0cnCU3t-hkq1_DYx9jG9MQ==

GET
H2 200 bg.png
assets.scoota.co/creative/assets/1m7pl6d/bundle/7/ Frame 98F3 404 KB
405 KB 89ms
88ms Image
image/png 13.32.121.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/1m7pl6d/bundle/7/bg.png?placement_id=31252
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&domain=i.afly.pro&cachebuster=353470332&event=serve&placement_id=31252&runtime_version=19.5.1&placement_version=1&ssp=appnexus_2725&dsp=appnexus_no_cost&time=1670719804669&ts=1670719804669&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31252%2Fplacement.js%3Fts%3D1670719804669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0df374187cc03eefc8c4b0daf175f16d67f828b17fa5f68900b29129c63cb912

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 02:33:16 GMT
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 80233
x-cache: Hit from cloudfront
x-amz-storage-class: ONEZONE_IA
content-length: 413736
last-modified: Tue, 11 Oct 2022 14:25:57 GMT
server: AmazonS3
etag: "f5885c6c99390b1e9ccc488e97fd7624"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 4HByPdW07h16ox82ejRD0ONoGaDFZr1FeTGulpHajxfRvQUGnZvzyA==

GET
H2 200 session
track.scoota.co/ Frame 98F3 42 B
123 B 28ms
28ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1670719805570&bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&placement_id=31252&ssp=appnexus_2725&role=desktop&stage=first&creative_id=27445&creative_version=6
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: ff8b42af019bed8c567d370b4365a2f5
date: Sun, 11 Dec 2022 00:50:05 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 main.19.8.374.js Show response
static.adsafeprotected.com/ Frame 98F3 195 KB
61 KB 84ms
18ms Script
application/javascript 2600:9000:225b:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.374.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1217620/66438850/skeleton.js?ias_dspID=2&ias_campId=${CPG_ID}&ias_pubId=${PUBLISHER_ID}&ias_chanId=${SELLER_MEMBER_ID}&ias_placementId=${TAG_ID}&bidurl=${REFERER_URL_ENC}&ias_dealId=${DEAL_ID}&adsafe_par&ias_impId=v4~~${AUCTION_ID}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9c81b0def31d443566cd071a3655b39a85ea7a0083e38adba8defd9e96e9cd5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 15:11:26 GMT
x-amz-version-id: B6ItnKfrk41R4i5Fj.qLTSTH8PHoK8yK
content-encoding: gzip
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 293920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Dec 2022 14:12:43 GMT
server: AmazonS3
etag: W/"cc9d7366a4ecc29e6661ec3cb0566f3d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 0nG9vObPO5HJsmU08RMsv6SkxBnQkG9r0Z6Q8VzKS_evESOrG3ZzSw==

GET
H2 200 main.19.8.374.js Show response
static.adsafeprotected.com/ Frame DD83 195 KB
61 KB 107ms
43ms Script
application/javascript 2600:9000:225b:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.374.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1217620/66438850/skeleton.js?ias_dspID=2&ias_campId=${CPG_ID}&ias_pubId=${PUBLISHER_ID}&ias_chanId=${SELLER_MEMBER_ID}&ias_placementId=${TAG_ID}&bidurl=${REFERER_URL_ENC}&ias_dealId=${DEAL_ID}&adsafe_par&ias_impId=v4~~${AUCTION_ID}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9c81b0def31d443566cd071a3655b39a85ea7a0083e38adba8defd9e96e9cd5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 15:11:26 GMT
x-amz-version-id: B6ItnKfrk41R4i5Fj.qLTSTH8PHoK8yK
content-encoding: gzip
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 293920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Dec 2022 14:12:43 GMT
server: AmazonS3
etag: W/"cc9d7366a4ecc29e6661ec3cb0566f3d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: gHvksNpTARYyf8U4CcxllU6Qi40rO7KVAdKwlXGs8M0oGXJRVVrA2A==

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 98F3
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1217620/66438850/skeleton.js?ias_dspID=2&ias_campId=${CPG_ID}&ias_pubId=${PUBLISHER_ID}&ias_chanId=${SELLER_MEMBER_ID}&ias_placementId=${TAG_ID}&bidurl=${RE...
https://static.adsafeprotected.com/skeleton.js

17 B
467 B

23ms
23ms

Script
application/javascript

2600:9000:225b:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Server: 2600:9000:225b:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 25786322
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: uXmCS40AXy1EYq1LpJXnWSpZ7nENSXkGRlf8BYyJWfsZ7FHuBrCbCg==

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
server: nginx
x-server-name: app11.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 7D3F 91 KB
23 KB 26ms
26ms Script
application/javascript 2600:9000:225b:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 6945229
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: qS1MqzeZEFhx8zdrX-T7f2I1gS8l-oRNq7H71k9AAyefridHzwP87A==

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame DD83
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1217620/66438850/skeleton.js?ias_dspID=2&ias_campId=${CPG_ID}&ias_pubId=${PUBLISHER_ID}&ias_chanId=${SELLER_MEMBER_ID}&ias_placementId=${TAG_ID}&bidurl=${RE...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

15ms
14ms

Script
application/javascript

2600:9000:225b:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Server: 2600:9000:225b:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 25786322
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: ENFN9AcxDV1NR35sXu2SzVk2ygmKNIZRdiOWtsmcHzRQG_Qc--MIAg==

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
server: nginx
x-server-name: app17.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 0BDF 91 KB
23 KB 34ms
33ms Script
application/javascript 2600:9000:225b:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
URL: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 6945229
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: P2_WAbZ_cDCeBxez60cQrLqTXiZbUzaT9o6UHSRcRk9m7cfz7g6vhA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 98F3 43 B
216 B 532ms
165ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=fc048b4a-6a4e-01d8-5f14-151e167db432&tv=%7Bc:wrDpRO,pingTime:-3,time:193,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:151%7D,%7Bpiv:86,vs:i,t:193%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:193,o:0,n:193,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:151,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B59~1%5D,as:%5B59~300.250%5D%7D%7D,%7Bsl:i,t:193,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:86,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~75%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpFg2AP+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o11%7C1p1*.1217620-66438850%7C1p11%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1p1*,rmeas:1,rend:1,renddet:CANVAS.qs,siq:152%7D&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 98F3 43 B
215 B 689ms
324ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=fc048b4a-6a4e-01d8-5f14-151e167db432&tv=%7Bc:wrDpRQ,pingTime:-6,time:195,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:195,o:0,n:193,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:151,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B59~1%5D,as:%5B59~300.250%5D%7D%7D,%7Bsl:i,t:193,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:86,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2~75%5D,as:%5B2~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpFg2AP+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o11%7C1p1*.1217620-66438850%7C1p11%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1p1*,rmeas:1,rend:1,renddet:CANVAS.qs,siq:152%7D&tpiLookup=ao:i.afly.pro*%2Cf580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com*&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 29ms
29ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fp.jcontentcdn.com%2F&domain=p.jcontentcdn.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://p.jcontentcdn.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 11 Dec 2022 00:50:04 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 411094
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 5FC9
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fp.jcontentcdn.com%2F&domain=p.jcontentcdn.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=uclhM3xOQkg3T3IyZU5QVG9hL1dTOHhBM3l5WSsyVUloRkc4NjA5L3BnakExcFE4cmhpTXEzQkwwWlFyOTdPbW05N2NzZmdaOGVyNkNVNjN6ZjJjRUJsNWlIRVhxL00yQVRkU09LelpVb1dSTUlPZUV3OWFYUXpVVTJIa1...

456 B
732 B

19ms
19ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=uclhM3xOQkg3T3IyZU5QVG9hL1dTOHhBM3l5WSsyVUloRkc4NjA5L3BnakExcFE4cmhpTXEzQkwwWlFyOTdPbW05N2NzZmdaOGVyNkNVNjN6ZjJjRUJsNWlIRVhxL00yQVRkU09LelpVb1dSTUlPZUV3OWFYUXpVVTJIa1YwMEoyYzVmUk5zZG1RNG5uRVVIQ1VTeXlrNTVMTkRxNkdRNlZmQTkwNnFPaDNVcHdJMG1RQUJQNkxhdm1HMnpCRjZkTGxCUFowU2tYWnd4MkpmUjh3VXo2ckcrNVphVXRESVkyWlJzSlE1SjFKbHhvcnBoVHpjQ01xM2hmY0F0R3NZUmVaMTBOMEZPSHNpcUpHZGJhZ1hrV2I5OEVnSkFqa2JNSDBpWXd4bENWY1BRT1lUaz18&cppv=2

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8b41cf79d377316064a6a7be3155c8738080986b92616b999715f26a2402f086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1743617
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=uclhM3xOQkg3T3IyZU5QVG9hL1dTOHhBM3l5WSsyVUloRkc4NjA5L3BnakExcFE4cmhpTXEzQkwwWlFyOTdPbW05N2NzZmdaOGVyNkNVNjN6ZjJjRUJsNWlIRVhxL00yQVRkU09LelpVb1dSTUlPZUV3OWFYUXpVVTJIa1YwMEoyYzVmUk5zZG1RNG5uRVVIQ1VTeXlrNTVMTkRxNkdRNlZmQTkwNnFPaDNVcHdJMG1RQUJQNkxhdm1HMnpCRjZkTGxCUFowU2tYWnd4MkpmUjh3VXo2ckcrNVphVXRESVkyWlJzSlE1SjFKbHhvcnBoVHpjQ01xM2hmY0F0R3NZUmVaMTBOMEZPSHNpcUpHZGJhZ1hrV2I5OEVnSkFqa2JNSDBpWXd4bENWY1BRT1lUaz18&cppv=2
access-control-allow-origin: https://p.jcontentcdn.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 619575
content-length: 0
expires: 0

POST
H/1.1 200 prebid Show response
id5-sync.com/api/config/ Frame 5FC9 135 B
546 B 27ms
26ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

f2a8720de45d6e2afa1037156d17e6b24e05d98b9f3ffb06ea6dbd8faafb3297

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://p.jcontentcdn.com
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 204 /
onetag-sys.com/usync/ Frame E1DB 0
0 23ms
23ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1670719802852&gdpr=0

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://p.jcontentcdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 204 /
onetag-sys.com/usync/ Frame 7D37 0
0 23ms
22ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1670719802853&gdpr=0

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://p.jcontentcdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 204 /
onetag-sys.com/usync/ Frame 535D 0
0 22ms
22ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1670719802853&gdpr=0

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://p.jcontentcdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 5FC9 0
239 B 25ms
25ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-lupon&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 cookie
cm.adform.net/ Frame 5FC9 43 B
105 B 30ms
29ms Image
image/gif 37.157.6.254
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.254 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://p.jcontentcdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:05 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DD83 43 B
215 B 520ms
167ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=8558ff01-ccd8-c424-4fd8-49546dfbd39d&tv=%7Bc:wrDpS3,pingTime:-3,time:206,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:183%7D,%7Bpiv:0,vs:o,r:l,t:206%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:206,n:206,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:206,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpFg2AR+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o1*.1217620-66438850%7C1o11%7C1p11%7C1p12%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1o1*,rmeas:1,rend:1,renddet:CANVAS.qs,siq:184%7D&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DD83 43 B
215 B 518ms
166ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=8558ff01-ccd8-c424-4fd8-49546dfbd39d&tv=%7Bc:wrDpS3,pingTime:-6,time:206,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:206,n:206,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:206,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpFg2AR+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o1*.1217620-66438850%7C1o11%7C1p11%7C1p12%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1o1*,rmeas:1,rend:1,renddet:CANVAS.qs,siq:184%7D&tpiLookup=ao:i.afly.pro*%2Cf580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com*&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 98F3 43 B
215 B 676ms
325ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=fc048b4a-6a4e-01d8-5f14-151e167db432&tv=%7Bc:wrDpS6,pingTime:-2,time:211,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1067,beZ:1068,mfA:1198,cmA:1199,inA:1199,inZ:1204,prA:1204,prZ:1214,si:1219,poA:1220,poZ:1232,cmZ:1232,mfZ:1232,loA:1261,loZ:1264,ltA:1277,ltZ:1277,mdA:1068,mdZ:1171%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:151%7D,%7Bpiv:86,vs:i,t:193%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:211,o:0,n:193,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:151,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B59~1%5D,as:%5B59~300.250%5D%7D%7D,%7Bsl:i,t:193,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:86,obst:0,th:0,reas:,bkn:%7Bpiv:%5B18~75%5D,as:%5B18~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpFg2AP+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o1.1217620-66438850%7C1o11%7C1p1*.1217620-66438850%7C1p11%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1p1*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:CANVAS.qs,siq:152,sinceFw:57,readyFired:true%7D&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DD83 43 B
215 B 509ms
166ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=8558ff01-ccd8-c424-4fd8-49546dfbd39d&tv=%7Bc:wrDpSc,pingTime:-2,time:215,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1086,beZ:1087,mfA:1259,cmA:1260,inA:1260,inZ:1261,prA:1261,prZ:1268,si:1270,poA:1270,poZ:1277,cmZ:1277,mfZ:1277,loA:1293,loZ:1294,ltA:1301,ltZ:1301,mdA:1087,mdZ:1208%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:183%7D,%7Bpiv:0,vs:o,r:l,t:206%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:215,n:206,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:206,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B9~0%5D,as:%5B9~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpFg2AP+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o1*.1217620-66438850%7C1o11%7C1p1.1217620-66438850%7C1p11%7C1p12%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1o1*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:CANVAS.qs,siq:184,sinceFw:31,readyFired:true%7D&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 5FC9 33 B
404 B 10ms
9ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

cffc123cd83945c87804c062d77ae6e1952be49639940a4620bcedd35a6047bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://p.jcontentcdn.com
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D42D 0
737 B 8ms
8ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=2003356&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=2003356

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:05 GMT
AN-X-Request-Uuid: 3f36b2f6-cfe8-4c60-be8e-8a9da7840672
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9C2D 42 B
64 B 53ms
53ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0w29id_3cCTgFW-QCe7838huDlbw7sqnfkUx8Ai0dle3KVMkEklcv8YwSpmgSD_IMOIIPdu5-hThEbc8kns8A_CqHsHaTWQkreMEzoqlSp8jR9BVPjn1GrFamL_L3WbVxFOISlA&sai=AMfl-YRAm0_xpe6mFlCrSAxFUfG17L4PW2ALlYt03KnxqkcTbLajOybDIL5b1-b6TP3ZBf_yju7wn5hczCaGEtcroYYlEqd6taMGAvXUAonUMQBR2HQi2zIpUyteMoXOoA&sig=Cg0ArKJSzKp0Rs9A-Kb_EAE&cid=CAQSOwDq26N9cG6QcfWuKIWdlg9FYXnaBcnfQgfRfV5Fc_mrqMAcOGgCxrwrCzg9Ahmb2-vTX0uE5k4nPukJGAEgEw&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3042515390&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670719804116&rpt=801&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ Frame 5FC9 216 B
627 B 9ms
8ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19337/hb_307825_11595.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

417dff8a8b640d97122e7a43869e78e72304a110a3a0c607b2ffc23a3db461c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://p.jcontentcdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://p.jcontentcdn.com
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 074D 0
737 B 9ms
8ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=2003356&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=2003356

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:05 GMT
AN-X-Request-Uuid: 5bffe0fe-6d3b-4abd-8746-f60e653a487b
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 16ms
15ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 11 Dec 2022 00:50:05 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 223280
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 98F3 43 B
215 B 383ms
325ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=fc048b4a-6a4e-01d8-5f14-151e167db432&tv=%7Bc:wrDpWG,pingTime:-10,time:495,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA4LjAuNTM1OS45OCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1670719806226%7C%7Cf37e172515d2a47d196334177057f382%7C%7C0de43d4db49fea79bddae584752a1e87%7C%7Cbf4381be2ffb4989d64997952c0fa636%7C%7Cc56fb9207f0712e25d537adff731a3c3%7C%7C2aca74e8c5034957ed15db7e59ef99d5%7C%7Cb22e1cb62864e2a685406f47fa10ed7a%7C%7C08b3057021197c56724454a6142609a1%7C%7C1663701684%7D
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 98F3 0
880 B 9ms
9ms Ping
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fi.afly.pro%2FLclT&e=wqT_3QKhDfBMoQYAAAMA1gAFAQi60tScBhC84d7_wP-svDEYpaSiwfDN_MdNKjYJILqgvmWOC0ARVi2dmsFr6j8ZAAAAIIXrCUAhVi2dmsFr6j8pH7oJJNAxAAAAQOF61D8wxtjPCjilFUCcWkgCUPiTibwBWPq8lgFgAGiztyt4kNkFgAEBigEDVVNEkgUG8EyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTI1MDE4NywgMCk7dWYoJ2knLCA3NzU4MTI4LCAwKQUULGcnLCAxOTQ3NzY5MxUpMHMnLCAyODAzNTM4MTkVFjByJywgMzk0NDE0NTg0BRbwtpICzQUheEpHN1N3ajNsdnNaRVBpVGlid0JHQUFnLXJ5V0FUQUFPQUJBQUVpY1dsREcyTThLV0FCZ2JXZ0FjQUI0QUlBQkFJZ0JBSkFCQVpnQkFhQUJBYWdCQWJBQkFMa0JvaTQ4ZEZjYkNrREJBUUV4NURsbmpndEF5UUVBQUFBQUFBRHdQOWtCY0Y4SHpobFI3al9nQWJEQzJRUDFBUU5PYmtDWUFnQ2dBZ0cxQWdBQUFBQzlBZwE58KpEQUFnRElBZ0RRQWdEWUFnRGdBZ0RvQWdENEFnR0FBd0dZQXdHaUF3NEl6OTd2SmhBQkdBSXRBQUJ3UWFJRERnalAzdThtRUFzWUFpMEFBSEJCdWdNSlJsSkJNVG8xTXpFMDRBUDZMNEFFeUtqTENZZ0V3S25MQ1pBRUFaZ0VBYklFQ1FqcHVTNFEwc1dqRGJJRUNRaW5oMUlRMHNXakRib0VVQWlRQ2hFQUEBrxRBRFFQeGsFCgUB2ENDbmgxSWd6YktvQ1NDQmo1UU1JTmVRbEF3ZzFNaWREQ0NyeVowTUlNVEpuUXdnek1tZERDRDYFFFRONkdqZzBnNW9hT0RTRHZobzROd1FRBVcFaAg4a0UNDQEQFFlCQUR4QgELDQFcaUFYQ0taQUYtNWRWbUFXYnVOZUZBYWtGDR8UQThELXhCEU8UQUFBd1FVAQcBAQh1UU0JKBw0RWNoempfUi4oAAAyFSjwQ0R3UC1BRmhZTVY4QVc5NmFRSi1BV0x1Y0FDZ2dZRFJWVlNpQVlFa0FZQm1BWUFvUWJhRzN4aE1sV3dQNmdHQkxJR0pBPSwAQh3PBEJrAYgJAQBDHRhETGdHQ2cuLpoCmQEhRnhpZ3hnOtEC2FBxOGxnRWdBQ2dBTWRvYmZHRXlWYkFfT2dsR1VrRXhPalV6TVRSQS1pOUpjRjhIemhsUjdqOVIJagEBBEJaAQYJAQRCaAkIFEFBMEQ5cBEMDEFBQngdDAw0QUlrNXjwsDhEOC7YAuoQ4AKm6FTqAhdodHRwczovL2kuYWZseS5wcm8vTGNsVIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_eQrgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQKODEuOTUuNS40MqgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABLfgtSLIBADSBA8xMTU0OCNGUkExOjUzMTTaBAIIAeAEAfAE-IHMIIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC7gAAADYBQHgBQHwBVn6BQQIABAAkAYAmAYAogYOMjcyNSNGUkExOjY2MjC4BgDBBgEwMAAA8D_QBq1E2gYWChAJERkBXBAAGADgBgHyBo8BCPuXVRKIAV94WllQVyXw8EBEQUFrQ0JRRUkzcGZMQ0JEeGp1NENHUG0xdUFNZ0J5Z0FPZ1VJeWJhNURrQ0MwTGdJU0p6LXZBaFEtaTlZM0ROeDajAQBFNaNUQUFDSUFRQ1FBUUNhQVFJSUFLZ0JBTC4gADRBLoAHAYgHAKAHAboHDwHnSBgAIAAwADi6BkAAyAeQ2QXSBw0tEwROQAHGCNoHBgknaOAHAOoHAggA8AeU-QOKCAIQAJUIAACAP5gIAQ..&s=3ba3f6d7d9ae9fdbde56d1f09d7d7cfd20b2a2a9&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=0.86&sid=7628096501862805038&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22277190&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:06 GMT
AN-X-Request-Uuid: ed1e5d65-88c6-4aad-bc71-19a310a3b16d
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 19ms
18ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fi.afly.pro%2F&domain=i.afly.pro&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://i.afly.pro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 11 Dec 2022 00:50:05 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 466735
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fi.afly.pro%2F&domain=i.afly.pro&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=j-PdzXxLQXUwTjRZcUVKSDk4OHNQempGOUFVWFF4SzNXc3FmVDlOWC9PQUhkLytVaTlLaGNJa2xwdGZ4ckEwVWE0ZzF0dE1EMTFTNitlbmxGN2RsMjZweVM0cWtPdjBvUTVvREFMZktMQ2doa1ptUmJQTThudjZLQmIwOG...

434 B
711 B

15ms
15ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=j-PdzXxLQXUwTjRZcUVKSDk4OHNQempGOUFVWFF4SzNXc3FmVDlOWC9PQUhkLytVaTlLaGNJa2xwdGZ4ckEwVWE0ZzF0dE1EMTFTNitlbmxGN2RsMjZweVM0cWtPdjBvUTVvREFMZktMQ2doa1ptUmJQTThudjZLQmIwOG1NVHJFTWI4OHllK0hzdk1sSktMNnppMHUwcFNuL2F0dzBtc3VPdDJLdTN4Wmx1bUJJb0E2QlpZTU90d3hQckNHQmtCS21ZeXlQQUV5MkF3cFBES0psbnJ5b2FPOFY3NXNIVkR3SGMyS2FtOVdyTjJ4NXYraXFxVUdJRFpoRWdtUWVDSk4yelRBOG5QLzJZQzJxd2tET3l5c2JDZGptQT09fA&cppv=2

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

dd3c4d2d6c37858345b15ecdd65ddea798fab9d910e4eca67c98d50d839ded3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1574190
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=j-PdzXxLQXUwTjRZcUVKSDk4OHNQempGOUFVWFF4SzNXc3FmVDlOWC9PQUhkLytVaTlLaGNJa2xwdGZ4ckEwVWE0ZzF0dE1EMTFTNitlbmxGN2RsMjZweVM0cWtPdjBvUTVvREFMZktMQ2doa1ptUmJQTThudjZLQmIwOG1NVHJFTWI4OHllK0hzdk1sSktMNnppMHUwcFNuL2F0dzBtc3VPdDJLdTN4Wmx1bUJJb0E2QlpZTU90d3hQckNHQmtCS21ZeXlQQUV5MkF3cFBES0psbnJ5b2FPOFY3NXNIVkR3SGMyS2FtOVdyTjJ4NXYraXFxVUdJRFpoRWdtUWVDSk4yelRBOG5QLzJZQzJxd2tET3l5c2JDZGptQT09fA&cppv=2
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 530170
content-length: 0
expires: 0

POST
H/1.1 200 prebid Show response
id5-sync.com/api/config/ 135 B
539 B 10ms
10ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

f2a8720de45d6e2afa1037156d17e6b24e05d98b9f3ffb06ea6dbd8faafb3297

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame EA7E 52 KB
17 KB 10ms
9ms Document
text/html 88.221.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.168.189 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-168-189.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 11 Dec 2022 00:50:06 GMT
ETag: "623de86a-cf34"
Expires: Mon, 12 Dec 2022 00:50:08 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 84FE 0
0 10ms
6ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1670719802498&gdpr=0

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame C6E4 0
0 16ms
15ms Document
text/plain 216.52.2.39
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13429262
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Sun, 11 Dec 2022 00:50:06 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap7ams1

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 4525 37 B
140 B 51ms
13ms Document
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Sun, 11 Dec 2022 00:50:06 GMT

GET
H2 204 /
onetag-sys.com/usync/ Frame 8E40 0
0 12ms
10ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1670719802501&gdpr=0

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 8919 281 B
554 B 67ms
7ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://i.afly.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 11 Dec 2022 00:50:06 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

csync
sync.adtelligent.com/
Redirect Chain

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=ec35e14d-6c9a-4f84-9461-80bb32e7758f

0
404 B

146ms
145ms

Image
text/plain

62.149.1.122
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=ec35e14d-6c9a-4f84-9461-80bb32e7758f
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Server: 62.149.1.122 Vyshhorod, Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:05 GMT
Server: Adtelligent
Etag: 05f93899ba7b34ea
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=ec35e14d-6c9a-4f84-9461-80bb32e7758f
date: Sun, 11 Dec 2022 00:50:06 GMT
cache-control: no-store no-transform
server: nginx
content-length: 166
content-type: text/html; charset=utf-8

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DD83 43 B
215 B 325ms
325ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=8558ff01-ccd8-c424-4fd8-49546dfbd39d&tv=%7Bc:wrDpXA,pingTime:-10,time:549,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA4LjAuNTM1OS45OCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1670719806282%7C%7Ccbaf78c87771e71c65eff9f8fd360c2f%7C%7C0de43d4db49fea79bddae584752a1e87%7C%7C509a8f0d7c3ef53b5eebde9e8b4b914e%7C%7Cb209d08a54f4bf41fef0b381d90c2be6%7C%7C569dc8b5634c05287e452aeb3d57aa89%7C%7C244b5177d5d00d0aa6b5d9112698dd5e%7C%7Cd6c07f629a82a35301264e9ed091029e%7C%7C1663701684%7D
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame EA7E 0
737 B 8ms
7ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:06 GMT
AN-X-Request-Uuid: 6294b2d3-5125-4e28-9f03-72942734d274
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 14ms
14ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 11 Dec 2022 00:50:05 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 426626
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
397 B 10ms
10ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

372ea248738ac3955c9aa0eb321ffdc4ac1d9c432acc8164efe4938ad608b2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

POST
H/1.1 204
No Content multitracking Show response
ghb.aplhb.adipolo.com/adunit/ 0
221 B 39ms
39ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/adunit/multitracking
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/19337/hbw_release_323303_10647.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://i.afly.pro
Date: Sun, 11 Dec 2022 00:50:05 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
X-Robots-Tag: noindex

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 8919 34 KB
10 KB 9ms
8ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: fa526ee31ee8aa7cdad348b3999171f50a35c811f1b87372b7415d1c8dfab359

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 00:50:06 GMT
Content-Encoding: gzip
Last-Modified: Sat, 10 Dec 2022 22:50:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=79189
Connection: keep-alive
Content-Length: 10065
Expires: Sun, 11 Dec 2022 22:49:55 GMT

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 216 B
620 B 9ms
8ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/464088/hb_323303_10647.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

62147c2af577f601b9e3c46311db74c7d1916a01b123ad0b2baa1c1e09b17fad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://i.afly.pro
date: Sun, 11 Dec 2022 00:50:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 8919 70 B
265 B 112ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 8919
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHVuVHWdOaIqB-GSf8vvbXk&google_cver=1

0
239 B

214ms
213ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHVuVHWdOaIqB-GSf8vvbXk&google_cver=1
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHVuVHWdOaIqB-GSf8vvbXk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8919
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJJTkZNMzktSy03Wkkz&gdpr=0

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJJTkZNMzktSy03Wkkz&gdpr=0

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJJTkZNMzktSy03Wkkz&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 8919
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=xf5Uxe2KSAKbl3WFKlTz4g&rk=usync-na&gdpr=0
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=xf5Uxe2KSAKbl3WFKlTz4g&gdpr=0

43 B
479 B

97ms
96ms

Image
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=xf5Uxe2KSAKbl3WFKlTz4g&gdpr=0

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

HTTP/1.1

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: N5BYAJ9FDVAPDF7M7S82
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=xf5Uxe2KSAKbl3WFKlTz4g&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 8919
Redirect Chain

https://token.rubiconproject.com/token?pid=36584&gdpr=0
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBINFM39-K-7ZI3&gdpr=0

0
704 B

288ms
112ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBINFM39-K-7ZI3&gdpr=0
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 00:50:06 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D676AFA440B0494BAC26CFA310FDBD27 Ref B: FRAEDGE1113 Ref C: 2022-12-11T00:50:06Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvgsSctDnFK7BfzyBuog==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LBINFM39-K-7ZI3&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 8919
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
https://pr-bh.ybp.yahoo.com/sync/rubicon/f2xKLhKw8OuFuxffcmFPzw?csrc=&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-jYeBagxE2oLt0.r26yDEv3TZuk0dcqSLkOQ6Ig--~A

0
239 B

12ms
12ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-jYeBagxE2oLt0.r26yDEv3TZuk0dcqSLkOQ6Ig--~A
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Sun, 11 Dec 2022 00:50:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-jYeBagxE2oLt0.r26yDEv3TZuk0dcqSLkOQ6Ig--~A
content-length: 0

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 8919
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=d0Zr3vXDQ1-77QgJ8p_uTQ&rk=usync-other&gdpr=0
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=d0Zr3vXDQ1-77QgJ8p_uTQ&gdpr=0

43 B
479 B

35ms
34ms

Image
image/gif

52.94.223.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=d0Zr3vXDQ1-77QgJ8p_uTQ&gdpr=0

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

HTTP/1.1

Server

52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 00:50:06 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: CV949PZTX5A0RKRA26M9
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=d0Zr3vXDQ1-77QgJ8p_uTQ&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8919
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NzdmNmU4YzEyY2U0ODQyZTE3NjRhN2M4ZGVjMTRhOGU0ODUxMjNjYw&gdpr=0

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NzdmNmU4YzEyY2U0ODQyZTE3NjRhN2M4ZGVjMTRhOGU0ODUxMjNjYw&gdpr=0

Requested by

Host: i.afly.pro
URL: https://i.afly.pro/LclT

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NzdmNmU4YzEyY2U0ODQyZTE3NjRhN2M4ZGVjMTRhOGU0ODUxMjNjYw&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 session
track.scoota.co/ Frame 98F3 42 B
123 B 30ms
30ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1670719806573&bid_id=3564797000244768956&delivery_id=5c6783d6-5169-4394-8de8-4b00c6f3e264&placement_id=31252&ssp=appnexus_2725&role=desktop&stage=viewable&creative_id=27445&creative_version=6
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cloud-trace-context: f58fe9bf0a5843fd84fcbd2b51d231c3
date: Sun, 11 Dec 2022 00:50:06 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 37ms
20ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DKFVTMTXD5&gtm=2oebu0&_p=912635791&cid=408766954.1670719802&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1670719801&sct=1&seg=0&dl=https%3A%2F%2Fi.afly.pro%2FLclT&dt=Use%20AWS%20S3%20to%20Expand%20Your%20OutSystems%20Cloud%20Storage&en=scroll&epn.percent_scrolled=90&_et=6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DKFVTMTXD5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.afly.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://i.afly.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 98F3 43 B
215 B 163ms
163ms Image
image/gif 2600:1f13:800:7780:e4b9:510d:372e:4d4a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1217620&asId=fc048b4a-6a4e-01d8-5f14-151e167db432&tv=%7Bc:wrDq9g,pingTime:1,time:1276,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:151%7D,%7Bpiv:86,vs:i,t:193%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:1276,o:0,n:193,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:151,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B59~1%5D,as:%5B59~300.250%5D%7D%7D,%7Bsl:i,t:193,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:86,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1083~75%5D,as:%5B1083~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:678,fm:tpFg2AP+111%7C121%7C122%7C123%7C124%7C125%7C126%7C127%7C128%7C129%7C12a%7C12b%7C131%7C14%7C15%7C16%7C17%7C18%7C1911%7C1912%7C1a1%7C1a2%7C1a31%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1i21%7C1i3%7C1j11%7C1j121%7C1j13%7C1k1%7C1k21%7C1k3%7C1l1%7C1l21%7C1l3%7C1m1%7C1m2%7C1m3%7C1n%7C1o1.1217620-66438850%7C1o11%7C1p1*.1217620-66438850%7C1p11%7C1q1%7C1q21%7C1q3%7C1q4%7C1r,idMap:1p1*,rmeas:1,rend:1,renddet:CANVAS.qs,siq:152,sis:235%7D&br=c
Requested by: Host: i.afly.pro
URL: https://i.afly.pro/LclT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:e4b9:510d:372e:4d4a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f580ac08b787511d07acf67a83d1cfbb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:50:07 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 200 track
servt.modoro360.com/ Frame 1121 0
93 B 93ms
93ms Ping
text/plain 34.235.173.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=DE&cos=Windows&r=i.afly.pro&rs=i.afly.pro&sid=62028&t=1670719802&cip=81.95.5.42&sn=&tgt=0&osv=10&bv=108.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=615083ec2eec7c62d8776ba2&test=4&d64=c055608695daa7728828ba607d84974c&d63=c055608695daa7728828ba607d84974c&aafaid=&proto=https&uid=1670719802608-938354041707-007695-012-004366&cha=0.05&stagid=6140a5a747e57404ec5977fe&stplid=60bceb5ae580aa6950275314&d35=&d36=6.2.66&cb=32656759417&d39=&d65=Test1&d66=&apppkg=&d9=1000&d37=realtime&AV_WIDTH=420&AV_HEIGHT=236
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=615083ec2eec7c62d8776ba2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.173.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-173-110.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://i.afly.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 11 Dec 2022 00:50:07 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame EA7E 0
737 B 8ms
7ms Script
text/html 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS