www.kesatu.co Open in urlscan Pro
18.64.141.114 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.kesatu.co/
Submission: On March 24 via manual (March 24th 2023, 9:39:01 am UTC) from KH — Scanned from DE

Summary HTTP 771 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 54 IPs in 12 countries across 57 domains to perform 771 HTTP transactions. The main IP is 18.64.141.114, located in United States and belongs to AMAZON-02, US. The main domain is www.kesatu.co.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 22nd 2023. Valid for: 9 months.

This is the only time www.kesatu.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	18.64.141.114 18.64.141.114	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
33	18.66.147.6 18.66.147.6	16509 (AMAZON-02) (AMAZON-02)
1	2400:52e0:150... 2400:52e0:1500::868:1	200325 (BUNNYCDN) (BUNNYCDN)
27	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
162	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
28	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
63	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2 114	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
4 26	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
17 87	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
6 10	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	185.89.210.20 185.89.210.20	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
10	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4 10	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
6 8	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
4 4	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
4 8	52.48.240.209 52.48.240.209	16509 (AMAZON-02) (AMAZON-02)
36	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
6 6	103.229.206.240 103.229.206.240	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
6	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
5 5	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a02:26f0:480... 2a02:26f0:480:9::210:ee0e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5 5	52.28.63.52 52.28.63.52	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.217.14 104.111.217.14	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	2a05:d018:d29... 2a05:d018:d29:3602:6398:bc78:96b2:ccd4	16509 (AMAZON-02) (AMAZON-02)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2	185.86.138.152 185.86.138.152	201081 (SMARTADSE...) (SMARTADSERVER)
4	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
5 5	3.126.189.98 3.126.189.98	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
5 5	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
9	2600:9000:223... 2600:9000:223f:ae00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:71b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.59.80.27 52.59.80.27	16509 (AMAZON-02) (AMAZON-02)
3 3	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
5 5	213.155.156.181 213.155.156.181	1299 (TWELVE99 ...) (TWELVE99 Arelion)
10	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
25	2600:1f18:1ac... 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a	14618 (AMAZON-AES) (AMAZON-AES)
1 5	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.211.97.32 52.211.97.32	16509 (AMAZON-02) (AMAZON-02)
1	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
2 2	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
2 2	52.212.129.217 52.212.129.217	16509 (AMAZON-02) (AMAZON-02)
3 3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	34.149.12.213 34.149.12.213	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 4	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1	2600:9000:224... 2600:9000:2240:a200:8:455e:4a00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
3 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1	104.74.228.51 104.74.228.51	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:401... 2a00:1450:4017:805::2003	15169 (GOOGLE) (GOOGLE)
771	54

1 18.64.141.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-141-114.mct50.r.cloudfront.net

www.kesatu.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 18.66.147.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-6.fra60.r.cloudfront.net

assets.ayobandung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1500::868:1 (Slovenia)

ASN200325 (BUNNYCDN, SI)

propsid.b-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

162 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

63 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

114 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

87 142.250.186.98 (United States) 17 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.20 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.111.217.42 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.94.180.126 (Amsterdam, Netherlands) 6 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.75.62.37 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.48.240.209 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-240-209.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.229.206.240 (Singapore) 6 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 85.114.159.93 (Bad Durrheim, Germany) 5 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:9::210:ee0e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.28.63.52 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-63-52.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.14 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-14.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3602:6398:bc78:96b2:ccd4 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.152 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.173 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.189.98 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-189-98.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.78 (United Kingdom) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:223f:ae00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.80.27 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-80-27.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.0.66 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.155.156.181 (Sweden) 5 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-181.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.97.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-97-32.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.243 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.24 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.129.217 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-129-217.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.12.213 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 213.12.149.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtbc-eu3.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.252 (London, United Kingdom) 3 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2240:a200:8:455e:4a00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.besafe.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (Castricum, Netherlands) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.74.228.51 (Haarlem, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-74-228-51.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4017:805::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
289	googlesyndication.com 2 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 135	3 MB
196	doubleclick.net 17 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 stats.g.doubleclick.net — Cisco Umbrella Rank: 70 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 319	791 KB
42	adsafeprotected.com 4 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 747 static.adsafeprotected.com — Cisco Umbrella Rank: 575 dt.adsafeprotected.com — Cisco Umbrella Rank: 530	396 KB
42	google.com 4 redirects region1.analytics.google.com — Cisco Umbrella Rank: 4179 adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	8 KB
36	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 283	945 KB
33	ayobandung.com assets.ayobandung.com — Cisco Umbrella Rank: 77235	467 KB
27	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	1 MB
21	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com	230 KB
20	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	21 KB
14	google.de www.google.de — Cisco Umbrella Rank: 6058 adservice.google.de — Cisco Umbrella Rank: 8820	2 KB
10	teads.tv 4 redirects sync.teads.tv — Cisco Umbrella Rank: 1227	2 KB
10	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 27355 ad4m.at — Cisco Umbrella Rank: 9742 assets.ad4m.at — Cisco Umbrella Rank: 36404	384 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 535 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 431	7 KB
9	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	7 KB
8	spotxchange.com 6 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 699	5 KB
7	yahoo.com 7 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 277 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 446	3 KB
6	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 330	2 KB
6	mathtag.com 6 redirects sync.mathtag.com — Cisco Umbrella Rank: 470	5 KB
6	pubmatic.com 5 redirects ads.pubmatic.com — Cisco Umbrella Rank: 475 image6.pubmatic.com — Cisco Umbrella Rank: 731	113 KB
5	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 749 s.tribalfusion.com — Cisco Umbrella Rank: 1837	3 KB
5	de17a.com 5 redirects d5p.de17a.com — Cisco Umbrella Rank: 4619	1 KB
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 297	2 KB
5	w55c.net 5 redirects pm.w55c.net — Cisco Umbrella Rank: 743	4 KB
5	adition.com 5 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1426	3 KB
5	openx.net us-u.openx.net — Cisco Umbrella Rank: 429 rtb.openx.net — Cisco Umbrella Rank: 1455	1 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	5 KB
4	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 766	1 KB
4	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2710	413 B
4	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 483 rtb0.doubleverify.com — Cisco Umbrella Rank: 700 rtbc-eu3.doubleverify.com — Cisco Umbrella Rank: 15795	21 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	256 KB
3	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 352	1 KB
3	travelaudience.com 3 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	894 B
3	ctnsnet.com 3 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 31935	1 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 322	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 520	2 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 794 r.turn.com — Cisco Umbrella Rank: 3277	869 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2151	790 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 549	1 KB
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 588	326 B
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1764	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 611	844 B
2	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 104152 static-de.ad4mat.net — Cisco Umbrella Rank: 133758	4 KB
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 15756	702 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1115	573 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 660	465 B
1	besafe.global cdn.besafe.global — Cisco Umbrella Rank: 17204	37 KB
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1976	173 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 622	191 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 596	338 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 648	729 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 802	761 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 740	716 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 633	98 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 886	598 B
1	b-cdn.net propsid.b-cdn.net — Cisco Umbrella Rank: 87502	6 KB
1	kesatu.co www.kesatu.co	13 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
771	57

	Domain	Requested by
162	pagead2.googlesyndication.com	www.kesatu.co pagead2.googlesyndication.com aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net
114	tpc.googlesyndication.com	2 redirects aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com googleads.g.doubleclick.net www.kesatu.co pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net
87	cm.g.doubleclick.net	17 redirects googleads.g.doubleclick.net www.kesatu.co aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
53	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.kesatu.co aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
36	s0.2mdn.net	www.kesatu.co s0.2mdn.net googleads.g.doubleclick.net
33	assets.ayobandung.com	www.kesatu.co assets.ayobandung.com
28	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net propsid.b-cdn.net aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com googleads.g.doubleclick.net
27	www.googletagservices.com	www.kesatu.co aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com googleads.g.doubleclick.net
26	www.google.com	4 redirects googleads.g.doubleclick.net www.kesatu.co aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com tpc.googlesyndication.com
25	dt.adsafeprotected.com	googleads.g.doubleclick.net www.kesatu.co
20	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
18	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
14	www.gstatic.com	www.kesatu.co googleads.g.doubleclick.net aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
13	aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
12	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
12	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
10	googleads4.g.doubleclick.net	www.kesatu.co
10	sync.teads.tv	4 redirects googleads.g.doubleclick.net www.kesatu.co
9	static.adsafeprotected.com	googleads.g.doubleclick.net fw.adsafeprotected.com
9	fonts.googleapis.com	www.kesatu.co googleads.g.doubleclick.net aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
8	fw.adsafeprotected.com	4 redirects www.kesatu.co
8	sync.search.spotxchange.com	6 redirects googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
6	match.adsrvr.org	googleads.g.doubleclick.net
6	sync.mathtag.com	6 redirects
6	fonts.gstatic.com	fonts.googleapis.com
5	d5p.de17a.com	5 redirects
5	image6.pubmatic.com	5 redirects
5	x.bidswitch.net	5 redirects
5	pm.w55c.net	5 redirects
5	dsp.adfarm1.adition.com	5 redirects
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	onetag-sys.com	3 redirects
4	a.tribalfusion.com	1 redirects aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com googleads.g.doubleclick.net
4	dclk-match.dotomi.com	googleads.g.doubleclick.net aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
4	ad4m.at	as.ad4m.at ad4m.at
4	ups.analytics.yahoo.com	4 redirects
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	region1.analytics.google.com	www.googletagmanager.com
4	www.googletagmanager.com	www.kesatu.co www.googletagmanager.com
3	eb2.3lift.com	3 redirects
3	ads.travelaudience.com	3 redirects
3	gcm.ctnsnet.com	3 redirects
3	rtb.openx.net	googleads.g.doubleclick.net
3	pr-bh.ybp.yahoo.com	3 redirects
3	pixel.rubiconproject.com	3 redirects
2	assets.ad4m.at	as.ad4m.at
2	sync.1rx.io	2 redirects
2	match.360yield.com	2 redirects
2	c1.adform.net	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	cdn.doubleverify.com	aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com cdn.doubleverify.com
2	sync-tm.everesttech.net	2 redirects
2	us-u.openx.net	googleads.g.doubleclick.net
2	www.google.de	www.kesatu.co
1	csi.gstatic.com	securepubads.g.doubleclick.net
1	www.awin1.com	as.ad4m.at
1	sync.targeting.unrulymedia.com	1 redirects
1	cms.quantserve.com	aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
1	cdn.besafe.global	aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
1	rtbc-eu3.doubleverify.com	cdn.doubleverify.com
1	tr.blismedia.com	googleads.g.doubleclick.net
1	r.turn.com	googleads.g.doubleclick.net
1	ad.turn.com	1 redirects
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	pixel-sync.sitescout.com	googleads.g.doubleclick.net
1	beacon.krxd.net	googleads.g.doubleclick.net
1	s.tribalfusion.com	www.kesatu.co
1	d.agkn.com	1 redirects
1	static-de.ad4mat.net	as.ad4m.at
1	p.rfihub.com	1 redirects
1	um.simpli.fi	1 redirects
1	id.rlcdn.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	www.kesatu.co
1	ads.pubmatic.com	propsid.b-cdn.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	propsid.b-cdn.net	www.kesatu.co
1	www.kesatu.co
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
771	81

This site contains links to these domains. Also see Links.

Domain
www.promediateknologi.id

Subject Issuer	Validity	Valid
kesatu.co Amazon RSA 2048 M02	`2023-02-22` - `2023-11-15`	9 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
ayobandung.com Amazon RSA 2048 M02	`2023-02-24` - `2023-08-08`	5 months	crt.sh
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA	`2022-11-07` - `2023-11-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-02-11` - `2023-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-01` - `2023-05-08`	2 months	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-02-26`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-02-12` - `2023-05-13`	3 months	crt.sh
cdn.besafe.global Amazon RSA 2048 M01	`2023-02-23` - `2023-06-24`	4 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh

This page contains 113 frames:

Primary Page: https://www.kesatu.co/
Frame ID: 00149584DFA9901C843E87307BB5AD4E
Requests: 111 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html
Frame ID: D1531E260F08BD67C6A1AAB40DD62C95
Requests: 1 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6055B5C97B58A8AD9FFFAB1ADF994B0D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3025194257&lmt=1679650727&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x945_l%7C236x945_r&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650726874&bpp=7&bdt=339&idt=378&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1237036045569&frm=20&pv=2&ga_vid=1326326062.1679650727&ga_sid=1679650727&ga_hid=696086722&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C44777877%2C31071755%2C31073358&oid=2&pvsid=2123521736962133&tmod=1052888199&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=411
Frame ID: DEAB72FA46C38AA0F0C87C17776BCEF3
Requests: 1 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D2BEECF59609AE531540BC4ED0F052EE
Requests: 14 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4E52D4B504E52795128FF74744F0CA40
Requests: 15 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AC1B352F1FBA43C628856E541AD27D5C
Requests: 14 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C26136AAF8A0DA6A372528BE21A16A15
Requests: 14 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3144BAF5AA91116A741C686AA46486E0
Requests: 14 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AB5A5882D42D8B39CBF363385D5F1DCC
Requests: 13 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4606D8B68641B7FBEA6C090E62C50018
Requests: 13 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: ECF995B6871133731A10065AF2FB2824
Requests: 13 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 179E3557B77549E99752D4951A71A4D3
Requests: 13 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2E2C91DF7AF3B01AB24D663AD83B7807
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755398&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727621&bpp=5&bdt=183&idt=280&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&nras=1&correlator=2993714645179&frm=24&ife=3&pv=2&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.civm7hxajuvm&fsb=1&dtd=301
Frame ID: 3014B8C6D47AD2A45C90E34C50CD6E60
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333
Frame ID: 217910F01916701DD4CC75C78E035EA5
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755401&plat=1%3A66048%2C2%3A66048%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727690&bpp=3&bdt=245&idt=280&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=2&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.zedzab6lgids&fsb=1&dtd=322
Frame ID: A056209664317E78F7621107A431E4D0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755402&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727721&bpp=4&bdt=254&idt=329&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&nras=1&correlator=3475047514032&frm=24&ife=3&pv=2&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7o7k8v414916&fsb=1&dtd=348
Frame ID: 4074DCFC585D2F9A4F32161960EF95D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755405&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727746&bpp=4&bdt=273&idt=336&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&nras=1&correlator=753749785312&frm=24&ife=3&pv=2&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.a1h9fbk199cw&fsb=1&dtd=352
Frame ID: 9D7BE7B96226B6B903D29541D605A2BF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Frame ID: FA465C3139DDEEC38DF38442B60A62DC
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755404&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727764&bpp=5&bdt=286&idt=389&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&nras=1&correlator=8107698232765&frm=24&ife=3&pv=2&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.5ds02ds2l8h2&fsb=1&dtd=408
Frame ID: C0BAB295375A77B54D9F1834944F1DA6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454
Frame ID: D81FDDA871718568955940A7F970F58A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Frame ID: 2779143E801CE5DBD5822CBF06D8A433
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755403&plat=1%3A66048%2C2%3A66048%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727804&bpp=3&bdt=344&idt=397&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&nras=1&correlator=8038977611362&frm=24&ife=3&pv=2&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.cjz7ozxlsovn&fsb=1&dtd=416
Frame ID: 1A7B2BAA41783F30DDEAB5663D11E9A6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755400&plat=1%3A66048%2C2%3A66048%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727828&bpp=4&bdt=373&idt=406&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&nras=1&correlator=332749602947&frm=24&ife=3&pv=2&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qpbxe6aa0wj&fsb=1&dtd=430
Frame ID: EE52CD4F435BFAF93AC8815A0BF60DB6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417941&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727785&bpp=3&bdt=302&idt=488&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&nras=1&correlator=3584592226481&frm=24&ife=3&pv=2&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.8d844kr81020&fsb=1&dtd=507
Frame ID: 373E8BC69C38C7F3E433FC463D54DC32
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Frame ID: BAAEBAC27B877BFA4849BAFF2C5034D9
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546
Frame ID: D934E11DF5DD01BF31263CEAA0218546
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Frame ID: B0B88C4E73F1D9A47499C98553328E13
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=280&slotname=6032460967&adk=4050463280&adf=776186313&pi=t.ma~as.6032460967&w=336&fwrn=16&format=336x280&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727788&bpp=2&bdt=304&idt=575&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3584592226481&frm=24&ife=3&pv=1&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.vibzbo7sttq&fsb=1&dtd=579
Frame ID: 593F251F8FB799E4F24DFA9DF270A03C
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417942&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727861&bpp=5&bdt=370&idt=550&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&nras=1&correlator=8289227754072&frm=24&ife=3&pv=2&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mxbj6c68owxe&fsb=1&dtd=570
Frame ID: 221F9C6EF4180694F41F085291D4B78A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417943&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727885&bpp=5&bdt=385&idt=563&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&nras=1&correlator=2011364098162&frm=24&ife=3&pv=2&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.anj3as23i569&fsb=1&dtd=583
Frame ID: 8CBBA3ABF932D603E8984FB3B124112E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652
Frame ID: 8260F2D03537B1A601F2334979D40509
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&format=468x60&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727890&bpp=1&bdt=390&idt=640&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2011364098162&frm=24&ife=3&pv=1&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.rgliiog0vwvd&fsb=1&dtd=644
Frame ID: AB635772E8F44472B436504EF215BB11
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: 48C0875E8CCF63367A04F9B818822E2E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: E40C5A16303CE2792837DAD6B28C1E4F
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: AD24F1BA96238D425657B7FF6D7D7044
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4D4CF49DC8344984400C81783553FB93
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYta2j3wEwAQ&v=APEucNUsmr279XdX2EZse8ve9D4QLtjZDjL3LTx7B00MMxDIGJWrCE1-HBIJVpRHzaLtDFfbprU_e1pxOMfoO10lg51Tzx5qODXdirobp0KamJqtbNAROGSaSWoYwsSOFKkNGvZP3iG1QO3qEWFPvYeoFaQ3BuRsMEEzC-nlHzrtq_YL3H2VMio
Frame ID: 31E6958AE42F8616DCA259C6A40146F9
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz6yj3wEwAQ&v=APEucNV2vJdzXG0DrWMVDNhc7wtlj4OueiuxcPCIXbWG-voJSDAoHKeveOWM21sxLWXM7sBvmFOu3xk8Na6b03TWUoVNa8wzpuHTgN0heHxRdsWrw0Yp3EDQA4eoeS1ma6zf5lTXvHvIqOjrY9gnb3c9GtrxTkTDdpnE7XoA7buZBPLg5gimNwk
Frame ID: 54FC82A37F178E4C3F1771FA090C5489
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYwpC-4gEwAQ&v=APEucNXvwzI-TXPbkOxSzt64ke5nX-idJPkDqNLAnvQhC26Q8-PlEVgfo131UZWq1Y7RIGcq7nfAeuJ1cO-XqLz5MP6yZmcIIghGOoR1QDhYtvNboHUogzBusoblccIvm4mciQA3IQcvNcs1xjJNl2I4Ew8nydsHmeb42O10vo9VzcpWdm1iTn4
Frame ID: 48FC78D9B9C4AE3F80B6D081D029690C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3K1_gCEKzp0s8DGIOLhuEBMAE&v=APEucNWn4C39RI1beIc1aWcqx1cPqTQdNTmyNgARQNykMwmZXdif185kyyzsMDyL3JDredH228SfxlOIfeNS97P3Vb70i_vkzSQIe-gXI2yenglAOKDEiUx-nnPPN51lcC3TCQrHvrHnFzhU9Ds3xXivEG8E-BU003txbxtABGo2fAFpgxKkcTo
Frame ID: 861C950072B8D557C4634876A9FD7B9D
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGI_29uABMAE&v=APEucNUpynTTR9NollCajS9P27xH02al9tYaYoHQb37SyTUS9N_uByhGryWqs7yQm5vgKnZnXOfpeznj9u2HoGtYrMrxVI-k41iG5Qb1rvkujiFrmzCCzPq_BkAUBiQ9c7EsK_4eDP1zkq83lcizMkEceDezYD1sWb9n_BeTeBnQxCZXBpColIE
Frame ID: B0BEDFD200F5E5B86D903993203FC217
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CMRVWqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS8AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D3792hI1jHa_l163H-1op2gANf3NhF34JU-lzXwIqulnCPrjVH6LGCugAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi04NDAwMzA3MzA3NzAxNjUwGAA&sigh=AhzxOknjccs&uach_m=[UACH]&cid=CAQSKQDUE5ym7Xz7dXQQyr_75hKGfxc5--ZzPgJK7HaI5BesoOpUiEBHm1iEGAE
Frame ID: C8517E3E161C1AC196959B8A748FD93C
Requests: 7 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1k6fpk73kj5v8ksta3h514zn1rb9wf3r7vvmpe3726yvqbjs411r24vxmwx8fan88kym4hs7ty1q5m9nfapqnm662b5630z9144hyq8cr0a1x8p7hg27kjwpktk5nxm75y6rbxkpx7gej9eqqgb5a63g9vyn8c9pp2355k00g8f2dw9fs9ajk9cs45desmqqgc0bj0j9cvbzs2ddx8cvfqepp70sfm46xrexgnkf7smdnraczzjj9q5xbqx1prea9df57tgxkxp9p0xvbr8q2wmmxy7va35n1v7pw024p40s2zrcr7z74kpzf66mdgs336zgwcpb5yy8aa37cc6axtrx5qh7538p5r110tsxr5r938nav4744he4qa7yg46j3qxr7eyr1ysrgja0rwjbqtd8ejpnqwaqhcvvdyqzhtsz9442fa088222gsbhkthpmsef7bkc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%26client%3Dca-pub-8400307307701650%26adurl%3D
Frame ID: 410603C1D56ACB32B444AA07F82CE7B0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 09568C6EB1C42BFEA49D679D4B9069C7
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 27444DB337E3B087D291604CD6B608FD
Requests: 9 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 824334A45A475D0EF5B1218D00567515
Requests: 5 HTTP requests in this frame

Frame: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E0C0EE19DAE162E9D81E52F5921E8E27
Requests: 20 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: F459A67198F31E04DF31A82CF655D457
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C5233D7A032A3533840F3515E358C369
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CAE83210011544628BE1C484DF7D8339
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 738BC8AD03606DCEB60540F998AA646B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B418D8F741C035275CFCE2EB78972A6C
Requests: 9 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: A043286FA39F12EE233B8969FC0FCA4E
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGIHsmeIBMAE&v=APEucNVqN64mYBGgmajhiFlwkAqi9j_yqygwkY_FnBFxKuKkFYP8W8T_f9cBDPnzG-A5b_Ope2q74Qt3MJ9p5DGdWecJULkO0UPAr3ksq9WyQystPup9yf8eFudtTavbiKff5Kz5UMDRliGDuTCC5sEsbTPOLacw5szlZStKFsB3bwpaPmnCMAI
Frame ID: 98CCF34568422D341E834C3BE6CB1457
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 02C4543097C1B176EA7A0B36743A9936
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CD2D960564351C3AC28CDD5C61645852
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: BE42F176C67C22C20D402935EE8D657F
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6F968AD26FD61373B8BBEB5AA4497331
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: 906644A2A2893A59297303EA68EE1E8A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: 5774902E8DBDFF02881EE09012838C12
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 69FE856DE8747C208DCE1B3FF06C3320
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
Frame ID: 1B871F4A4AC90C38ED56443B530C3769
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: 87D62B2D4CA0EBFA3E70B09F2D934CC1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: 96D3A318B005A9EC4BA232D28C3E6F29
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 8C7FA15FAA172944D2A322A997599207
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
Frame ID: 60D375D673514AD45A61531F61656C45
Requests: 10 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 8F0676275084A2E4D41E3D5EA2CD8411
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: 9C77CB4473B5C4CB3C69D4B9C7A3C086
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: DE8FA8BDE391273DAA42964321601EB7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 79BDB1A60A08CBA6A5654754ADA4D7CE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C456ADFE27754D652A52578C2AEE0E9F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: 5726E76B865DBC6C1A82FD564CB3A9EB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js
Frame ID: E4CA80F3A77557888FECDFE1F2207700
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: ECFC7BA20C725D5CCFDE32D95E478665
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html
Frame ID: F3FC4DA434FA1FFD74D8021E7BB4D0D0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D8DBD16FA766EB335BC29DE43A29D8C6
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/803527930041460798/index.html
Frame ID: 396A58571D449206BF235AD14A55519E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AF909F8EB7113CC50F4FE35BE13657CA
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 655055FEA575206FBFE78E7C6316AADB
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10479788987402403556/index.html
Frame ID: A5679720479EE8DFA3A324BE18B159DD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 03C54536F1B0F5A893505F860FE990F8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C48F85C5D3B3E21C53D61714EAB4516E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 77B81E021B991703925AA80CF6E376BA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B089BB618F18C59AF79573526AD2AFFB
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: F24E075110E586DEEF77A5E5DEBB188D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 034C5A740A66004045D2C42EDAF0F588
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 38D0695F91CE358B7946F8AE2048470B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4E9F75B41DE5B1DDF6E53564D2FCC966
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 28FD8843CF798F2C200CF1DCCC6405D5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 64B51595AA34D69635F9EE1141986673
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E054D32A30514871620398A4652F24EB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7A8FA79B8AAAA123A8552FFB167DC983
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 808CAE439E977247324B4D4028027B40
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C65385D882FC4F495FDA44E854222133
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FF98D88DD75E5B22D93814025C260010
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B39BCC30CB5F34A487E6115A4598D48B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 31F8920B72A797F87609BCE9A9F78428
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 94540D62E23927B374288DDD49116756
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0
Frame ID: 469FC323A88ED5DD5D60367CA69A148B
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 36123964D6CA54963D92BBCDE32F1550
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 07A4576F07D810237C99B1A345E93A31
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8D4691535EC77E40C0B7ED2806AB23BC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F2377DC376E4D0C35EBC6ABAA688BA45
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6E1CC61346F2241650AD37054F205726
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6C4AC3AC29CAF10BB960876A7D4F205E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9D9789077C96345F6C69DFFF8B8D0839
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4F0DB3D4AEBB3876C31ED930203F4D54
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EF4D65079238E8FD293B336F133C846E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1D97E43DB5071D9EF7ADAF88FC81A7E5
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 568211F24A10831769118EA7344D4D72
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0899127FA4B12217E50BE77B4968F871
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kesatu

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

771
Requests

89 %
HTTPS

45 %
IPv6

57
Domains

81
Subdomains

54
IPs

12
Countries

8415 kB
Transfer

22803 kB
Size

82
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.promediateknologi.id/
Title: ProMedia Teknologi

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 275

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 281

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

Request Chain 282

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

Request Chain 283

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1

Request Chain 284

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

Request Chain 314

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

Request Chain 315

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1

Request Chain 316

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy

Request Chain 331

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 332

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOTSI5ogndTA7nvid6nknL8&google_cver=1

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDHuAh_HS6aShtuoqyNAfPE&google_cver=1

Request Chain 346

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83babf-ca27-11ed-8be1-192cb16e0406

Request Chain 347

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=ae8386bf-ca27-11ed-b4b1-1afcdea00306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2

Request Chain 348

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B

Request Chain 353

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83a0f8-ca27-11ed-a369-186cd56e0106

Request Chain 354

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=ae8390a6-ca27-11ed-8b38-194044dd0206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2

Request Chain 355

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B

Request Chain 395

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvLvSAgCCJ8IXgY4OWDyBBwfPLwgG_tzl9zk7btGMH-7tFkcKIxJXYw1-ljYvqEk-2RBfrndt0ZIfjQLfTaOqjzN0tH13va9dqY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvLvSAgCCJ8IXgY4OWDyBBwfPLwgG_tzl9zk7btGMH-7tFkcKIxJXYw1-ljYvqEk-2RBfrndt0ZIfjQLfTaOqjzN0tH13va9dqY

Request Chain 396

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_cver=1&google_push=Aer7DvIyGgHLKwMGJnmb6hcJ96uJXsJEOYFPzyEXFZBJDEK6UO2_auDB3TW4CtB9AApMwPuQBTlwowrxffRfG9f2htxOGZgJQLO45Z0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_push=Aer7DvIyGgHLKwMGJnmb6hcJ96uJXsJEOYFPzyEXFZBJDEK6UO2_auDB3TW4CtB9AApMwPuQBTlwowrxffRfG9f2htxOGZgJQLO45Z0

Request Chain 399

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvKHFcyz5azmsnqM9Y0l5hOW48Qu3BKwKs6qIWtZsvLM6IC2qzzMOnlux5EWpAwl136UksuRsCYBEc6kLtAOayukgRt4XbIvfA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvKHFcyz5azmsnqM9Y0l5hOW48Qu3BKwKs6qIWtZsvLM6IC2qzzMOnlux5EWpAwl136UksuRsCYBEc6kLtAOayukgRt4XbIvfA

Request Chain 400

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEKK9_U06XKWEO4r-g9VDB4&google_cver=1&google_push=Aer7DvKxmicgSOGrIqGKfMMYTU9sKsFKiT0obQJiiv1c_NYIjL-nkjp_iEhdWGjUdXMvoYdMunL0EXyN_cg1vqiYWNsnHG9dSrSpeeU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09ETzMtVC01Nlgx&google_push=Aer7DvKxmicgSOGrIqGKfMMYTU9sKsFKiT0obQJiiv1c_NYIjL-nkjp_iEhdWGjUdXMvoYdMunL0EXyN_cg1vqiYWNsnHG9dSrSpeeU

Request Chain 449

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIL69qGVJPlGQzjpPpyJWi7w-PrS0GmpweLgx6BBB14a16fszPgl25g8tK3puuN5ZJjB1tjSfWlnA3huuYut7Gi5C0PuaKCj9U HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIL69qGVJPlGQzjpPpyJWi7w-PrS0GmpweLgx6BBB14a16fszPgl25g8tK3puuN5ZJjB1tjSfWlnA3huuYut7Gi5C0PuaKCj9U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIL69qGVJPlGQzjpPpyJWi7w-PrS0GmpweLgx6BBB14a16fszPgl25g8tK3puuN5ZJjB1tjSfWlnA3huuYut7Gi5C0PuaKCj9U

Request Chain 450

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvJwH4s0dEpPA6ljgea2TbFRSkmSm2CKHLVWYUS_1PU2Ib67vz6TpCt89AKOmFo7rgDyD84PMacWWx52SnOwKoOrIKGodQdBWA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvJwH4s0dEpPA6ljgea2TbFRSkmSm2CKHLVWYUS_1PU2Ib67vz6TpCt89AKOmFo7rgDyD84PMacWWx52SnOwKoOrIKGodQdBWA

Request Chain 452

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAer7DvKLHQnA0PHVhxjv8m8_xsXBev_pWz3u0RFcEA5H_YF_o8bvRVT0urTuAWCQEb010M09jH96E3_WFGGHt7o0B9ck5VBhXfW4lPE&google_gid=CAESELIwR95Vu6R0DEnlh0ebljQ&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAer7DvKLHQnA0PHVhxjv8m8_xsXBev_pWz3u0RFcEA5H_YF_o8bvRVT0urTuAWCQEb010M09jH96E3_WFGGHt7o0B9ck5VBhXfW4lPE&google_gid=CAESELIwR95Vu6R0DEnlh0ebljQ&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzAzMjQwOTM4NTAwMDAxMzc4NDA2MjY5OA%3D%3D&google_push=Aer7DvKLHQnA0PHVhxjv8m8_xsXBev_pWz3u0RFcEA5H_YF_o8bvRVT0urTuAWCQEb010M09jH96E3_WFGGHt7o0B9ck5VBhXfW4lPE

Request Chain 453

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAb8Q9KwLrbMjKGi3LXg0rs&google_cver=1&google_push=Aer7DvJvqUaSYf8m46DDQeFzChbvHB-PYzC4UbLmACvV1iv79_CF05HZAIkPIXmQ4Ih13MIsNIjdOED8Pk79NX-TAzudvtbB2OtuXew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJvqUaSYf8m46DDQeFzChbvHB-PYzC4UbLmACvV1iv79_CF05HZAIkPIXmQ4Ih13MIsNIjdOED8Pk79NX-TAzudvtbB2OtuXew&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B

Request Chain 455

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&google_cver=1&google_push=Aer7DvKX5c2_u4KpTS-oXfRKw5JE3Z_BtJv657v1RvM6ScU1FyJODdJRMaG--PHxxLqN4CgO6ngiLpNwQMTjqi5v78aeoRVn5PkIaogz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvKX5c2_u4KpTS-oXfRKw5JE3Z_BtJv657v1RvM6ScU1FyJODdJRMaG--PHxxLqN4CgO6ngiLpNwQMTjqi5v78aeoRVn5PkIaogz HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 458

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEGchAj6bO3q7-HFCceM6548&google_cver=1

Request Chain 464

https://um.simpli.fi/gp_match?google_gid=CAESEKt-mVyXw95TgGI1jhVORiA&google_cver=1&google_push=Aer7DvIS7OCo2TGCkDqZCqK2Ha-hOjZikzlxBm8fGlsoud5kBP4r_ssDYZuOfazgTheh6sOT5PiMVo9YGHMJZexR8a2KCfE6raa6ViQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38E4F25D1E4F41F687FB0B297861641C&google_push=Aer7DvIS7OCo2TGCkDqZCqK2Ha-hOjZikzlxBm8fGlsoud5kBP4r_ssDYZuOfazgTheh6sOT5PiMVo9YGHMJZexR8a2KCfE6raa6ViQ

Request Chain 466

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAyDDerd7e_nZqGZJF-13ZU&google_cver=1&google_push=Aer7DvLYzD0g1iiOxN-Dlz5fJz3prNOjte2BMVMmN4owDxZCTzx6mjKec9NHRJxShYricIkSl09rlK1bpD8G1BQdnnV0441qou0zOFI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLYzD0g1iiOxN-Dlz5fJz3prNOjte2BMVMmN4owDxZCTzx6mjKec9NHRJxShYricIkSl09rlK1bpD8G1BQdnnV0441qou0zOFI&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

Request Chain 467

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R6qLddSAnng HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R6qLddSAnng HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=5124322325586237356&expires=30&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R6qLddSAnng&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

Request Chain 468

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPjU0qZkbwRF4rofw38MQ8s&google_cver=1&google_push=Aer7DvJPOLpxkGOZyNDK3IfJJY1nX9CF82eRRwnZqvdIQkG44OkxBK62kDeDqq_ldV8yeufnMyYYyk1Tl1YI3dGBiPApSPaNEAwUogY HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPjU0qZkbwRF4rofw38MQ8s&google_cver=1&google_push=Aer7DvJPOLpxkGOZyNDK3IfJJY1nX9CF82eRRwnZqvdIQkG44OkxBK62kDeDqq_ldV8yeufnMyYYyk1Tl1YI3dGBiPApSPaNEAwUogY&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJPOLpxkGOZyNDK3IfJJY1nX9CF82eRRwnZqvdIQkG44OkxBK62kDeDqq_ldV8yeufnMyYYyk1Tl1YI3dGBiPApSPaNEAwUogY

Request Chain 469

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&google_cver=1&google_push=Aer7DvKQw8VEB8cRj4rYLpabV8go6MkFdDmHrD-uf4LwDeJcb-uv5QSfNAta88bnCMBATSJBvtLwcafSsdB2LdIkEhVgl5Zc19phtvNo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvKQw8VEB8cRj4rYLpabV8go6MkFdDmHrD-uf4LwDeJcb-uv5QSfNAta88bnCMBATSJBvtLwcafSsdB2LdIkEhVgl5Zc19phtvNo HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 473

https://fw.adsafeprotected.com/rfw/st/1333404/69076802/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16627720464&bidurl=https://www.kesatu.co/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jwDo3fVItVVnZVfspCzPCl&adContainerId=brand_safety_qW8dZOKsBuKt9u8P8-i84AE&cbFunctionName=goog_wrapCb_qW8dZOKsBuKt9u8P8-i84AE&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.kesatu.co&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Faa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8400307307701650%26output%3Dhtml%26h%3D600%26slotname%3D6242831060%26adk%3D2345376669%26adf%3D3173046728%26pi%3Dt.ma~as.6242831060%26w%3D300%26fwrn%3D16%26format%3D300x600%26url%3Dhttps%253A%252F%252Fwww.kesatu.co%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1679650727693%26bpp%3D1%26bdt%3D247%26idt%3D411%26shv%3Dr20230322%26mjsv%3Dm202303210101%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D1961097550752%26rume%3D1%26frm%3D24%26ife%3D3%26pv%3D1%26ga_vid%3D381394354.1679650728%26ga_sid%3D1679650728%26ga_hid%3D1705104071%26ga_fc%3D0%26nhd%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D300%26ish%3D600%26ifk%3D1638650951%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759875%252C44759926%252C44759837%252C44777877%252C31073262%252C31073335%252C44786559%252C31071264%252C31061691%252C31061693%26oid%3D2%26pvsid%3D2349057996052770%26tmod%3D1707720922%26uas%3D0%26nvt%3D1%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C300%252C600%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.3t0tqin4w8mi%26fsb%3D1%26dtd%3D416&adsafe_type=d&adsafe_jsinfo=,id:b451a4c2-b371-a991-1dcb-74f5825978db,c:7LOP4p,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-9v2r8,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152*.1333404-69076802%7C1521%7C161%7C1621%7C171%7C1721%7C181%7C1821%7C1822%7C1823%7C191%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1c1%7C1c211%7C1c212%7C1d1%7C1d21%7C1d22%7C1e1%7C1f%7C1g%7C1h1%7C1h2%7C1i1%7C1j1,idMap:152*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:34,oid:ae6408b1-ca27-11ed-8700-6669e20e8d0a,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

Request Chain 485

https://d.agkn.com/pixel/2175/?google_gid=CAESEFxEBma1gDDqi1T7F8yZ2OE&google_cver=1&google_push=Aa02lx92xF65PyLW5gUVskAO8FlMJjuHn55RXm83eW3W-1Dia8e0Tvkdrz33wbSmr3HtZAdvKy6eFr6fztUa63tFWIE-BhTNKYwslw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=Aa02lx92xF65PyLW5gUVskAO8FlMJjuHn55RXm83eW3W-1Dia8e0Tvkdrz33wbSmr3HtZAdvKy6eFr6fztUa63tFWIE-BhTNKYwslw&google_hm=Q0FFU0VGeEVCbWExZ0REcWkxVDdGOHlaMk9F

Request Chain 486

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDv9JrCLTN9zoqXivAsMNE&google_cver=1&google_push=Aa02lx9MAJGgl5kx7oaYzloFxLz0tzhFDW4z1Aw-hjb9_yYgv6R7P-JDmWPy58PL3kceCLps9ePtq7AcUulXxumZ65Xp-nq1YDkE8g HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aa02lx9MAJGgl5kx7oaYzloFxLz0tzhFDW4z1Aw-hjb9_yYgv6R7P-JDmWPy58PL3kceCLps9ePtq7AcUulXxumZ65Xp-nq1YDkE8g

Request Chain 487

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAb8Q9KwLrbMjKGi3LXg0rs&google_cver=1&google_push=Aa02lx9EiTYSqDR2ZswmniTa49xXdo0lA4uYqKLCBDRXFdHkFhsFuuH9F0wl9IJ7SsNQHbQkcExIUFqbn7QCkPZZM0TuQf7erjqR8Eo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9EiTYSqDR2ZswmniTa49xXdo0lA4uYqKLCBDRXFdHkFhsFuuH9F0wl9IJ7SsNQHbQkcExIUFqbn7QCkPZZM0TuQf7erjqR8Eo&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B

Request Chain 488

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3uJFVEzoho HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3uJFVEzoho HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3uJFVEzoho

Request Chain 489

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_cver=1&google_push=Aa02lx9bw8aTMvUJHv8rPx3IeridI2taNqwq8_qYAk3LMlB6PVmoOkDpkOKOcg510KRMvpMLLnpI8aJY2rZR6vfb3rcwf3S_xc4i308 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aa02lx9bw8aTMvUJHv8rPx3IeridI2taNqwq8_qYAk3LMlB6PVmoOkDpkOKOcg510KRMvpMLLnpI8aJY2rZR6vfb3rcwf3S_xc4i308

Request Chain 490

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&google_cver=1&google_push=Aa02lx8FYnDbrjttGDVOUM88WltS6K8FfwMISgXd_9JTyvQHvHt_vcyG6VHoYHogqo07b87gPPaEGJyE9iV5xrK4s5xY6aUYggJQyQpO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx8FYnDbrjttGDVOUM88WltS6K8FfwMISgXd_9JTyvQHvHt_vcyG6VHoYHogqo07b87gPPaEGJyE9iV5xrK4s5xY6aUYggJQyQpO HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 493

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 495

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 514

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvK5PG0DDseFyH-p9XSR9HhlyEGrEuWhNKYx9LxhYqDoZdNag4IhHrL0gR8HKuV7FNh5RW26gPJ7niAZhrt3NkTjCphlHIFC2Rg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvK5PG0DDseFyH-p9XSR9HhlyEGrEuWhNKYx9LxhYqDoZdNag4IhHrL0gR8HKuV7FNh5RW26gPJ7niAZhrt3NkTjCphlHIFC2Rg

Request Chain 515

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 516

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvLl-OUrW_H-XXyDXXnyMxkZzyq41r-5iIAR8eDzAE6JzOjG98OzzbH2u7z3-5iU8piKCTehKjEq_GothV-4zECKvmJmelst3eE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLl-OUrW_H-XXyDXXnyMxkZzyq41r-5iIAR8eDzAE6JzOjG98OzzbH2u7z3-5iU8piKCTehKjEq_GothV-4zECKvmJmelst3eE

Request Chain 517

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDv9JrCLTN9zoqXivAsMNE&google_cver=1&google_push=Aer7DvJttvtC53tFXvYMtRJq5labTeKQvWZubzYn5bV6N5lvdQIJXLeoFCoGVpLZwbR5ES8FKG8DsRMS7MaZGe1HKNwIgNlsrNPTPGY HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJttvtC53tFXvYMtRJq5labTeKQvWZubzYn5bV6N5lvdQIJXLeoFCoGVpLZwbR5ES8FKG8DsRMS7MaZGe1HKNwIgNlsrNPTPGY

Request Chain 518

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aer7DvI_f77ZM3OYEnYIY_O2XSiZZ2oTwiMtwFgJSMZGGDgE5NFer2Zr1ZQSq-qeVOkO6iJAFJQkyHh8EVsvZmhIg6vEE9JiuCGTDAU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvI_f77ZM3OYEnYIY_O2XSiZZ2oTwiMtwFgJSMZGGDgE5NFer2Zr1ZQSq-qeVOkO6iJAFJQkyHh8EVsvZmhIg6vEE9JiuCGTDAU

Request Chain 524

https://fw.adsafeprotected.com/rfw/st/1333404/69076800/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16627720464&bidurl=https://www.kesatu.co/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hwb7J3u9Wnhb7q5rtaPnWM&adContainerId=brand_safety_qW8dZNbmGMLw7gOm0riYDw&cbFunctionName=goog_wrapCb_qW8dZNbmGMLw7gOm0riYDw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.kesatu.co&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Faa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8400307307701650%26output%3Dhtml%26h%3D250%26slotname%3D9060566096%26adk%3D3807635426%26adf%3D3173046724%26pi%3Dt.ma~as.9060566096%26w%3D300%26fwrn%3D16%26format%3D300x250%26url%3Dhttps%253A%252F%252Fwww.kesatu.co%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1679650727750%26bpp%3D2%26bdt%3D277%26idt%3D436%26shv%3Dr20230322%26mjsv%3Dm202303220101%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D753749785312%26frm%3D24%26ife%3D3%26pv%3D1%26ga_vid%3D1932068318.1679650728%26ga_sid%3D1679650728%26ga_hid%3D1405421900%26ga_fc%3D0%26nhd%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D300%26ish%3D250%26ifk%3D1638648813%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759927%252C44777876%252C44759837%252C44759876%252C31073105%252C31073358%252C44786631%252C31071264%26oid%3D2%26pvsid%3D1182820626309950%26tmod%3D29292195%26uas%3D0%26nvt%3D1%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C300%252C250%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.da1h8f3azqx2%26fsb%3D1%26dtd%3D440&adsafe_type=d&adsafe_jsinfo=,id:1ac97e93-c9cd-dcda-a5e7-06c9907ef04d,c:7LOP9f,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-m9ckr,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tzpFi87+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192*.1333404-69076800%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:192*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:35,oid:ae9cf36a-ca27-11ed-a9dd-565b4342c75d,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

Request Chain 527

https://fw.adsafeprotected.com/rfw/st/1333404/69809932/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16640277530&bidurl=https://www.kesatu.co/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hFbNHWvxFREVfxJsEo4hMd&adContainerId=brand_safety_qW8dZOiOG7rgx_AP3YS8qAE&cbFunctionName=goog_wrapCb_qW8dZOiOG7rgx_AP3YS8qAE&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_320x100.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.kesatu.co&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Faa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8400307307701650%26output%3Dhtml%26h%3D100%26slotname%3D3597869317%26adk%3D1751641075%26adf%3D3173046723%26pi%3Dt.ma~as.3597869317%26w%3D320%26fwrn%3D16%26format%3D320x100%26url%3Dhttps%253A%252F%252Fwww.kesatu.co%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1679650727769%26bpp%3D2%26bdt%3D291%26idt%3D557%26shv%3Dr20230322%26mjsv%3Dm202303200101%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D8107698232765%26frm%3D24%26ife%3D3%26pv%3D1%26ga_vid%3D1997612131.1679650728%26ga_sid%3D1679650728%26ga_hid%3D213304324%26ga_fc%3D0%26nhd%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D320%26ish%3D100%26ifk%3D1640673469%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44777876%252C44759876%252C44759927%252C44759837%252C31071755%252C31073262%252C31073271%252C44787455%252C31071264%26oid%3D2%26pvsid%3D2106088535107919%26tmod%3D702908790%26uas%3D0%26nvt%3D1%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C320%252C100%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.e5rvhv8bfako%26fsb%3D1%26dtd%3D562&adsafe_type=d&adsafe_jsinfo=,id:98d03fd7-6b5d-bd01-3e63-487ce7b9676a,c:7LOPag,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-gxk8p,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tzpFi9g+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C1921%7C1922%7C1a1%7C1a2*.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:1a2*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:27,oid:ae9f648f-ca27-11ed-8856-fa7e835411dd,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

Request Chain 535

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 570

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvKWzOA7vAPBGrEtzh3WSjzLEkMMYGXXhH7QugzyGEySCEAKWrnp7LrZzzUM3hqg854nJq5DeLk7kyN154izOJcN-107YniFEA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKWzOA7vAPBGrEtzh3WSjzLEkMMYGXXhH7QugzyGEySCEAKWrnp7LrZzzUM3hqg854nJq5DeLk7kyN154izOJcN-107YniFEA

Request Chain 572

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAyDDerd7e_nZqGZJF-13ZU&google_cver=1&google_push=Aer7DvIDWsu8q8ZwfT8Vwk-hSmgCRvzOOwunIhIJN-9jwuWC4g8AJEui3ZdbZLem3m1Xjky4uAY-7kuKNT_hxEpwGSdKx_IILdMGIg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvIDWsu8q8ZwfT8Vwk-hSmgCRvzOOwunIhIJN-9jwuWC4g8AJEui3ZdbZLem3m1Xjky4uAY-7kuKNT_hxEpwGSdKx_IILdMGIg&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

Request Chain 573

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aer7DvLL7JeNtYhc0kcHCk0bbDqFHfmcCwjA0mjTmOwJnX8LbvdWf1E6z-e1XY1_HFJqypUDrtdl_sDHBOypCxtWrZagmnXtZ7wYyg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvLL7JeNtYhc0kcHCk0bbDqFHfmcCwjA0mjTmOwJnX8LbvdWf1E6z-e1XY1_HFJqypUDrtdl_sDHBOypCxtWrZagmnXtZ7wYyg

Request Chain 574

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEM1cHveXxA8KI_epcTmL5Vk&google_cver=1&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuYYgZtPyW8K8OsefiFecPwM5Eg HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEM1cHveXxA8KI_epcTmL5Vk&google_cver=1&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuYYgZtPyW8K8OsefiFecPwM5Eg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg4MDQwOTQyMDEzNzY3Nzg3OQ&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuYYgZtPyW8K8OsefiFecPwM5Eg

Request Chain 575

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPjU0qZkbwRF4rofw38MQ8s&google_cver=1&google_push=Aer7DvJNCZkLrY5O3L3LVLvOpQwTNrvzTh5CorCQyRcBTtj7AmC6b4GNXsovKdVZ4jAUUN91AL1-Df1SCg2pK3LTXb2aAdZbeMZ2sA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJNCZkLrY5O3L3LVLvOpQwTNrvzTh5CorCQyRcBTtj7AmC6b4GNXsovKdVZ4jAUUN91AL1-Df1SCg2pK3LTXb2aAdZbeMZ2sA

Request Chain 585

https://fw.adsafeprotected.com/rfw/st/1351698/69475176/skeleton.js?adsafe_url=https%3A%2F%2Fwww.kesatu.co&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Faa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8400307307701650%26output%3Dhtml%26h%3D600%26slotname%3D6224032654%26adk%3D1570749283%26adf%3D3173046727%26pi%3Dt.ma~as.6224032654%26w%3D160%26fwrn%3D16%26format%3D160x600%26url%3Dhttps%253A%252F%252Fwww.kesatu.co%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1679650727832%26bpp%3D2%26bdt%3D377%26idt%3D525%26shv%3Dr20230322%26mjsv%3Dm202303160101%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D332749602947%26frm%3D24%26ife%3D3%26pv%3D1%26ga_vid%3D1149933380.1679650728%26ga_sid%3D1679650728%26ga_hid%3D921566453%26ga_fc%3D0%26nhd%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D160%26ish%3D600%26ifk%3D4266015935%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759842%252C44759875%252C44759926%252C44777876%252C44786632%252C31072978%252C31071264%252C31071269%26oid%3D2%26pvsid%3D3305614213782006%26tmod%3D229949435%26uas%3D0%26nvt%3D1%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C160%252C600%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.5468eeuacj93%26fsb%3D1%26dtd%3D529&adsafe_type=d&adsafe_jsinfo=,id:46ac5c52-f507-ba6e-b51c-64a3900e2b9a,c:7LOPph,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-js4jd,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1,mtim:1041,mot:0,app:0,maw:0,fm:tzpFi7q+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:1072,oid:ae8d3bc4-ca27-11ed-a8b9-9a7feda424fc,v:19.8.400,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 589

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvLMwXiRBDbMeSMFiEf0rXlGyrMb-fmW1C-26btCExemF3_xMt8wPhMeuTdfVfbx2s48nm4OlemEkMpOXPoJrSu6X5wLpEO_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLMwXiRBDbMeSMFiEf0rXlGyrMb-fmW1C-26btCExemF3_xMt8wPhMeuTdfVfbx2s48nm4OlemEkMpOXPoJrSu6X5wLpEO_

Request Chain 590

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPjU0qZkbwRF4rofw38MQ8s&google_cver=1&google_push=Aer7DvIIgBqyBhTZVjCXCWNHQODzOqiRUSzPHsqms0svy8GVLjX1pz6UqkzzLAZw1XtBgpQi97imSI0udAx1m45VB9MrCxwtsUs1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvIIgBqyBhTZVjCXCWNHQODzOqiRUSzPHsqms0svy8GVLjX1pz6UqkzzLAZw1XtBgpQi97imSI0udAx1m45VB9MrCxwtsUs1

Request Chain 591

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEKK9_U06XKWEO4r-g9VDB4&google_cver=1&google_push=Aer7DvIt0XGQ4iHpKvARywJFKJIVdKPEGlPyEUQAI-LJpunRcIGVRblYbYdiJDaUCjRwA0OxLXRaSePSbIo8KlpayV8r31Gt2DGgmg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GNEYtUy0yUUQ5&google_push=Aer7DvIt0XGQ4iHpKvARywJFKJIVdKPEGlPyEUQAI-LJpunRcIGVRblYbYdiJDaUCjRwA0OxLXRaSePSbIo8KlpayV8r31Gt2DGgmg

Request Chain 592

https://match.360yield.com/match/ebda?google_gid=CAESEF8enHwCbWovvFSZuwumflU&google_cver=1&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVFY6Az_4MTleFcUg HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF8enHwCbWovvFSZuwumflU&google_cver=1&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVFY6Az_4MTleFcUg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t52vU1v2TLG1jWQSfJV-HQ&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVFY6Az_4MTleFcUg

Request Chain 593

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEH_rhF0r8Vwzt-QC7kDtfqw&google_cver=1&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7pIqsg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7pIqsg&google_gid=CAESEH_rhF0r8Vwzt-QC7kDtfqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7pIqsg

Request Chain 606

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 611

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIgY9osYNJA4nAgCqqh0JUtNhr9SH3fH6moW42f2rgiov0L-fBpjSEKnkhNlZk67G68dCcLAYwa_YOyAOr2cYBNff8JlP_Ym0g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIgY9osYNJA4nAgCqqh0JUtNhr9SH3fH6moW42f2rgiov0L-fBpjSEKnkhNlZk67G68dCcLAYwa_YOyAOr2cYBNff8JlP_Ym0g

Request Chain 613

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvLK-FObagXgl5CdH_861tVz69mfouEephmywNiSwwBLt5dj24y83KQjaCEBtYc7zx70KhYXEahkXt8tSU_P8ryjzP-Db93MfjM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLK-FObagXgl5CdH_861tVz69mfouEephmywNiSwwBLt5dj24y83KQjaCEBtYc7zx70KhYXEahkXt8tSU_P8ryjzP-Db93MfjM

Request Chain 614

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDv9JrCLTN9zoqXivAsMNE&google_cver=1&google_push=Aer7DvJwSkQyeM4Pa63tsxgtguwi0nXPuRSGrv7xNE4QTjQjG7cr4rpm6PNxrLYlNwIVRvNOTkEoUdzpot_lxIYxHu68obqy3a371gM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJwSkQyeM4Pa63tsxgtguwi0nXPuRSGrv7xNE4QTjQjG7cr4rpm6PNxrLYlNwIVRvNOTkEoUdzpot_lxIYxHu68obqy3a371gM

Request Chain 615

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aer7DvKE8RTWWfz7vbs7KcpL0zam09eJOP2WVCjESnymqoX5dZbgLmHMJ1d9_3a_NXowDmJKpqobr9IK4U53ZwbrWnJpSOiOrN87ew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvKE8RTWWfz7vbs7KcpL0zam09eJOP2WVCjESnymqoX5dZbgLmHMJ1d9_3a_NXowDmJKpqobr9IK4U53ZwbrWnJpSOiOrN87ew

Request Chain 619

https://ad.turn.com/r/cs?pid=3&google_gid=CAESELslJBbvCqwnOy29LUS8uRk&google_cver=1&google_push=Aa02lx_ROAce-USJo20zU0vDQvxUsTlrIx_0Mx9dJe58QW_sweLVDanHWoZmY2YZPcCQCn2Xy7-wtROkAG5quvtGbw-erceZwHIJ6Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODM1NzQ0MzE3ODAzODg5NjkwNQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELslJBbvCqwnOy29LUS8uRk&google_cver=1

Request Chain 620

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aa02lx-Xgx3Hd1OnSQ6XDnuRxFGvOzvcBQqFyeyQnalf-bFoLRYg41gVFGFW-llSkhKXycz5Nq3j_wdrTSlwSzFTIe0o9ECSVVs8NQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aa02lx-Xgx3Hd1OnSQ6XDnuRxFGvOzvcBQqFyeyQnalf-bFoLRYg41gVFGFW-llSkhKXycz5Nq3j_wdrTSlwSzFTIe0o9ECSVVs8NQ

Request Chain 623

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aa02lx93wfEwZaYoeLYJtdv7C2aQfP8a0J6uNa_0hljCT_XOh4dbOperqMip04sogGlI3uXbkDH-ij_ggDbVWDwz9u756IyII--VEA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx93wfEwZaYoeLYJtdv7C2aQfP8a0J6uNa_0hljCT_XOh4dbOperqMip04sogGlI3uXbkDH-ij_ggDbVWDwz9u756IyII--VEA&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

Request Chain 624

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPjU0qZkbwRF4rofw38MQ8s&google_cver=1&google_push=Aa02lx8W8hNnYiTTGhqujN06HsV0ZgxBa0UE1yBm4Q0Ot2pG2YxFqHljWiWXgt-HuxgEmnpAuu_rsxpBO3E6ZzhpxdLKmyFUk6IPTw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx8W8hNnYiTTGhqujN06HsV0ZgxBa0UE1yBm4Q0Ot2pG2YxFqHljWiWXgt-HuxgEmnpAuu_rsxpBO3E6ZzhpxdLKmyFUk6IPTw

Request Chain 625

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEOD49LY57B9VelVgLclUJd0&google_cver=1&google_push=Aa02lx_Gjyod23gQ-4_TabVR72usrv289y1UVRUKlgPzzW91XbCME6nUEJjh9aZ1735orLA70fjmVixqNPbfiEcaHiEWbgl6SvCYjQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_Gjyod23gQ-4_TabVR72usrv289y1UVRUKlgPzzW91XbCME6nUEJjh9aZ1735orLA70fjmVixqNPbfiEcaHiEWbgl6SvCYjQ

Request Chain 628

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aa02lx8BkSJDvNJkhWoDzalXW241P19BXI-UT9dA2xlyVc5V7RqZIT-YdI5Cd-tcbwyft8nOE7Q-Ws-wk5HyeoZ3MuF5ImmK24MIzwA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aa02lx8BkSJDvNJkhWoDzalXW241P19BXI-UT9dA2xlyVc5V7RqZIT-YdI5Cd-tcbwyft8nOE7Q-Ws-wk5HyeoZ3MuF5ImmK24MIzwA

Request Chain 631

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc21LudBIh5Xrk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc21LudBIh5Xrk&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

Request Chain 632

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAb8Q9KwLrbMjKGi3LXg0rs&google_cver=1&google_push=Aa02lx97DmHrjwPWvcnsgnAcQ_-6fesG-V8lhO3567RvxOGDEI3jVFkeKg6v2W4Uf6WwABaABfkOGFWtcfkpg-1qfUj0bBrZ67-XHV4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx97DmHrjwPWvcnsgnAcQ_-6fesG-V8lhO3567RvxOGDEI3jVFkeKg6v2W4Uf6WwABaABfkOGFWtcfkpg-1qfUj0bBrZ67-XHV4&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B

Request Chain 634

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEOD49LY57B9VelVgLclUJd0&google_cver=1&google_push=Aa02lx8eTitcctzHouBwGMLYd6prF9K3QgZ0aXegH6gyrm9FJ_BolwkEEhP4sCkUzTavIOOIPPnxJLfYaZaWNTFteYk5wDf0H4KHnw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8eTitcctzHouBwGMLYd6prF9K3QgZ0aXegH6gyrm9FJ_BolwkEEhP4sCkUzTavIOOIPPnxJLfYaZaWNTFteYk5wDf0H4KHnw4

Request Chain 638

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvJC-5Aj0qyKXstmTJ-24mQZhH-6apMKUmjJZNsjt-kFy5tRwMj3qPdv1FllMWX4zFAUGzOe1Rly0VBztoE5HuTW_Ed340Hxsw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvJC-5Aj0qyKXstmTJ-24mQZhH-6apMKUmjJZNsjt-kFy5tRwMj3qPdv1FllMWX4zFAUGzOe1Rly0VBztoE5HuTW_Ed340Hxsw

Request Chain 639

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAyDDerd7e_nZqGZJF-13ZU&google_cver=1&google_push=Aer7DvLotCdm8fKBXgHAlGY1m9ZxNTRoh7XYFbSejSVkG1LRSuAyQPcY0BHTusC5vBwsiMV0TV4XAD3RLzPa4LXd_Ni8G0n6s8a- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLotCdm8fKBXgHAlGY1m9ZxNTRoh7XYFbSejSVkG1LRSuAyQPcY0BHTusC5vBwsiMV0TV4XAD3RLzPa4LXd_Ni8G0n6s8a-&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

Request Chain 640

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvJJSSuPP7LzajnknDxFUPiIyiLn1dEU8ZjOtnFgEMjGjap6_FdJAXz5U-AoyGIqsKbfpOCjY13C-MH_yWHP1G_9VEMNCIQzfw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvJJSSuPP7LzajnknDxFUPiIyiLn1dEU8ZjOtnFgEMjGjap6_FdJAXz5U-AoyGIqsKbfpOCjY13C-MH_yWHP1G_9VEMNCIQzfw

Request Chain 642

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEKK9_U06XKWEO4r-g9VDB4&google_cver=1&google_push=Aer7DvI02aJlN-W1xlw-UFchmRPekInEQwlG0fi6x10vWnGYBVPrueXozfHUSYSh0K3MUo7OvVOE5jFQ20bd-JhQFuu7xZDMpTbGZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GRzYtMjMtOEUzRg==&google_push=Aer7DvI02aJlN-W1xlw-UFchmRPekInEQwlG0fi6x10vWnGYBVPrueXozfHUSYSh0K3MUo7OvVOE5jFQ20bd-JhQFuu7xZDMpTbGZw

Request Chain 643

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&google_cver=1&google_push=Aer7DvIyWz0N4rviTtvtNd5vIhFVQN2A2jtRXKcThg6JQcPnhnY0BvDAesu5YmwhBLa-uLbIVR6MrqV3S1p_Wpm3LcqzwHKbukTZF6U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvIyWz0N4rviTtvtNd5vIhFVQN2A2jtRXKcThg6JQcPnhnY0BvDAesu5YmwhBLa-uLbIVR6MrqV3S1p_Wpm3LcqzwHKbukTZF6U HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 712

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvKm6WsFPXl6V9X3UcYNZcnZoo8uMTcRquy-1_Wcq8AknLB3zZ9DdMzaKqiX6uPnmqswyoKu5-bn40afXuYGVsyP3NPzaOM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKm6WsFPXl6V9X3UcYNZcnZoo8uMTcRquy-1_Wcq8AknLB3zZ9DdMzaKqiX6uPnmqswyoKu5-bn40afXuYGVsyP3NPzaOM

Request Chain 713

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_cver=1&google_push=Aer7DvJfXtaPNWCI0ALmYJ-T_UF3gKLexPx-UorzK4_VrUcmgQxLaeOZ0xzB-b7sOo_KS9pr_0a5p9PZPcl0mCEA50kF4cJ6-0Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkIxdnFRQUFDWjNUeFFCYQ==&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_cver=1&google_push=Aer7DvJfXtaPNWCI0ALmYJ-T_UF3gKLexPx-UorzK4_VrUcmgQxLaeOZ0xzB-b7sOo_KS9pr_0a5p9PZPcl0mCEA50kF4cJ6-0Y

Request Chain 714

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_cver=1&google_push=Aer7DvIcy440L-JLY1WAZVhnpxayOwljsSRZDGPQLq8_OItOJPw58s_yR5_Gp-ROr3I9iZN4CL7KtrY5s6yeA5yOtHhmrXTsTg HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aer7DvIcy440L-JLY1WAZVhnpxayOwljsSRZDGPQLq8_OItOJPw58s_yR5_Gp-ROr3I9iZN4CL7KtrY5s6yeA5yOtHhmrXTsTg

Request Chain 715

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJCc5jCXJ4VOM6a37_T6OGM&google_cver=1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1679650733041 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-7deeafd8-813b-4aa6-bd91-42d24a98d521-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc%26google_hm%3DA33ur9iBO0qmvZFC0kqY1SE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc&google_hm=A33ur9iBO0qmvZFC0kqY1SE

Request Chain 716

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEH_rhF0r8Vwzt-QC7kDtfqw&google_cver=1&google_push=Aer7DvLpQa9c7AKDZNjMlHyg37kIhc2to-Y7Zh7vkr8FnBCCT8Tggf8006TrLRNiYpE45zhTHIPKnEDv6DVKW0zQbDXykq2kDII HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLpQa9c7AKDZNjMlHyg37kIhc2to-Y7Zh7vkr8FnBCCT8Tggf8006TrLRNiYpE45zhTHIPKnEDv6DVKW0zQbDXykq2kDII

Request Chain 717

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEOD49LY57B9VelVgLclUJd0&google_cver=1&google_push=Aer7DvLjUGcggxamcZt40DgEQ-7-s_wcXLXH3DzJtNhQ2oOqlrl6K3mfgwb-iLM7Jbsb5GZR9TafEt7vhv4QTUhQEQ2dWk7WuTK_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvLjUGcggxamcZt40DgEQ-7-s_wcXLXH3DzJtNhQ2oOqlrl6K3mfgwb-iLM7Jbsb5GZR9TafEt7vhv4QTUhQEQ2dWk7WuTK_ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

771 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.kesatu.co/ 92 KB
13 KB 1618ms
1299ms Document
text/html 18.64.141.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.64.141.114 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-64-141-114.mct50.r.cloudfront.net

Software

nginx / PHP/7.3.31

Resource Hash

9e8150bf756a5b5a7f00f71ae2714734bf45a3e1f9af3ddcd631bcdffe28d187

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 24 Mar 2023 09:38:46 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 4f83f5e6dc65845dadaae31f510e8420.cloudfront.net (CloudFront)
x-amz-cf-id: bsP1OXQEgF94m2FSh4Ut43WYVxrc76qIeS20hDG0-eDA2w3wKWSmKQ==
x-amz-cf-pop: MCT50-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-powered-by: PHP/7.3.31
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1023 B 72ms
27ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&display=swap

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

69b2906e60f091da37046596fe7cd56a16d3a1d49f90fc5714a72e812d709b5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 09:31:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 style.min.css
assets.ayobandung.com/promedia/news/desktop/css/ 60 KB
14 KB 74ms
21ms Stylesheet
text/css 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/css/style.min.css?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 2d3b8d5181cb107e4fbf1698508cc99c99f470e5d0d7cf2244cedcb8290559b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:29:57 GMT
x-amz-version-id: Z_9tus_iq2nPXP.b4RbXvZh9iIvqgf9U
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18529
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 06 Mar 2023 04:21:25 GMT
server: nginx
etag: W/"921941b0b0392d8540ed96511a180ffd"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: d8YI3thqLNBq7QZbER9sIgqqNfC5J53yFZTI8BTWeFCaEerrnqIWRg==
expires: Sat, 23 Mar 2024 04:29:57 GMT

GET
H2 200 custom.min.css
assets.ayobandung.com/promedia/network/247/desktop/css/ 8 KB
2 KB 91ms
38ms Stylesheet
text/css 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/network/247/desktop/css/custom.min.css?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 2cd91a116909572d0193cea60b6c3ad49fc39a6751d7184bc0395fe4fe53ae0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:30:08 GMT
x-amz-version-id: EoGApeBf3ZyQtHannxYtMd3enii_Uw1k
content-encoding: br
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18518
x-cache: Hit from cloudfront
last-modified: Tue, 26 Oct 2021 02:10:07 GMT
server: nginx
etag: W/"746458ef9950854e62849d59bcf600af"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: cfjg83DGjubuK52Q9iRd4lyUqTNMbof4yEilARWgd3_a5B_WTwxyFQ==
expires: Sat, 23 Mar 2024 04:30:08 GMT

GET
H2 200 jquery-1.12.0.min.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 95 KB
34 KB 86ms
34ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/jquery-1.12.0.min.js?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: de33fe1ba0d81147fc56ff19149e85914d13c4c4d7a5969aeda463d9f4787848

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:29:57 GMT
x-amz-version-id: null
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18529
x-cache: Hit from cloudfront
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"b2f71c943f2f14613bc100fc3ec59db2"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: u6BKswdStf40sq4EF2V4wRhO61r0zTnCxTHs2gDwDKY7YHbSxAlDqw==
expires: Sat, 23 Mar 2024 04:29:57 GMT

GET
H2 200 kesatu.js Show response
propsid.b-cdn.net/gpt/pti/ 21 KB
6 KB 571ms
186ms Script
application/javascript 2400:52e0:1500::868:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://propsid.b-cdn.net/gpt/pti/kesatu.js
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1500::868:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-SG1-868 /
Resource Hash: 2c3c04e75b55ed4bb6c4a51a634c1ebd3c210231f140c31858d84149e89537a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
cdn-edgestorageid: 868
cdn-storageserver: SG-515
cdn-cachedat: 03/24/2023 08:08:36
cdn-pullzone: 266288
last-modified: Thu, 09 Mar 2023 01:14:47 GMT
server: BunnyCDN-SG1-868
cdn-fileserver: 424
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"64093307-5520"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 022eeb7f-01b5-4a33-8c9d-d5c55b7764e7
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000
cdn-requestid: ac79ac6efa20bcfa16bb97e3e5c899c2
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 80ms
28ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

831a0ffeae52bcd087050c22ec911efb172a3de267305ce847a4980bdb362689

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27495
x-xss-protection: 0
server: sffe
etag: "1520 / 402 of 1000 / last-modified: 1679609152"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 141 KB
48 KB 125ms
70ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ee2c9d9e322c7c4a2ed4e23767d14ed9f9c5e0a6f4d667f85b39cd694ceb045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48952
x-xss-protection: 0
server: cafe
etag: 793687997677305829
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
48 KB 130ms
75ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6344910443143463

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

31552c699b839c45d0f246d1c2c2156368b5fc6d05bf6aee3134987c3aff2ca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48727
x-xss-protection: 0
server: cafe
etag: 12072713757211164668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 logo.png
assets.ayobandung.com/crop/0x0:0x0/0x0/webp/promedia/network/247/desktop/images/ 37 KB
38 KB 26ms
24ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/0x0/webp/promedia/network/247/desktop/images/logo.png?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 943e474e110dbebaaaf183d9ee3615e0479f0a471d441e00c0ab054d6bc15d20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:30:13 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 18513
etag: "dd9f69adf68a2431ccbb7a0106475c515f6a46a7"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 38104
x-amz-cf-id: Ta06FDlrbZkgDTD-80i0ogUmH3QpGQmkv5zKcP5cbyb0Vqw-SqWW4w==
expires: Sat, 23 Mar 2024 04:30:13 GMT

GET
H2 200 blank.png
assets.ayobandung.com/crop/0x0:0x0/1x1/webp/promedia/news/desktop/images/ 44 B
452 B 23ms
21ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/1x1/webp/promedia/news/desktop/images/blank.png
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 1593bd5a43dd148d4c0e4d0e9f74f80613d3a48cdfb71fa15835f79aef9919a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sat, 04 Mar 2023 16:55:09 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 1701817
etag: "f40336ae704c19b9b897cb41ee8aa0828dcacc07"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 44
x-amz-cf-id: Vbuw-0s_HF0ddYQzLRZPS7JFxPsi4jdJqhbDTIBRSkaxyU_lRGnYbg==
expires: Sun, 03 Mar 2024 16:55:09 GMT

GET
H2 200 logo-white.png
assets.ayobandung.com/promedia/network/247/desktop/images/ 63 KB
63 KB 26ms
24ms Image
image/png 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/promedia/network/247/desktop/images/logo-white.png?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4fe2f34dd7e5dca36dd4dec1d21b6d789c57823c081baf0ea7763994f58eca27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:30:16 GMT
x-amz-version-id: R8tsBdRAqx4..IfM0YudXwJLGPMVDfiK
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18510
x-cache: Hit from cloudfront
content-length: 64190
last-modified: Tue, 26 Oct 2021 02:10:08 GMT
server: nginx
etag: "51caf25115dfea0e37db3cac713dfbc5"
access-control-allow-methods: GET, OPTION
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: h-fwUiahKtvz-lNkF_jdZke6dngMiwt0TcRj0Vo60cGdKV33iHKz1Q==
expires: Sat, 23 Mar 2024 04:30:16 GMT

GET
H2 200 slick.min.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 40 KB
10 KB 19ms
18ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/slick.min.js?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 0a38cf7423f9f7060c66183e74e7e138bed849de551199c490e3a1e97ce291e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:29:57 GMT
x-amz-version-id: null
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18529
x-cache: Hit from cloudfront
last-modified: Thu, 15 Apr 2021 16:17:05 GMT
server: nginx
etag: W/"72d9511c2715d0da989e1f5bfe886532"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: v2ylNC4iO7WzmCd5Itz6gyTejUsiyrrOCRU_68xlWZyyHtbEjUtT7A==
expires: Sat, 23 Mar 2024 04:29:57 GMT

GET
H2 200 jquery.sticky-kit.min.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 3 KB
2 KB 19ms
19ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/jquery.sticky-kit.min.js?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3a8717b1c866759c800df22bdc5b34545730d2790473892a4cf31dce49bf1170

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:29:57 GMT
x-amz-version-id: null
content-encoding: br
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18529
x-cache: Hit from cloudfront
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"d61a7b888967697179c82adc5e7fc18d"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: Ce0fbowbRPnpPgN0Z0He0yZzxEkznYX6XT7QXK9OYR-4Fm_ddHBzag==
expires: Sat, 23 Mar 2024 04:29:57 GMT

GET
H2 200 jquery.magnific-popup.min.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 20 KB
8 KB 21ms
17ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/jquery.magnific-popup.min.js?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:29:57 GMT
x-amz-version-id: null
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18529
x-cache: Hit from cloudfront
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: nfe9e0NK2ZyRrFLKpfAzGRw7_s6kbLufDR1zy8LnGvQU6rctnczWXA==
expires: Sat, 23 Mar 2024 04:29:57 GMT

GET
H2 200 jquery.marquee.min.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 5 KB
2 KB 23ms
19ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/jquery.marquee.min.js?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 9de5a9ee5dc9d4ca558268b7bcd6ead5eaff468a4a13f526738b4e5f65b32855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:32:47 GMT
x-amz-version-id: null
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18359
x-cache: Hit from cloudfront
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"14c4877ae18b2930b3cbd1bf9ad4dff6"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: imhLE1k7kkdHdGrUzw40VjEzFp7D8tt9mo6sDSvNBKFVObFyPD-VAQ==
expires: Sat, 23 Mar 2024 04:32:47 GMT

GET
H2 200 main.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 4 KB
2 KB 23ms
19ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/main.js?v=698
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 40da1f2bb18419fdeb462e7468c95a3ce82767d881695aaa0800bd567ed53a00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 04:29:57 GMT
x-amz-version-id: null
content-encoding: br
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 18529
x-cache: Hit from cloudfront
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"7fc45067021f7c9d42dbedb0ab1f13d4"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: 4dGnRM5lTsFh-Wbf0HK1EZLMXUg8bANiCdAweC6dTjx4w0cy2z4p0w==
expires: Sat, 23 Mar 2024 04:29:57 GMT

GET
H2 200 share.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 589 B
1 KB 24ms
20ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/share.js
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 2214d41b278709c873fdb298e1c176c1a8c2e2f40538d1b242a48e7c871611d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 20 Mar 2023 14:58:18 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 685760
x-cache: Hit from cloudfront
content-length: 589
last-modified: Wed, 14 Apr 2021 06:43:54 GMT
server: nginx
etag: "04bbb0cb75f8655f00d8fa946b39dd29"
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: th83vzLqFPWYZC-duU8qodq1yNioLeeAlWhO7Y_vNb_DrWQtYUQ7Cw==
expires: Fri, 15 Mar 2024 11:09:26 GMT

GET
H2 200 lazysizes.min.js Show response
assets.ayobandung.com/promedia/news/desktop/js/ 8 KB
4 KB 24ms
20ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/js/lazysizes.min.js
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sat, 04 Mar 2023 16:54:09 GMT
x-amz-version-id: hoASrtcYWKM_cquzowdxZu1CXNtlWQkX
content-encoding: br
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 1701877
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 04 Mar 2023 16:15:37 GMT
server: nginx
etag: W/"45bacd312d5098b4b59f563d8756c15d"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: aOywl_K72YpxucKJkvocAN7mEPw_za86_9S9MJnApFaNRGqE9GZ6qw==
expires: Sun, 03 Mar 2024 16:54:09 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/6.5.0/ 11 KB
4 KB 72ms
19ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.5.0/firebase-app.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9db819fcacffaf3e9d603f594ce05f8594bcbb8389c59e687c97c26966c2d850

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142415
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3944
x-xss-protection: 0
last-modified: Thu, 29 Aug 2019 21:56:20 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:05:11 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/6.5.0/ 31 KB
9 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.5.0/firebase-messaging.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142415
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8653
x-xss-protection: 0
last-modified: Thu, 29 Aug 2019 21:56:23 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:05:11 GMT

GET
H2 200 app.js Show response
assets.ayobandung.com/promedia/sw/ 2 KB
1 KB 24ms
21ms Script
application/x-javascript 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/sw/app.js?pro=6
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 2ad420ff11526656e79f7c2476235849d96607e4a22fe15c77b6555dd2603f11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

x-amz-version-id: Rrx5PDq57BI6xtYIzjbD7POhAPaydMR9
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
date: Mon, 20 Mar 2023 16:46:08 GMT
x-amz-cf-pop: FRA60-P4
age: 806657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 12 Feb 2023 05:24:18 GMT
server: nginx
etag: W/"64b544da85b1cf1db7af3f9c3ed286de"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: n92lyXdNnQ7VWlmvZ8vwrGqAXWbN43sVDMA_xjiQFQdmYhwUf_BOkw==
expires: Thu, 14 Mar 2024 01:34:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 94ms
43ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-207405423-45

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d09759caa40ed5d354c523a90c272e0640f39c2ad72af2475617a247db110d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44766
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 164 KB
48 KB 118ms
67ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGJ7WW

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e8b2faa65ed345e553d2f772ce2a6d59d20ab6e4b7c16330735d46fb0251e0ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49308
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
DATA 200
OK truncated
/ 422 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ae542bace58e607e3384b18969c424e8c77b6306ccee4298af00805479496f3

Request headers

Referer
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 bg_box_1.svg
assets.ayobandung.com/promedia/network/247/desktop/images/bg/ 55 KB
41 KB 524ms
524ms Image
image/svg+xml 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/promedia/network/247/desktop/images/bg/bg_box_1.svg
Requested by: Host: assets.ayobandung.com
URL: https://assets.ayobandung.com/promedia/network/247/desktop/css/custom.min.css?v=698
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 83c2cee78bcb18f392632e2f4fe16cf2da7f3f6f89927d282f8246eb7d82b3d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.ayobandung.com/promedia/network/247/desktop/css/custom.min.css?v=698
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-amz-version-id: fnDjY6rZZiiooZCZh3J0nX6Po6KscXA0
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-cache: Miss from cloudfront
last-modified: Tue, 26 Oct 2021 02:10:26 GMT
server: nginx
etag: W/"f65ec02afb3fc51802f8a407cc50bbda"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-id: KxDZX_0eiBY4qm1Z9E7wP3FtuEAQ1EfrZw_8IeXWwR9CxY-yxPbCcQ==
expires: Sat, 23 Mar 2024 09:38:47 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 69ms
21ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:40 GMT
x-content-type-options: nosniff
age: 262866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:40 GMT

GET
H2 200 icons.ttf
assets.ayobandung.com/promedia/news/desktop/fonts/icons/ 11 KB
12 KB 66ms
25ms Font
application/octet-stream 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/fonts/icons/icons.ttf?jemrcm
Requested by: Host: assets.ayobandung.com
URL: https://assets.ayobandung.com/promedia/news/desktop/css/style.min.css?v=698
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 1517b5246f24efd5abf47f90c676a2e70fc62d28fb0f7e199e249111d4450a21

Request headers

Referer: https://assets.ayobandung.com/promedia/news/desktop/css/style.min.css?v=698
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 18:52:49 GMT
x-amz-version-id: null
via: 1.1 a3c1615d6bdfc01a05a0b3a742d10d38.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 571557
x-cache: Hit from cloudfront
content-length: 11480
last-modified: Thu, 15 Apr 2021 16:16:50 GMT
server: nginx
etag: "1d8d949452407d5b53666cedb753c381"
access-control-allow-methods: GET, OPTION
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BdY52Lir2apzGOTUwsR7QOKYAE3fYK8ZV6D9ry2ohGTHdDF4eLMiIw==
expires: Sat, 16 Mar 2024 18:52:49 GMT

GET
H2 200 icomoon.ttf
assets.ayobandung.com/promedia/news/desktop/fonts/ 7 KB
7 KB 66ms
26ms Font
application/octet-stream 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ayobandung.com/promedia/news/desktop/fonts/icomoon.ttf?i7fsrr
Requested by: Host: assets.ayobandung.com
URL: https://assets.ayobandung.com/promedia/news/desktop/css/style.min.css?v=698
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 42d2d2f5ca7d4a74d4cec7eb892236bd4ca4790ef0446d15a1cde9d1e1d555d0

Request headers

Referer: https://assets.ayobandung.com/promedia/news/desktop/css/style.min.css?v=698
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 04:13:23 GMT
x-amz-version-id: null
via: 1.1 a3c1615d6bdfc01a05a0b3a742d10d38.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 451523
x-cache: Hit from cloudfront
content-length: 6712
last-modified: Thu, 15 Apr 2021 16:16:50 GMT
server: nginx
etag: "1ea1b32003df3f4a5a29843b3ec0ae1a"
access-control-allow-methods: GET, OPTION
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 7GZjIsEhSzrVoDxGqoRkdfQnEeq5wju_J--XqPgD0IFTeejOyekJmw==
expires: Mon, 18 Mar 2024 04:13:23 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 67ms
20ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.kesatu.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:40 GMT
x-content-type-options: nosniff
age: 262866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:40 GMT

GET
H2 200 Gambaran-Kecantikan-Putri-Kerajaan-Sunda-Dyah-Pitaloka-Citraresmi-Versi-AI-2057667583.jpg
assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2023/02/18/ 31 KB
32 KB 22ms
20ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2023/02/18/Gambaran-Kecantikan-Putri-Kerajaan-Sunda-Dyah-Pitaloka-Citraresmi-Versi-AI-2057667583.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4fc80465056668fb48ea0724aa584b6030bd0e2454778b0448b69d51b03940ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:33:23 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2509523
etag: "69904484548050c0db7f8bf342a80e75847d23d0"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 32046
x-amz-cf-id: caKOrbNoU3FHU9ZnNKTF9g1CDmGGwRX_IKuLnzdW_NX1meyVsufLUQ==
expires: Fri, 23 Feb 2024 08:33:23 GMT

GET
H2 200 3002240338.jpg
assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2023/02/17/ 12 KB
12 KB 25ms
23ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2023/02/17/3002240338.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 58b0d4c16e89728c34fff405516be61d0a78425aea30bf1c265364eb239f3b9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 22:08:55 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2806191
etag: "0785ecca81618979e34db833823d07652651cd61"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 11858
x-amz-cf-id: WLdyUvKlvvTqJMEDKmwTXoTetPMv4h4UW6yov4LqnSr2FTaN0-x9_A==
expires: Mon, 19 Feb 2024 22:08:55 GMT

GET
H2 200 Gambaran-Kecantikan-Putri-Kerajaan-Sunda-Dyah-Pitaloka-Citraresmi-Versi-AI-2057667583.jpg
assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2023/02/18/ 8 KB
9 KB 26ms
24ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2023/02/18/Gambaran-Kecantikan-Putri-Kerajaan-Sunda-Dyah-Pitaloka-Citraresmi-Versi-AI-2057667583.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: f90d95764487b1ec5946495034f4d9d13fb1a1925bbb252b92adff95b2ce327a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sat, 04 Mar 2023 20:00:54 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 1690672
etag: "8b4e4b1f25b11126904eec7315dab66f9385c33a"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 8576
x-amz-cf-id: k9xBQDxYadA-_oIrQle-DOohBeDX08Q7VVjfIOxZZt_PyA0t1o_pMQ==
expires: Sun, 03 Mar 2024 20:00:54 GMT

GET
H2 200 3002240338.jpg
assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2023/02/17/ 3 KB
3 KB 27ms
25ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2023/02/17/3002240338.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 0affac46bfc0c3bd4078f25128d0e8d2aa318b5cd3842fcd08bd350c7097c354

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sat, 04 Mar 2023 20:00:54 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 1690672
etag: "80f518340c7346a9c973743d296adbbaa1f03393"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 2892
x-amz-cf-id: 6SCGq5P1ZVh7K_a9cEt8v7ZrqTwHoH__Isi_47btF0n8pBz-B9y99Q==
expires: Sun, 03 Mar 2024 20:00:54 GMT

GET
H2 200 2725565572.jpg
assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2023/02/16/ 5 KB
6 KB 26ms
24ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2023/02/16/2725565572.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: bbf7aad610b99d743f5a7bb876e283b7adbc0759e6e9b0a939c35646dc4a70a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sat, 04 Mar 2023 20:00:55 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 1690671
etag: "f2ff028cfbcc3cee802763da71596d934249d9a6"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 5436
x-amz-cf-id: 3LKkvXft6Rmeo97Yc4kwqri9a1TjIRpjB_CxtitKTn1CcUEwR5fG5Q==
expires: Sun, 03 Mar 2024 20:00:55 GMT

GET
H2 200 818094105.jpg
assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2022/12/20/ 7 KB
8 KB 406ms
405ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/185x158/webp/photo/2022/12/20/818094105.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: e5016d750a959fbb302803c8712b87f4715fa195ba98eb5d116ef844b43cb292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
etag: "d6c88ac1cdca69c6b7147c7423bd42ec69968c19"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Miss from cloudfront
cache-control: max-age=31536000
content-length: 7398
x-amz-cf-id: BMAequj_hQcmfgi-mCknggRyoxsxqaly4HyGCIuLR1L_efANDtTW6A==
expires: Sat, 23 Mar 2024 09:38:47 GMT

GET
H2 200 Ilustrasi-Hukuman-Mati-2178689228.jpg
assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2023/02/18/ 3 KB
4 KB 27ms
26ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2023/02/18/Ilustrasi-Hukuman-Mati-2178689228.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3e0ac0503d6b5476fd07981257659b122cca2395427c59f673745e400e7ceefa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:33:24 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2509522
etag: "fb918cda5315df9ffc1f59869e12ec4fd7cadfea"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 3382
x-amz-cf-id: Z3NJluIRkfvSCAJ_poXqR4-iKgbk6YvBrf0jcVtv4NlXf6cD9cvIeQ==
expires: Fri, 23 Feb 2024 08:33:24 GMT

GET
H2 200 2198239832.jpg
assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2022/08/12/ 8 KB
8 KB 27ms
26ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2022/08/12/2198239832.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3b44d4a93813a0a4fb26ac5f817284ea95888a2465bcba78fbd4dbf8a19c5d76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:33:24 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2509522
etag: "52df549e63ad26503be4b8435676ad028a7bdc04"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 8042
x-amz-cf-id: KnU3gDZi325hZ2vp7c0xGvcnTME4o0PSlxfNMZwXeZTIgeErN_YMww==
expires: Fri, 23 Feb 2024 08:33:24 GMT

GET
H2 200 seleksi-di-persib-kakang-bekal-pelatihan-di-garuda-select.jpg
assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/ayobandung/bank_image/medium/ 6 KB
6 KB 28ms
27ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/ayobandung/bank_image/medium/seleksi-di-persib-kakang-bekal-pelatihan-di-garuda-select.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: deda2e83e48a3aa2725c655d07e512e91a234858cffc8c2aeb54adf252ec3d04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 22:08:56 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2806190
etag: "516e540b5e0cfa5524d1a2d9c21d6611807b49be"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 5676
x-amz-cf-id: MKE8MkNeeSe7w-VYVw_XdzRW2nTCTGBDrKt01QAXRpZ5HlQU1AMZCw==
expires: Mon, 19 Feb 2024 22:08:56 GMT

GET
H2 200 pubads_impl_2023032101.js Show response
securepubads.g.doubleclick.net/gpt/ 396 KB
134 KB 79ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73fb2fa0d192c9fe74aaef182a6dbc31c29e7cc863038f0d69eac0d5c8ae204f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 08:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4548
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136519
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 08:35:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 23 Mar 2024 08:22:58 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 399 B
754 B 115ms
57ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.kesatu.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b06f9f0e2abdae9e3043b070fa238da4e8be7b659eae66f544b3d3602b44c71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 212
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 69ms
23ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-207405423-45

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 24 Mar 2023 08:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 5615
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 24 Mar 2023 10:05:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-L9VSZP7GRD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGJ7WW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d057a6097d8a0ae4831667c1f1ca37800322081ca39df92ee09cc9283517d9ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83706
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 50ms
50ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XHS8W3S0QP&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGJ7WW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4509d578972c4a5c85b0e1208201aae2b0be0fa0b00653a97946f34bb918ed6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83686
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/ 350 KB
117 KB 121ms
82ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=www.kesatu.co&bust=31073358

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

740ced19ce82a3ebf1c8b9ead610ff801e536e95ccbfb09503c4b0c66ccf0686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119872
x-xss-protection: 0
server: cafe
etag: 7030619706668637885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:46 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/ Frame D153 10 KB
5 KB 65ms
18ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:09:01 GMT
etag: 2378337311435320485
expires: Fri, 07 Apr 2023 09:09:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
71 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=451883815&gjid=1654872977&cid=1326326062.1679650727&tid=UA-207405423-91&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1049265960

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1366945425&gjid=177122462&cid=1326326062.1679650727&tid=UA-207405423-90&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=277753850

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 26ms
26ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=730419534&gjid=1574482431&cid=1326326062.1679650727&tid=UA-207405423-81&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=108585212

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=58758211&gjid=221175937&cid=1326326062.1679650727&tid=UA-207405423-80&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=758715586

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1004851552&gjid=299809077&cid=1326326062.1679650727&tid=UA-207405423-89&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1388689338

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=406809757&gjid=670969344&cid=1326326062.1679650727&tid=UA-207405423-83&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1702268222

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=488528410&gjid=2001811096&cid=1326326062.1679650727&tid=UA-207405423-63&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=166920997

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 26ms
26ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=2007473528&gjid=782011303&cid=1326326062.1679650727&tid=UA-207405423-86&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=847227127

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 26ms
26ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1251748185&gjid=669240164&cid=1326326062.1679650727&tid=UA-207405423-85&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1862270047

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=892350264&gjid=1469795632&cid=1326326062.1679650727&tid=UA-207405423-64&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1270170172

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
23 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=651904069&gjid=128256378&cid=1326326062.1679650727&tid=UA-207405423-65&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=189875830

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1526151147&gjid=2138221267&cid=1326326062.1679650727&tid=UA-207405423-78&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1107479366

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1729730786&gjid=96669120&cid=1326326062.1679650727&tid=UA-207405423-62&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=618034943

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1097002244&gjid=1736947762&cid=1326326062.1679650727&tid=UA-207405423-84&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=276067277

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 26ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1159731759&gjid=1438970913&cid=1326326062.1679650727&tid=UA-207405423-87&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1499557243

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=929186075&gjid=667991027&cid=1326326062.1679650727&tid=UA-213951293-83&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1129159457

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
23 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1649865494&gjid=1866329397&cid=1326326062.1679650727&tid=UA-208513372-4&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=1683985792

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
23 B 25ms
25ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=696086722&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kesatu.co%2F&ul=en-us&de=UTF-8&dt=Kesatu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=619042975&gjid=1730711474&cid=1326326062.1679650727&tid=UA-208513372-5&_gid=125206697.1679650727&_r=1&_slc=1&gtm=45He33m0n81TXGJ7WW&cd2=Not%20Available&cd3=Not%20Available&cd4=Not%20Available&cd5=Not%20Available&cd6=Not%20Available&cd7=Not%20Available&cd8=Not%20Available&cd9=Not%20Available&cd10=Not%20Available&z=824940211

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
345 B 80ms
26ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-45&cid=1326326062.1679650727&jid=2074443710&gjid=1165030191&_gid=125206697.1679650727&_u=YEBAAUAAAAAAACAAI~&z=970034702

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 coating_tmmd.jpg
assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/ayobandung/images-bandung/post/articles/2018/05/02/32236/ 4 KB
4 KB 22ms
20ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/ayobandung/images-bandung/post/articles/2018/05/02/32236/coating_tmmd.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 286989eb6370c367c56c26c6057ab812334d77104e810ca257c59ef68b878157

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:33:23 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2509524
etag: "fa6c79927e7d425927799f8a44e9e0df2264ab54"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 3648
x-amz-cf-id: ogE8l23BViyTKmcX42dyUREuFab_4wPrT-VBYTlw4XzveFSFjDq0wQ==
expires: Fri, 23 Feb 2024 08:33:23 GMT

GET
H2 200 2169280322.jpg
assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2022/01/28/ 6 KB
7 KB 21ms
19ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2022/01/28/2169280322.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4610b91606a29e1400982384f0adddc0ef917693671c6320db7b20f565387fa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 22:08:48 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2806199
etag: "054a03fc972657c8c673a2c3a3075426dc2bafd2"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 6346
x-amz-cf-id: nwfKVeEg-IDV_MrLt-vmFwmGzUxW-Rjyj7PkHRterbLwMP-gHzQPQQ==
expires: Mon, 19 Feb 2024 22:08:48 GMT

GET
H2 200 1289719484.jpg
assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2022/09/27/ 2 KB
3 KB 21ms
20ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/226x136/webp/photo/2022/09/27/1289719484.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 53045d3f1b5401ed6234f4ad7f3b0dc583f1ab1a4a85174022f4da520b6d0a01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:33:24 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2509523
etag: "5f430de0af1d0db78f53ad17a1fc34bca5da43a8"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 2294
x-amz-cf-id: GbjUoCITSQffq5iuaFTWAw3gny3pqBvTB4T3Lc0nZlHbGlNz2WYpug==
expires: Fri, 23 Feb 2024 08:33:24 GMT

GET
H2 200 Anggota-DPD-RI-Asep-Hidayat-Saat-Mengunjungi-Kantor-Wilayah-Bulog-Jawa-Barat-Untuk-Memantau-Harga-dan-Stok-Bahan-Pokok-Menjelang-Ramadan-dan-Lebaran-4126781868.jpeg
assets.ayobandung.com/crop/0x0:0x0/188x113/webp/photo/2023/03/03/ 5 KB
5 KB 471ms
470ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/188x113/webp/photo/2023/03/03/Anggota-DPD-RI-Asep-Hidayat-Saat-Mengunjungi-Kantor-Wilayah-Bulog-Jawa-Barat-Untuk-Memantau-Harga-dan-Stok-Bahan-Pokok-Menjelang-Ramadan-dan-Lebaran-4126781868.jpeg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 0cd13bffd1187110d3f360e65bfc4115b5a9fc8a31197630c632f890ddc62652

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
etag: "1cb29088d14189f144db0eb9824a21b25e39447f"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Miss from cloudfront
cache-control: max-age=31536000
content-length: 5134
x-amz-cf-id: pXtHpvvVFQO8O9CMdlqvI2uHrDVojQqQueD4Ba_Dhcq8kxXod1pw6A==
expires: Sat, 23 Mar 2024 09:38:47 GMT

GET
H2 200 DR-Hj-Ifa-Faizah-Rohmah-MPD-membuka-Pekan-Studi-Islam-Ramadhan-diselenggarakan-serentak-di-17-PERMATA-Persatuan-Majlis-Taklim-BKMT-se-Kabupaten-Purwakarta-3853951171.jpg
assets.ayobandung.com/crop/0x0:0x0/188x113/webp/photo/2023/03/23/ 5 KB
6 KB 23ms
22ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/188x113/webp/photo/2023/03/23/DR-Hj-Ifa-Faizah-Rohmah-MPD-membuka-Pekan-Studi-Islam-Ramadhan-diselenggarakan-serentak-di-17-PERMATA-Persatuan-Majlis-Taklim-BKMT-se-Kabupaten-Purwakarta-3853951171.jpg
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 769783dc7f03e0c2db46e0633b2963d24e3d3c170b13afdeef7b10533a565006

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:52:24 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 53183
etag: "1c41e2256aeec3e193ca71cf5d02f79fcbd1d086"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 5284
x-amz-cf-id: 04ResVuN_n3OdafHhtKhN-qmom9tdLlQrGEz02wkJNyacz2oO3Auvw==
expires: Fri, 22 Mar 2024 18:52:24 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 71ms
26ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XHS8W3S0QP&gtm=45je33m0&_p=696086722&_gaz=1&cid=1326326062.1679650727&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1679650727&sct=1&seg=0&dl=https%3A%2F%2Fwww.kesatu.co%2F&dt=Kesatu&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XHS8W3S0QP&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 40ms
27ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-XHS8W3S0QP&cid=1326326062.1679650727&gtm=45je33m0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XHS8W3S0QP&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 78ms
32ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XHS8W3S0QP&cid=1326326062.1679650727&gtm=45je33m0&aip=1&z=1845915344

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 45ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-L9VSZP7GRD&gtm=45je33m0&_p=696086722&_gaz=1&cid=1326326062.1679650727&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1679650727&sct=1&seg=0&dl=https%3A%2F%2Fwww.kesatu.co%2F&dt=Kesatu&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L9VSZP7GRD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
54 B 26ms
26ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-L9VSZP7GRD&cid=1326326062.1679650727&gtm=45je33m0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L9VSZP7GRD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 51ms
33ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-L9VSZP7GRD&cid=1326326062.1679650727&gtm=45je33m0&aip=1&z=167804266

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 86ms
27ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.kesatu.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 74ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.kesatu.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 212 KB
20 KB 116ms
115ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2123521736962133&correlator=743544929610632&eid=31072878%2C31073289%2C31073319%2C31073115&output=ldjh&gdfp_req=1&vrg=2023032101&ptt=17&impl=fifs&iu_parts=22579199035%2Ckesatu%2Cdesktop&enc_prev_ius=%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F&prev_iu_szs=970x250%2C300x600%2C160x600%7C120x600%2C120x600%7C160x600%2C970x90%7C728x90%2C300x250%2C300x250%7C320x100%2C300x250%7C336x280%2C300x250%7C300x75%2C728x90%2C468x60%7C728x90%2C728x90%7C468x60&ifi=2&adks=3560153341%2C1553110440%2C1074728070%2C1706393270%2C2925822550%2C2154461514%2C2451217027%2C4289284071%2C3172552513%2C4151993698%2C3738835072%2C1747919061&didk=3104789316~3970816304~603122024~3411469114~3128267967~3963388351~3972900658~3967546128~3960151865~3134554995~3189136612~3191783068&sfv=1-0-40&prev_scp=Position%3DdesktopTopHome%7CPosition%3DdesktopGiantHome%7CPosition%3DdesktopSkinAdsLeftHome%7CPosition%3DdesktopSkinAdsRightHome%7CPosition%3DdesktopBottomFrameHome%7CPosition%3DdesktopRB1Home%7CPosition%3DdesktopRB2Home%7CPosition%3DdesktopRB3Home%7CPosition%3DdesktopRB4Home%7CPosition%3DdesktopMCB1Home%7CPosition%3DdesktopMCB2Home%7CPosition%3DdesktopMCB3Home&sc=1&cookie_enabled=1&abxe=1&dt=1679650727194&lmt=1679650727&dlt=1679650726534&idt=617&adxs=265%2C1035%2C90%2C1350%2C250%2C1035%2C1035%2C1035%2C1035%2C265%2C265%2C265&adys=263%2C418%2C102%2C102%2C1110%2C871%2C3019%2C4935%2C6177%2C2062%2C2680%2C3328&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C0%7C0%7C0%7C1%7C2%7C3%7C4%7C5%7C6&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.kesatu.co%2F&frm=20&vis=1&psz=1070x0%7C300x0%7C160x-1%7C120x-1%7C1100x-1%7C300x0%7C300x0%7C300x0%7C300x0%7C740x0%7C740x0%7C740x0&msz=1070x0%7C300x0%7C160x-1%7C120x-1%7C1100x-1%7C300x0%7C300x0%7C300x0%7C300x0%7C740x0%7C740x0%7C740x0&fws=0%2C0%2C512%2C512%2C512%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=1326326062.1679650727&ga_sid=1679650727&ga_hid=696086722&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d42f11c2cac4d35767c17fd2aad83f9d577c94af7bd8ddb7fe6f60d5c52f0c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20144
x-xss-protection: 0
google-lineitem-id: 5778782071,5778782071,5778782071,5778782071,5778782071,5778782071,5778782071,5778782071,5778782071,-2,5778782071,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138361718144,138364476481,138362112001,138361801221,138361718171,138361801278,138362113825,138361717586,138362113738,-2,138361718111,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6055 6 KB
3 KB 108ms
28ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 29ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-62&cid=1326326062.1679650727&jid=1729730786&gjid=96669120&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=2089585980

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 29ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-84&cid=1326326062.1679650727&jid=1097002244&gjid=1736947762&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=1389194728

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 29ms
29ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-87&cid=1326326062.1679650727&jid=1159731759&gjid=1438970913&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=1394200711

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 29ms
29ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-213951293-83&cid=1326326062.1679650727&jid=929186075&gjid=667991027&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=2136519391

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 28ms
27ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-91&cid=1326326062.1679650727&jid=451883815&gjid=1654872977&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=211016170

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 28ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-90&cid=1326326062.1679650727&jid=1366945425&gjid=177122462&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=89865405

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 28ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-81&cid=1326326062.1679650727&jid=730419534&gjid=1574482431&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=1827320885

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 28ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-80&cid=1326326062.1679650727&jid=58758211&gjid=221175937&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=989981035

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 28ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-89&cid=1326326062.1679650727&jid=1004851552&gjid=299809077&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=381774202

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 28ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-83&cid=1326326062.1679650727&jid=406809757&gjid=670969344&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=937900560

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 34ms
33ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-63&cid=1326326062.1679650727&jid=488528410&gjid=2001811096&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=1099794519

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 32ms
30ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-86&cid=1326326062.1679650727&jid=2007473528&gjid=782011303&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=958620096

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 32ms
31ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-85&cid=1326326062.1679650727&jid=1251748185&gjid=669240164&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=1406753917

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 32ms
32ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-64&cid=1326326062.1679650727&jid=892350264&gjid=1469795632&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=434752246

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 31ms
30ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-207405423-78&cid=1326326062.1679650727&jid=1526151147&gjid=2138221267&_gid=125206697.1679650727&_u=YEDAAUABAAAAACAAI~&z=344199030

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kesatu.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 385 B
598 B 117ms
26ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.kesatu.co&callback=_gfp_s_&client=ca-pub-8400307307701650

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=www.kesatu.co&bust=31073358

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6371fef993ba5c5e54190f138ece42cd64c7dc7810d485480dbfcf6a4ca24f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=ads__horizontal&ign=false&pw=1600&ph=1200&x=800&y=1130.4

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DEAB 542 KB
94 KB 575ms
575ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3025194257&lmt=1679650727&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x945_l%7C236x945_r&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650726874&bpp=7&bdt=339&idt=378&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1237036045569&frm=20&pv=2&ga_vid=1326326062.1679650727&ga_sid=1679650727&ga_hid=696086722&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C44777877%2C31071755%2C31073358&oid=2&pvsid=2123521736962133&tmod=1052888199&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=411

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df9fc78d7b87a60813207365892a68623866f0e57d145325e2fb256680bd3e7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 96289
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Fri, 24 Mar 2023 09:38:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/160902/8685/ 369 KB
111 KB 153ms
49ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/160902/8685/pwt.js
Requested by: Host: propsid.b-cdn.net
URL: https://propsid.b-cdn.net/gpt/pti/kesatu.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2068ff40104d2db82990dc62f865cc325cf1073af06db962ecdbe663cfaaf8f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 13:40:25 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=32858
accept-ranges: bytes
content-length: 112755
expires: Fri, 24 Mar 2023 18:46:25 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: propsid.b-cdn.net
URL: https://propsid.b-cdn.net/gpt/pti/kesatu.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f393a1b4de8599569dd9ec13c337c8594d19da3b46c1f6a130e14e49d478d540

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27495
x-xss-protection: 0
server: sffe
etag: "1520 / 578 of 1000 / last-modified: 1679609265"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D2BE 6 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4E52 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AC1B 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C261 6 KB
3 KB 18ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3144 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AB5A 6 KB
3 KB 20ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4606 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame ECF9 6 KB
3 KB 19ms
19ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 179E 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2E2C 6 KB
3 KB 19ms
19ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D2BE 24 KB
7 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D2BE 140 KB
48 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b195862d73b87d34ae58467207b54281bcd256e97be777b3af9b1c11b4f4ebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48791
x-xss-protection: 0
server: cafe
etag: 16594165893039602699
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D2BE 158 KB
48 KB 1223ms
1222ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 4E52 24 KB
6 KB 71ms
22ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4E52 140 KB
48 KB 120ms
120ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

812b6c714a944a7d28e61541e84517be5646c5e9d023181b7d9385b3c4041dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48770
x-xss-protection: 0
server: cafe
etag: 17495056257440481869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4E52 158 KB
49 KB 1212ms
1211ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame AC1B 24 KB
6 KB 72ms
25ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame AC1B 140 KB
48 KB 177ms
176ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f73b9a9d0b8e5ba94afa407735d291d99dabc070596656b5ce93100a6c21fed7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48746
x-xss-protection: 0
server: cafe
etag: 4741287020365077624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AC1B 158 KB
48 KB 1254ms
1253ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C261 24 KB
6 KB 80ms
35ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C261 140 KB
48 KB 166ms
165ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a030b0045922b8b388646d53687ee354bdcac96f9889dcf5eb1bd85370f29b4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48790
x-xss-protection: 0
server: cafe
etag: 186220446069525527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C261 158 KB
48 KB 1247ms
1246ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 3144 24 KB
6 KB 95ms
52ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3144 140 KB
48 KB 162ms
161ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e237b4867f371732a90ec2cb2cbec638bae9c44e91027fffa5d8001d21a9ec2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48749
x-xss-protection: 0
server: cafe
etag: 13167841597361850255
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3144 158 KB
48 KB 1240ms
1239ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame AB5A 24 KB
6 KB 83ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame AB5A 140 KB
48 KB 165ms
164ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c34a7696b87131405dda541b204d04a953c50924aea9cc1bb37a5106571c186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48795
x-xss-protection: 0
server: cafe
etag: 17187390847608111555
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AB5A 158 KB
48 KB 1225ms
1225ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 4606 24 KB
6 KB 92ms
51ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4606 140 KB
48 KB 167ms
166ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87f18025d14bcc133b85996196a8be8ba7a375a50a3e594e558763ec7a0eb7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48771
x-xss-protection: 0
server: cafe
etag: 18075455504697952950
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4606 158 KB
48 KB 1257ms
1257ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame ECF9 24 KB
6 KB 75ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame ECF9 140 KB
48 KB 161ms
160ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c92182008a38c3fcc3c8bf6a6c74a4da2268b1ffa1bec0a33dd1e67ed844d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48772
x-xss-protection: 0
server: cafe
etag: 7077306570859151002
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ECF9 158 KB
48 KB 1252ms
1252ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 179E 24 KB
6 KB 79ms
45ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 179E 140 KB
48 KB 188ms
187ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

352fd9d5db79d40ca37dd7654a8769a1ef0577dd9a8d04b8304ee4ff30b2d114

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48745
x-xss-protection: 0
server: cafe
etag: 7250661141009223463
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 179E 158 KB
48 KB 1231ms
1231ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2E2C 24 KB
6 KB 74ms
43ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 15:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Mar 2024 15:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2E2C 140 KB
48 KB 186ms
185ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d34fb496bdeb4a8b1ee80be305bc3017fe3ac53d95160291e9e71703dab5e5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Origin: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48588
x-xss-protection: 0
server: cafe
etag: 847946102960150579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2E2C 158 KB
48 KB 1257ms
1256ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D2BE 0
0 56ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrlmzZrT34Z-q3ErprBYr0rMAQqxBcpwwJ0nFEQEftK97XykXjvUYiZBgzi2WTyD_wIZc8_SUzPfVWys42FzYv5sYDs6EP8jxckUCOHK13bbIIe5a_JUMxRFWofy3X2P7B7df3Rg9QssqTOa9cUwPcs6kF4-svClFYcE_tYmrXGSvQPhTKC5iT9DlVVQG8nA_qNfu0qjksg9C2HvwVr5uTLf0Y3bjYMN0Zt3UULqdGdeoe5BXgzfHb0hwrlNE1V5wGlJPUX4ZQGccxI4Dpr6nOf_bYPgdxDTMy2kLjp7wE97A58aDdA971y0-o_CNLBxzsn-ob&sai=AMfl-YQ4aBnu6cguYMhdX6k3gHrt6FYNxOXXjnBRdnSg1F0WcQM7g1BJ6YXhoqQadrRRuySjtAOJHmDssEduJRKwnJk7-qFiJPjNgZtntepXTd4sY3wmJbk30mYnZ0XAq10WIPUac46yncQxYP756Kz9&sig=Cg0ArKJSzGad8Se8F_EFEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4E52 0
0 57ms
56ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuR32RFB3iTKd7jc6kLWyZCRe8LJJRmAgNmrvjo2V0kX6YocA5sRbdrMkpDMH4jrYSaODLd8Hem_tiWjY6qYq1PCiOr8gGtUIm3yP63YKXqluby9OrpT5BflShI_MS8q0lZPYa_uv1Y7ZvnnGlLhVRUNgCqXlEZUukHdR2QK24nuTQV7Mz6ZKEc_XBo7-Tyhuq_58qAwN49q9vT_oZr-3T1oWzoLy5OFxd36wHRa1eHGmF63cJ7OPTIGkJw58YM590192lENVy2bdXYbnSVj7bSEkvDzND70iUQhy2o6HTcteqwP4FkRDSCnl0LiCzzIzU2FVrf&sai=AMfl-YTsKpVnCkUtQP98la2QHcypnvdbE9Qr90efS1OSS8ZSrKEPCwnCLjJjYnoc8cvFThKALLpGmOtLragDCnMUxGSR94ukTqMXGXENN9bT1RIaFO5Dprc1b5QUCv9iYzOhUYmwzlYelfaL52KzerNB&sig=Cg0ArKJSzHrxqUU8mU8cEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/ Frame D2BE 350 KB
117 KB 80ms
80ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073336

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a340e1d4b00e8f8b4752a896dd9f550b44272c1ec3f7bcd6a9b33a8def05df41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119871
x-xss-protection: 0
server: cafe
etag: 902240273920628140
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AC1B 0
0 58ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9_HueQBxjoQBc7ZFV5SUMrKElVgW3RvSHEfrnePREtYw7W1uJwLIORO_ZltTlxLTrY50Ft4UvjwWM6sYvBMXmWkPprMYQpbsVlY4IsjNo7q9Jj2Uds45xhEV0jt-jqPqmXO683onj1tCssoRzcYJlsPBD-JKTDK5e-iE2Pc_JE8l6xz7pgkbWhzZoAcFgcx8mpIjW-4G-mF2fLujXQc3Tp_UQwgZweQSXvXZ7Fq_wzY6XaMSDFHjUqu3nkVRX4TFSmMevOM9VihD-EAKOjjZlQCfG7DO3JrnNsXU-MsIEfyVHvgi9CYxs5R8iwaP5fBAC-eVn&sai=AMfl-YQQ87UVXc09HCxiR3lYJxgHexKEEcapIkrmVFcuslmLCeHndUcsE64Ic3W7_tRsXZ3woHzu9oEgYqiKkj5PAi4tx9f8DDvTviJgxFHSRLTiJrNslYWw4XwNS4s1d4SYxH_F7rxN4dL0EwNCqr2D&sig=Cg0ArKJSzCpl3jeV2kCZEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C261 0
0 62ms
61ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss7zBK8QoQ9dUFfgwl3yOfBg0sDiftRZtsoPROr90ERpfkBFTmYu85UmO1_pILhwQOSD9BHYTBhyVH0f6Nr7EvKr1sKxj9E9DnGHZy92xIbPUp9GiVOOzrEIcpgD1SxrjH1AgqQgKOqeBxSpS6ytRtiFDwBxW64G_PLKriUxnpie40agB6g2D9xbKRRpUpQx6j37TY4VOlSX1VAK-4aXtMTkCTlshLO7ZIjqjICMnNgw_xXEwJg8aud0SXjNDA4lQROSMfmrGDGYuvw9n5Ul0dLwbPivkevgSCbmBYyJ0fVS0sI_Te4NDscNn9YaNo4T6JgYsHQ&sai=AMfl-YQ9y_9yRFS2-WV7uVVjRzBgrYbVjZBf65KcaXfGXfUehEoQY1aOlJZAfIhGk8WtSBdR_zjL1PfPCgyNgBcNfLCYP7nTS8DmBpeHD_U2_gcJj7rwPKkiqo5b0qEBc5Mb_Zjcf3yb3jPLmq8yln_d&sig=Cg0ArKJSzGm8sbOiSH4uEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ECF9 0
0 59ms
58ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuR03tRQtzbZdS0KwPhG9B6RKoC4jkzCOqDFdpaRBXMvLazaZueCSGYeqk_mvk5lsjslb8yZ3td2oVmgIzB6Yl2CVhdP2CrtOFAVywJhitPowhDlImgapclgvpOfW2DWMBA2kMMuBT-b3NoQQBT2r0M9SrGvnLfpf-8Y2V_mjRN_BZ3zktONaMLmYEqY90f0oLjpb5rdsWw85yUPexUqVlFVsNLb9Nt9DdcZNqFjY4OsIO00HiZ32-VW17GqMiHx8uFqhf3BosQDtQ6MfqT1zwHxlARekujSXrQqGECE21EJyT1YFVkJDAPXYxMF2EMjhLk-R93&sai=AMfl-YSHop6ZgN2jLLjiR5C_XVFzna-FlQLYkyk_X6q6YlwDgFk7L9wtCeTCHraqENZlerYtfE7MLiyJnOrmbBINqKDn1SIol4qFotK-q09NvLvFJextxBz9_2aPmXeBJimszv5WBb5G5lrPR3JvuG92&sig=Cg0ArKJSzKhLu0A9qdeAEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AB5A 0
0 57ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuawu2EwQMrzQ9gQxdQ7xMWFubLsiLJ4mX1Uevi5ZXmvtlc01rlC-E8jdRMUyrcwnR2AAhvVgK0-GgWsMrEf3p1af6o51UFKO5s0UeJ51_lNKnu2JaS_1ziO3KXE-pFvxbqYI6qCdKJ-sc32PAf7BhylWYfWKp5yq8gU5Rq0iemvu6f3DWZaP_9fr0IVAHH_YlLBA97Yod0QHmMKYZoyr5sl89hqyD-VV7wYEhPzz_xrFDQFFFF7RYzsnmLTReZznrDH8_E6C_wkVdzqwnGUGZMEXsW4EMrLkUbdgMZRUQijCtRWUutH3wgGBFdIjxRRxi9Qu2P&sai=AMfl-YSwfRYi9tCod0yXRVGYgvgtycI1LY0ODf_GdzY71EbI75Ur7p11S1oEt1OQkksBwQtV3076XhUo_ECUBdakct6ushh1AlnVbsLyjT1ULGAkOIgrVeE2aONagQOqZ3h9CN9V5x9zWbQ3faKf_JW4&sig=Cg0ArKJSzKUFBNqmQ7vIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2E2C 0
0 58ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAOCjsD7cSRB5qwQ_Q05qDt3_Gg6_3QDoBUjheDe0LE8g0rMvnuwXMP7Py-rIPpY5iRHuNBKXonwl4zUQvc_bSaXk7Md1eIWNH9nJIUx1yugzFI0UzH8kMY0aj-zuXs8p54x94g4xEj7s0CwYcfEviGRvN59x6EwQu8IT13MR7kFPdlc7djQtPyEYQnpinMDmChy3_HCsL-76ju1STkj0Frrpsud-1klzOwZYZcveHz-kdGEHgxweqbQmb19mQrKbJ3tOWaFWvNSlA7PjGSbV2mbzE3uJqL_g7teC9O1OBRbE-UTC5DPYjGRi9wWHrsFH1yMFN&sai=AMfl-YQ1pgeDntlljlqKYt-poRNz2WC_11zdt7pV5kUwzxT1MPUbS4nqq3PBriNCMpJnbIjGo8fk5ncwGD2nzPs8Fds8m__2-Djr95L7BZK7GlcAW3rK_1NEjMMQoD7uNe9solNCuRj5BVFtb_IWtDPT&sig=Cg0ArKJSzFU-vaL1aIrIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 179E 0
0 57ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPk2GBrpGmhp189x9a_eln0CRgTWiFdewuF8e4eZ9g_oVEmSmKj1JctHFcqSdJguZjiR7XXSH2Dvp-xWeHiUd437ZJkoQuSdwKZcOPAqpCURwU8Iz3MSyf8u0RPiSRmf4evTAgAXJk0CBTmxL1LaGlSPKRXzG77MRCkQLiC_nTqTbn-PC74BnQxUDaVBxjQOpkTgkCkZPU7WnIiXDLsf3PdBzirOdF9qsM918y6Yw95z8nqPavF0KeOf5-Ic8Y4bLkf7N7qMOxBr7Mqd6ttS5rBEY9Kfevj7ps9kRH-U_mArBM2qRrLCAs1hPjDBFxCi1ucALi&sai=AMfl-YQKBgjYrKl6RzRd1CzugSrtIOPOhrLNqSg2ZFKrYjE8HBQKaigRULjglRf8zUlmHvvBynAMAHEG6g3epZGntuweV3KUTmdi-Vi9_8k12AuXBPNAkNr8kOLt3ABYskSOLmF0zbyhdpLCehkOdM9i&sig=Cg0ArKJSzNlfQVmf_CVJEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4606 0
0 56ms
56ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu7HSpRk58nTyGR_7dBnezmgAbDhcxvcWXN1iRYojRjHmvGxjxdWzRsuZrwvMpXwKgVYLGbpO_ifB1bVenOyIEF2j7ltO-2CLOr0WxNzUE97erZBZRurKECcMkFhH7ZaL590UqgKpTZTWwbrmtFik2S3oQ4Cmsix90ejMnKfgGjOMxwBm9ve6p_Hl98WEttgvwOkBZiufOUXOBa5gwtLPF96iXjs6iNiC1r35bl9isip7-bOjcidI1QOchr-THRDWyTsM_kpvt6h02zstZBRIWzaxcIv_PJ_XJ_md5YDzfuRsKhHxYxL1AcR7zUgBOaHFJOr30y&sai=AMfl-YTkh2YIYZrzIBPEyFqA4bCgMtjopqqkktEsG1JQHZPk6fqrGxYX65XuDGt529D-yE0GRuJDGbomfDKug8Eb8TOjmcmJyt7-sESzaVdRmmidHykmc9GwJPlNw7hbPArBn44jamWG932DEwCWgkry&sig=Cg0ArKJSzFb0WPN9wqF9EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3144 0
0 57ms
56ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuzREr1EbAdwW7ok5PtNyuwJhVVw5tZTDNH6voWyB6k3PYjB99O_9e5E9H19imXVOHn5YG66UoWmcI-Okk52Dz_uxx7zB_zt5I1il43cOc4sVaqQOUsLObJcDfyROjNYciCZFv4EVqr7n6mxf0s-Mq5LNu484vQ4ZWaQK6_knuQGdaypqMptdwc_eYjphR8ThMQ2KgVM1Ua1NwBD455UhRe0Zdhc8dYHg6AaT-aLbamjVK5jQnj5vMAOsGO-PRPpQWSyj3bWzjVd_BuJiqeD_3CHpUcpT1albFynRzSw8TgklgBIu88LdRRje4cO1aUwFVjxFDw&sai=AMfl-YQD0UOdyg1k3AgpHrDGrrejwmegsZm9io83dodFaSCVgrYz6G_ObMf63BWHqa1W2a4tE7_dQ_PLiR29lFHt2SyISkSOmIaUYA8UzqHne0zRInL2CVPJ54nQ0f9m_xsoC0J820QMOStEht4N7MvS&sig=Cg0ArKJSzFz-GLdkWFaxEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/ Frame 4E52 350 KB
117 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073335

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c7100e7363e76abd3ac27b0a6955788139ba02ff4a163568c4504c82bcf45ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119749
x-xss-protection: 0
server: cafe
etag: 14534215834013534210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303160101/ Frame 3144 349 KB
117 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073270

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bbe6ccf43a1a712280b418d9b6a89f7ca17ad6ae64e0abfa93d85e84d4b2595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119425
x-xss-protection: 0
server: cafe
etag: 16957992159939134640
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/ Frame AB5A 350 KB
117 KB 81ms
81ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff7cf555670810befce554f2d0b6bee32a96e1501a7d5c965fe44a4ca740fd84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119874
x-xss-protection: 0
server: cafe
etag: 7896136040987179838
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303200101/ Frame 4606 350 KB
117 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073271

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

618fda4a0bab1339a659804a7567c9bc5dcd1d8a2ffe00aef0f7fa47736e0548

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119515
x-xss-protection: 0
server: cafe
etag: 10162529858175698297
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/ Frame ECF9 350 KB
117 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f0e2b8e17561ed45ceda62d49a2af7725566fd472d7ec931ef7346db1c5c76f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119749
x-xss-protection: 0
server: cafe
etag: 15609497325684646399
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/ Frame C261 350 KB
117 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c912f28b7fafd4a6ebbebe9b7614a73bd465c382c5fe4817a4cb3a25f76d80e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119873
x-xss-protection: 0
server: cafe
etag: 11944270212619746157
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303160101/ Frame AC1B 349 KB
117 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b87a3cc2321cac704426e95f7b8042fd621939cd3dd8474b4a9ba8d17477aed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119424
x-xss-protection: 0
server: cafe
etag: 679746885916910498
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303160101/ Frame 179E 349 KB
117 KB 111ms
111ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a32d6ef9d87b7b1a711151950799a8e835394df5440c6a226c745996c4a8d919

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119428
x-xss-protection: 0
server: cafe
etag: 17630822531548102693
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/ Frame 2E2C 350 KB
117 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073359

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f9960d8afe804b544d488c5ed1df81417e557b0a26ed0ad2ec8b1b7d8504f90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119867
x-xss-protection: 0
server: cafe
etag: 1359799367414760586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:47 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame D2BE 107 B
165 B 28ms
26ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame D2BE 107 B
165 B 28ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3014 16 KB
1 KB 113ms
112ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755398&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727621&bpp=5&bdt=183&idt=280&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&nras=1&correlator=2993714645179&frm=24&ife=3&pv=2&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.civm7hxajuvm&fsb=1&dtd=301

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2179 111 KB
35 KB 418ms
417ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb74c291d1f957e008ee7cf0290660f7b723612c0af66ecddebd425399cbe338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 35701
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4E52 107 B
122 B 29ms
28ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073335

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4E52 107 B
122 B 29ms
28ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A056 16 KB
1 KB 127ms
127ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755401&plat=1%3A66048%2C2%3A66048%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727690&bpp=3&bdt=245&idt=280&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=2&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.zedzab6lgids&fsb=1&dtd=322

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3144 107 B
122 B 28ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073270

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3144 107 B
122 B 30ms
30ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4074 16 KB
1 KB 96ms
95ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755402&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727721&bpp=4&bdt=254&idt=329&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&nras=1&correlator=3475047514032&frm=24&ife=3&pv=2&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7o7k8v414916&fsb=1&dtd=348

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame AB5A 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AB5A 107 B
122 B 31ms
31ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9D7B 16 KB
1 KB 97ms
96ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755405&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727746&bpp=4&bdt=273&idt=336&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&nras=1&correlator=753749785312&frm=24&ife=3&pv=2&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.a1h9fbk199cw&fsb=1&dtd=352

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FA46 22 KB
10 KB 353ms
353ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffbaa4c6580637004983c65c6b0cb3edb1c02d3abe551249b28f248431b4b7f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 9908
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/ 150 KB
51 KB 110ms
110ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303220101/reactive_library_fy2021.js?bust=31073358

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20d1c7258800dff64d7e4044a7809271e75bb8ee529c3bbcd838d7b83fcf4d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52129
x-xss-protection: 0
server: cafe
etag: 2977713329463054495
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4606 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073271

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4606 107 B
122 B 28ms
28ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C0BA 16 KB
1 KB 109ms
109ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755404&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727764&bpp=5&bdt=286&idt=389&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&nras=1&correlator=8107698232765&frm=24&ife=3&pv=2&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.5ds02ds2l8h2&fsb=1&dtd=408

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D81F 91 KB
34 KB 369ms
368ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9223a9fec85224bba9c80bb9fc5a2d8e986d698272f3436c42ad6b8af9aa9bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 34683
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2779 18 KB
8 KB 292ms
291ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d39b7613d5bd42f3cc0a4de5e6603da50e7581f5278084cf10f97bd2d815383

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 8489
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame C261 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame C261 107 B
122 B 28ms
28ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1A7B 16 KB
1 KB 94ms
93ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755403&plat=1%3A66048%2C2%3A66048%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727804&bpp=3&bdt=344&idt=397&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&nras=1&correlator=8038977611362&frm=24&ife=3&pv=2&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.cjz7ozxlsovn&fsb=1&dtd=416

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame AC1B 107 B
122 B 29ms
28ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AC1B 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EE52 16 KB
1 KB 109ms
108ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755400&plat=1%3A66048%2C2%3A66048%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727828&bpp=4&bdt=373&idt=406&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&nras=1&correlator=332749602947&frm=24&ife=3&pv=2&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qpbxe6aa0wj&fsb=1&dtd=430

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame ECF9 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame ECF9 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 373E 16 KB
1 KB 98ms
97ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417941&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727785&bpp=3&bdt=302&idt=488&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&nras=1&correlator=3584592226481&frm=24&ife=3&pv=2&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.8d844kr81020&fsb=1&dtd=507

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BAAE 18 KB
8 KB 224ms
223ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df18e53a5428373573e9f2d9bed9cc4c4280dee56c5fc6f15baa8083001bbea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 8327
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D934 17 KB
8 KB 291ms
289ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25a74daac5f486d56869b275aa25c5ca4503e6b6fa172083ce1b563ae5f660d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 8040
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B0B8 17 KB
8 KB 265ms
265ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c62e1e3a08ad3f3c7bd21eb512efbbb6d2bbcaa7490146c7efebd65f585badf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 7975
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 593F 105 KB
35 KB 329ms
328ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=280&slotname=6032460967&adk=4050463280&adf=776186313&pi=t.ma~as.6032460967&w=336&fwrn=16&format=336x280&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727788&bpp=2&bdt=304&idt=575&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3584592226481&frm=24&ife=3&pv=1&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.vibzbo7sttq&fsb=1&dtd=579

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e80528cf2aa07678142da551633bc1af699f014c04dabf87dce86db9be207d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 35459
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 28ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.kesatu.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.kesatu.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 157 KB
45 KB 640ms
640ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca6b32110c3df8b7e7a625dc32e1f0aa84476c84489c01c898a83bbe67834ef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45850
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 747 B
406 B 150ms
150ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f14cc14af11a6df39ecec63d5ca35b7afbd0552ffd3cd2071a94291fa2aee18c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 377
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_page_level_ads_2023032101.js Show response
securepubads.g.doubleclick.net/gpt/ 33 KB
12 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2023032101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0249bb451c88404547895e0bf6f864612756386473cddc798d978742c65af546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 10:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12333
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 08:35:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 20 Mar 2024 10:41:43 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 179E 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 179E 107 B
122 B 28ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 221F 11 KB
891 B 99ms
98ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417942&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727861&bpp=5&bdt=370&idt=550&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&nras=1&correlator=8289227754072&frm=24&ife=3&pv=2&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mxbj6c68owxe&fsb=1&dtd=570

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04d5f13346fb0bfb545720344a3c079e036bb3b387f713d95cc652c736ab83e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 871
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2E2C 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8400307307701650&plah=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&bust=31073359

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2E2C 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8CBB 16 KB
1 KB 101ms
100ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417943&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727885&bpp=5&bdt=385&idt=563&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&nras=1&correlator=2011364098162&frm=24&ife=3&pv=2&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.anj3as23i569&fsb=1&dtd=583

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 1119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 2179 4 KB
717 B 29ms
26ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:18:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 2179 2 KB
818 B 23ms
21ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 2179 22 KB
9 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 2179 3 KB
1 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 2179 20 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2179 0
0 100ms
36ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDsP2w9D_7hJpN5PzvN9aEJb7f6yjP2i3N8BmtLE0hi3OCNmBaqTi_JVHkjS7eeDVpIOJaovqPZ1Z6a6gez35y5Sin6Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2179 158 KB
48 KB 91ms
89ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame 2179 34 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8260 32 KB
12 KB 221ms
221ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2858c4be6d70d0ef0ac6cd303154658c117c12b45c6a10223214dec38553f0ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12777
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AB63 90 KB
33 KB 267ms
267ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&format=468x60&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727890&bpp=1&bdt=390&idt=640&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2011364098162&frm=24&ife=3&pv=1&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.rgliiog0vwvd&fsb=1&dtd=644

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

251aa5a76c0926d71c1be00b150a2af09b9df8fbc5ca682dd4dad3906374b5e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 34235
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA46 42 B
63 B 52ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bl_Jw45ED0tHYSmuapeEZz4W6cuWl_ofhQIhU2CLWaJJ7kWnidwzLc6B1g8kKBHcWdgmACMi_Ft4ONoQwaZK9pmbDdD8UE-j85nGtmfNFTjDrXRsg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA46 0
20 B 53ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4360082974317013425&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame FA46 78 KB
27 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame FA46 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame FA46 20 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FA46 0
0 73ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxuEBbKCFax2WCuUTsWlbAJkyynIPlQQ8CGFxQ0wVIualoxOMurQA6ddqm0DA4Qa9FM_ILP6dv0bnuKlil6u5m_42pHQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FA46 158 KB
48 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2779 42 B
63 B 53ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dz4By0vYllnwXre0zfhygAkUNPOURXmrqnXt5981X4mJ3q0-Zd3pHDOdskFSQpGP_JqnkIxNDvoa5mqasXKKQOLOrO_f4J6VYB-f56RoXR_MJGPjY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2779 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10710016312983838682&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2779 78 KB
27 KB 118ms
97ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 2779 3 KB
1 KB 45ms
23ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 2779 20 KB
8 KB 43ms
22ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2779 0
0 56ms
16ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSXTJuAk6WI6gs0tR_9rBPASRoRUOsVm6GsBIXhBPRDC4qIZ2qa7kYCEcpfUhmRM2tnI1x7p3vMac0ZUw6AGt5yf3ZE8g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2779 158 KB
48 KB 59ms
37ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame 48C0 10 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 51362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Thu, 06 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame E40C 10 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 51362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Thu, 06 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame AD24 10 KB
4 KB 19ms
19ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 51362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Thu, 06 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame 4D4C 10 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 51362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Thu, 06 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 31E6 624 B
245 B 66ms
64ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYta2j3wEwAQ&v=APEucNUsmr279XdX2EZse8ve9D4QLtjZDjL3LTx7B00MMxDIGJWrCE1-HBIJVpRHzaLtDFfbprU_e1pxOMfoO10lg51Tzx5qODXdirobp0KamJqtbNAROGSaSWoYwsSOFKkNGvZP3iG1QO3qEWFPvYeoFaQ3BuRsMEEzC-nlHzrtq_YL3H2VMio

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
expires: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame D81F 8 KB
895 B 29ms
28ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:21:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D81F 2 KB
765 B 20ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame D81F 22 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D81F 3 KB
1 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D81F 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D81F 0
0 32ms
29ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTdSzLAjDE8jege4M6Ply5HqXQdAz59E5IgztixrpFUwqbqPrTzyS722ysk5NVts757YjVTzs4fi6WFRDDiV2BxW_dVRg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D81F 158 KB
48 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame D81F 34 KB
14 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAAE 42 B
63 B 62ms
61ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A27m4qCKB27xid6EnHWk9Z5O4VAxEs1CBNCABYpgRJQolPOwvwPxYNAUAWnLu8bxbxfxj6-1JwTu4X5kcToKvJSanTAvP5vUuf_knpijjJPo8iXhY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAAE 0
20 B 63ms
63ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3446042989077842187&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BAAE 78 KB
27 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame BAAE 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame BAAE 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BAAE 0
0 29ms
28ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-Eqho0IfMbS3sfbFYWU4ewSf0lZA0lwu8QrZFbLSU6kDuJYLQU6j6aD87KCpjaB03TDBImkp8PIfKD78KWKPo89Mhkw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BAAE 158 KB
48 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E52 0
20 B 64ms
61ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-8400307307701650&warn=12%2C13&w=300&h=600&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20230320_103720&sat=1679429434719&afm=0&as_count=1&d_count=0&ng_count=0&am_count=0&atf_count=1&mdns=0.993&alldns=0.993&allp=53&pgh=604&abl=false&rr=n&su=aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com&pvc=2349057996052770&r=0.1&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 54FC 624 B
245 B 79ms
58ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz6yj3wEwAQ&v=APEucNV2vJdzXG0DrWMVDNhc7wtlj4OueiuxcPCIXbWG-voJSDAoHKeveOWM21sxLWXM7sBvmFOu3xk8Na6b03TWUoVNa8wzpuHTgN0heHxRdsWrw0Yp3EDQA4eoeS1ma6zf5lTXvHvIqOjrY9gnb3c9GtrxTkTDdpnE7XoA7buZBPLg5gimNwk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
expires: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0B8 42 B
63 B 61ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Appy0zyVZt2SN7uMx26ZqZ8ujQ3G-3k7QVrn6rdak7yUc7WTHv-JWRnCCVyhoGC6m3xAx9HEHT34g5sMVjt0OLIrR53i4rlVX_nGxekZljuZ5TK7A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0B8 0
20 B 62ms
53ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1650744365359390187&x=1&ct=76

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B0B8 78 KB
27 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame B0B8 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame B0B8 20 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B0B8 0
0 27ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSqjmvC7fCCVKStAV3HNUSbgf7j4zk9vxw56F5l0HrEvbuvMIIG7_uhltzt24M-C2s1f5CUZlDzF5pNSEMIWnOZ3fJurg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B0B8 158 KB
48 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D934 42 B
63 B 53ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AGh7mYgt2AIEdahFSy6no1L7wU3sJ8MGaHLbDgE5nlxiL_7596nl4QYUAWTL-GdJIKQ-tH1pTutYupdgav4G1d9WAiXx0MqxnfkMMeCdWWFzHk0jU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D934 0
20 B 55ms
53ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17678322049815729781&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D934 78 KB
27 KB 112ms
108ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D934 3 KB
1 KB 29ms
25ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D934 20 KB
8 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D934 158 KB
48 KB 38ms
34ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2179 0
0 63ms
62ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvXXsqG8dZKkLmLjLBdzSnqAHzarbxm3hvOzBqAyK0aPtvgEQASD1reSKAWCV-vCBjAegAbC6odcDyAEJqQJhExixfSmyPqgDAcgDywSqBMMBT9DYsWQdl5CD-ZX7nTgVbs0LRknVP2aeSZ3Ra9kkJSsz7y253_3-QpEt9FzpcTdLYtlsyvUAkXOXKBl9_a9zfcXDPrXf6JZLVBqqjao_tywkjegfsuNxQM4zGhmxKDmwKcMtsYQehKrSIBeRspX4qNaYeuWBrFxW3-qPO7f4IgETgwlthzVwxsURBS0KSD_RIoXelo8uoxUKWh2d-tPRxtjTbzZ0u0o8Sfdi1ELFI12NccLs8eyc8O3303eu1JzS7qGCwASJ4OLKjgOSBQQIBBgBkgUECAUYBKAGLoAHv9m9YKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDb-BHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDIgUAdAVAYAXAbIXHAoaCAASFHB1Yi04NDAwMzA3MzA3NzAxNjUwGAA&sigh=iwH6O-dF-2E&uach_m=[UACH]&cid=CAQSKQDUE5ymCw-Xx1MVr68eWBO-5Wc1aaWWBYzHLnXpkrBLeTDHMB70OlvsGAE&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D81F 0
0 62ms
62ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CW1P8qG8dZOuHDsmGiQbF4p2QBZPAmc1vqfqTlpQRqtu_oNQBEAEg9a3kigFglfrwgYwHoAGk3ZqLA8gBAagDAcgDywSqBMoBT9BF9T7g8FNN9z5tcZ68XYKDOkAuc5BNOG6FvdLywwSV4wm_gu2VTkIjiQk5DVj_6yPCiRSs9i-KE13cdsY8Kgxk-RJrcvQAh6rd1llsDrmvO1OjScRhg51FL933hKYAGhoJGbYSvfJkmMGcuzsZX5ume1AEOSjTdvTNyVyLHFOp07k7dosFycxZX_Dv3O6bvFLACr6CyRf0wT_uOLAXf-KEmjbTCK5bc67DjqdQ4xnnLbxYONG3RHeRQ0dqKSIpFu8zIMZAF4eqOMAE97fc5ZsEkgUECAQYAZIFBAgFGASAB8Si5XSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDLmQrSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAYAXAbIXHAoaCAASFHB1Yi04NDAwMzA3MzA3NzAxNjUwGAA&sigh=aF0Fiv0IXUs&uach_m=[UACH]&cid=CAQSKQDUE5ym_sFl0baMPrCPIQOED5HS4oSnkvjSMJn91ui1S74uLPP6-lY-GAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 593F 4 KB
621 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=280&slotname=6032460967&adk=4050463280&adf=776186313&pi=t.ma~as.6032460967&w=336&fwrn=16&format=336x280&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727788&bpp=2&bdt=304&idt=575&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3584592226481&frm=24&ife=3&pv=1&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.vibzbo7sttq&fsb=1&dtd=579

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:51:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 593F 2 KB
765 B 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 593F 22 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 593F 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 593F 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 593F 0
0 27ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT5EqMzuFBqG7kxociLvztZau2k9byMqmGFqzetBvyeFBZFJlg9KstmTG3w5HmPtl7C1OiefSio2uS0QcnILCiy3OfSKA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=280&slotname=6032460967&adk=4050463280&adf=776186313&pi=t.ma~as.6032460967&w=336&fwrn=16&format=336x280&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727788&bpp=2&bdt=304&idt=575&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3584592226481&frm=24&ife=3&pv=1&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.vibzbo7sttq&fsb=1&dtd=579
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 593F 158 KB
48 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame 593F 34 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 48FC 640 B
262 B 61ms
58ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYwpC-4gEwAQ&v=APEucNXvwzI-TXPbkOxSzt64ke5nX-idJPkDqNLAnvQhC26Q8-PlEVgfo131UZWq1Y7RIGcq7nfAeuJ1cO-XqLz5MP6yZmcIIghGOoR1QDhYtvNboHUogzBusoblccIvm4mciQA3IQcvNcs1xjJNl2I4Ew8nydsHmeb42O10vo9VzcpWdm1iTn4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2179 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame 2179
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

19ms
19ms

Image
image/png

2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Protocol

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
age: 142418
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Mar 2024 18:05:11 GMT

Redirect headers

date: Thu, 23 Mar 2023 19:27:01 GMT
x-content-type-options: nosniff
server: cafe
age: 51107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Apr 2023 19:27:01 GMT

GET
DATA 200
OK truncated
/ Frame D81F 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 css2
fonts.googleapis.com/ Frame 48C0 4 KB
636 B 27ms
27ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:10:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 48C0 205 B
229 B 18ms
18ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 08:50:05 GMT
x-content-type-options: nosniff
age: 2923
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 23 Mar 2024 08:50:05 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 48C0 604 B
628 B 19ms
19ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 08:42:22 GMT
x-content-type-options: nosniff
age: 3386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 23 Mar 2024 08:42:22 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame 48C0 20 KB
8 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 17:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8563
x-xss-protection: 0
server: cafe
etag: 3720302941478166528
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 17:01:25 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 31E6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

43 B
766 B

40ms
39ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYta2j3wEwAQ&v=APEucNUsmr279XdX2EZse8ve9D4QLtjZDjL3LTx7B00MMxDIGJWrCE1-HBIJVpRHzaLtDFfbprU_e1pxOMfoO10lg51Tzx5qODXdirobp0KamJqtbNAROGSaSWoYwsSOFKkNGvZP3iG1QO3qEWFPvYeoFaQ3BuRsMEEzC-nlHzrtq_YL3H2VMio
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 31E6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

43 B
632 B

46ms
45ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYta2j3wEwAQ&v=APEucNUsmr279XdX2EZse8ve9D4QLtjZDjL3LTx7B00MMxDIGJWrCE1-HBIJVpRHzaLtDFfbprU_e1pxOMfoO10lg51Tzx5qODXdirobp0KamJqtbNAROGSaSWoYwsSOFKkNGvZP3iG1QO3qEWFPvYeoFaQ3BuRsMEEzC-nlHzrtq_YL3H2VMio
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 31E6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1

43 B
1 KB

54ms
33ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYta2j3wEwAQ&v=APEucNUsmr279XdX2EZse8ve9D4QLtjZDjL3LTx7B00MMxDIGJWrCE1-HBIJVpRHzaLtDFfbprU_e1pxOMfoO10lg51Tzx5qODXdirobp0KamJqtbNAROGSaSWoYwsSOFKkNGvZP3iG1QO3qEWFPvYeoFaQ3BuRsMEEzC-nlHzrtq_YL3H2VMio

Protocol

HTTP/1.1

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
AN-X-Request-Uuid: 03adc050-fc5d-4775-a988-803dbb8a8c86
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 31E6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy

170 B
188 B

36ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:49 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 334bb6ad-b57d-4eb0-8b83-4e5b29e449a1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 861C 466 B
235 B 60ms
60ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3K1_gCEKzp0s8DGIOLhuEBMAE&v=APEucNWn4C39RI1beIc1aWcqx1cPqTQdNTmyNgARQNykMwmZXdif185kyyzsMDyL3JDredH228SfxlOIfeNS97P3Vb70i_vkzSQIe-gXI2yenglAOKDEiUx-nnPPN51lcC3TCQrHvrHnFzhU9Ds3xXivEG8E-BU003txbxtABGo2fAFpgxKkcTo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame E40C 2 KB
765 B 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame E40C 22 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame E40C 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame E40C 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E40C 158 KB
48 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:48 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame E40C 34 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame AD24 2 KB
765 B 20ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame AD24 22 KB
9 KB 21ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame AD24 3 KB
1 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame AD24 20 KB
8 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AD24 158 KB
48 KB 37ms
33ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame AD24 34 KB
14 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 4D4C 22 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 15876205146972594916
tpc.googlesyndication.com/simgad/ Frame 4D4C 25 KB
25 KB 25ms
24ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15876205146972594916?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmYpYIw7GIgQsIXAscdiz3Vd5zmhw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df88c0155970cc20f2a6124d666bda688144501fe5a31f41b9e3c15795f83715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:07:49 GMT
x-content-type-options: nosniff
age: 142260
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25188
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 08:34:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Mar 2024 18:07:49 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 4D4C 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 4D4C 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D4C 158 KB
48 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 4D4C 34 KB
14 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15eaeb49112cb71de08a452c992fed4d87476508ede572843ab40ef34d254ebf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:59:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13832
x-xss-protection: 0
server: cafe
etag: 12056988738142335449
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:59:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame AB63 8 KB
895 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&format=468x60&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727890&bpp=1&bdt=390&idt=640&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2011364098162&frm=24&ife=3&pv=1&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.rgliiog0vwvd&fsb=1&dtd=644

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:24:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame AB63 2 KB
765 B 27ms
26ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame AB63 22 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame AB63 3 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame AB63 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AB63 0
0 30ms
30ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSf57EBjMFgtFS07Y8MIinVqRc2ozxDsIF9EPkYUtydwEwOtqpcTD1FcApbd3lHrYz4YgUZIVEEtYsOPim9SpuD8VPA4w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&format=468x60&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727890&bpp=1&bdt=390&idt=640&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2011364098162&frm=24&ife=3&pv=1&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.rgliiog0vwvd&fsb=1&dtd=644
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AB63 158 KB
48 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame AB63 34 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B0BE 466 B
235 B 63ms
58ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGI_29uABMAE&v=APEucNUpynTTR9NollCajS9P27xH02al9tYaYoHQb37SyTUS9N_uByhGryWqs7yQm5vgKnZnXOfpeznj9u2HoGtYrMrxVI-k41iG5Qb1rvkujiFrmzCCzPq_BkAUBiQ9c7EsK_4eDP1zkq83lcizMkEceDezYD1sWb9n_BeTeBnQxCZXBpColIE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 54FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

43 B
632 B

41ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz6yj3wEwAQ&v=APEucNV2vJdzXG0DrWMVDNhc7wtlj4OueiuxcPCIXbWG-voJSDAoHKeveOWM21sxLWXM7sBvmFOu3xk8Na6b03TWUoVNa8wzpuHTgN0heHxRdsWrw0Yp3EDQA4eoeS1ma6zf5lTXvHvIqOjrY9gnb3c9GtrxTkTDdpnE7XoA7buZBPLg5gimNwk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 54FC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1

43 B
632 B

42ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz6yj3wEwAQ&v=APEucNV2vJdzXG0DrWMVDNhc7wtlj4OueiuxcPCIXbWG-voJSDAoHKeveOWM21sxLWXM7sBvmFOu3xk8Na6b03TWUoVNa8wzpuHTgN0heHxRdsWrw0Yp3EDQA4eoeS1ma6zf5lTXvHvIqOjrY9gnb3c9GtrxTkTDdpnE7XoA7buZBPLg5gimNwk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVdl4dbKlPx9sDhciSJgWE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 54FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1

43 B
1 KB

26ms
24ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYz6yj3wEwAQ&v=APEucNV2vJdzXG0DrWMVDNhc7wtlj4OueiuxcPCIXbWG-voJSDAoHKeveOWM21sxLWXM7sBvmFOu3xk8Na6b03TWUoVNa8wzpuHTgN0heHxRdsWrw0Yp3EDQA4eoeS1ma6zf5lTXvHvIqOjrY9gnb3c9GtrxTkTDdpnE7XoA7buZBPLg5gimNwk

Protocol

HTTP/1.1

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
AN-X-Request-Uuid: 90f25b5a-5942-4b22-a41f-214f453f3cbf
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELVRE0mOgQwvacfHx0wbxFI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 54FC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:49 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b534df5e-de5a-4645-ae1c-52c9d240323c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc4OTA3NTIwNjM5NTE4MTAy
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 593F 0
0 61ms
61ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7aCvqG8dZOHzGMO_7gTu45QYvY2mr2_HzK-svw7_0aK9wAEQASD1reSKAWCV-vCBjAegAbC6odcDyAEJqQJhExixfSmyPqgDAcgDywSqBMMBT9DxYmY5NgY59cFyafCYcsbwVooX2TiPW0vz2r9aBlWwWmLYLq6aQEol6OW9MtgHbz52_ff1o1r9Xw25yLyZHOLRj8nuynLirddX-_sSMMu7bszEc02bWcq6IZy3RrybzkKsl3lqVJ1TIIM-ne1BwELty301j9T99IlAfrr70SB3nS6rC5B8zmo74avYhuKnjIbuPSTrumn2ZwbzmfuI1Txh0CK87UVLiLy5qRhKa4XVJ7Fb7PsYKyRvw-7LkSb7cWWnwATRnKmq4AOSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDghArSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi04NDAwMzA3MzA3NzAxNjUwGAA&sigh=vprzEH1ebfc&uach_m=[UACH]&cid=CAQSKQDUE5ymGe4zSZtjV_ChUwBy15DPaf0MgS8E_LuR_-lo_VhpevQAyhmuGAE&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=280&slotname=6032460967&adk=4050463280&adf=776186313&pi=t.ma~as.6032460967&w=336&fwrn=16&format=336x280&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727788&bpp=2&bdt=304&idt=575&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3584592226481&frm=24&ife=3&pv=1&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.vibzbo7sttq&fsb=1&dtd=579
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA46 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6559340461057&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA46 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6559340461057&version=m202301230201&ct=76&x=1&cor=4360082974317013500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FA46 95 KB
37 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp9HPe2Qz7VLK9IXbaAZmfRDd-UlrFq5UICsH_Jr90T0SdlQ50ayMeQCNsXfkRsIgOzE4z2ttIEeG69ux68OoayHAKTw-b0-QsZh6uo8mcP7Bsy39hunPcvN5h8V_bCM5EOaweTrcz4FL_5JX7oFBvq4AOZtxB-f5R-l2USolavGTLKQI&dbm_d=AKAmf-C-Ig66v1MpAsDOdvh2_xq3KxJAvC7sYme20jPsBJDZ1raG_iq0_KljARR5VqiPJbdJ5QNOLwRcT5MjAYBrwG0m5-XC4Y_PP-UJ9ukMuuOLuulwwj6KgBbTiNsW5cG8H5rDmeCWibEj3015cd09ZU7d2pJuMyM38sjqQBv3PtdaTUH5-lok2GPmQpZNu6UQtVKntNFOqn5OLatIix9vuno3jNwYp2Rw6Yi68CydrFhwDCI60iR0V1YaqLo-_lvkqgQdnvgFvxup3GNPrJdYhxo0GWrikyE3BIgHy12WM4UAqexwXlSToFwFyXIhedqlUfjUAfVuyw3XC57r6tiBpRRuFrKV8tIgXJHdud5rKo2_mG7SAK1REB3bD9wx15i0JixMdvAV7NcDR8741HKZ7LAVpHANnLXLgHh1NAvfTm6qidAtSCYZW_vk2tTduexBdllfWMWv3dkkQKTT4m6stbCnK5b8oWnjYX59ZHmbfVnMZphvpcY6v82N_fmctzSOG_opQd_ePo0OJO5qplBNHKT77gBdvw9vSlBOFzW6hE0UnNEAzviBaTx61_HwjRfR4uCpsak5ShTTSErrvb4Lm-wcrrMcYHRBZ2jMgluCldlTm_auVYzAwa-ImHABO_-GtJSVVQyD7lLyfblu1gJEZ8t9GgGi69Co8OG_AphABHarv0jOPHea_T8ObV5raezyKVLYpwdcevay-z9tdPLKrJ3vS-a8KrmnGokaklVj_-e-XFf-LH9foht4-1qq-7YxAm0nj9D27EgzFuwXgDOOx0SBs9GWMjZe12hQuZ68LEMrIB0y-NqSTGBgesZU-tyHgC288OkAcKBItVWFZsG_6goY88OdOFj5CzW1NiURlvF2ZS8OHEkGdNfHsQvYGDVF7SDfwoQKqiJnUuuXrOweB54EGyB3iP_kzd8L5IuGN8kB9f8frNDEIKAUbu1xlG77Qo2NjLf-l_R4Ar7xuHleWzyIHI_ysrXyKT-Yth0NA4JGPNgPjacd1MeQHGw7nViLp9rJ9gOEowTNsmIj46vfo9n7CYAG3fSkfKU1Bgq5NL9APfy5NB9dj6tOwvQtRlXD0CyTakUHcbi_KipUODKk0aiAkbfXdGH5w5ykk-lopSluQG9Vai80WFp-HoZMTCXQ4mYA3gW2HifzlyTWBhuUrSIgnj2ugO80UXFs2MtV0MejiNF27c_yTXShidltaWuk29T24D4bQDy_-UQb_5BdAxZl_ksLivZDTjEEgGCEbCn1li7pVx_Bon4XwnOL9kceMZ5WDo0hnaGbs7zlpumlefs4vVF-x5QzZKrAg9xA6Vr_B3tdwd-cPzpbxwLgpJwa3S9VjMInLFhdn4jRjNAF4gUt7HbfD66bvAwihYxUwsfYFmklbhbqY0lO6mkwZ5WEaFFETyHMhK5Hwy2eW4eDWFE_Mg3wr0-tv_sVLigwXp49KNhf-ne9LDQtQhk8u4okVXDYkpOYtTDlaArXSpqfrg9-WIxDn7X9KqhoncKfY_e9EbQznvneOnU2YsdzLZuRV6jAVReIleP3juq6s2EmTRhiEByfaEHA_u7PRSGrzQSDqgEkignew65gRjeKT0l98vIbdjOIah486fYPO594mAKwdn5JJ0WGbeoxIvheJkMn4WScdsuMpx5l75APBMNptT5aQATjCm1y_FGtZreI38xaFXL4mpvOnMgvng0h_W70SxoINhiYkKG929mZWEH_nS0_eFzrjpxYdIQVuu6eweR4d9S2eUAxbnTrXI1GkefwP-O8i3KWCN3_Es-HmUtWjsjq069SHfjr4h0VkKjuovHXh2RL5wv3rXdrYyUrk3BmksJLO3Z_YDJVHGTXbpEhgED2KlAzBzJqinaEJbLvh-TUe8IwMQ-vn02kDIfSyDz1nbYVmIg3jq4B2WGoB3XWFtmdm0mjMM7elFth3ZTOtF639-LsTth_XSz3Rif3wXR0JgOP-rTExGGB5WVPdrdXuPi9El09u4Zx2IlHFiti4RmRu3Y877MKfzcBFKdiwPieE1rY_sU9iL7O9JiiatKqEsMxibUpOAjhgkx2NxvGM6O31lfSOQMp6ecGAH2nESEi-KY1jEO0rloHWi8sWVd61fROTpu8O1_DV_l64kru3btvXOw9tJ98z9iSWx7UKdGcxGvjYiyzTpstGpUpe6hpjvlAFjit4W4EXo0yiLXHRckEdUAT1NvV5aaufKEiMJr-SMoyLs08Mqt4Sgh7btV1cHCl-_3DVv3bxlnvcnT_B7XEZTfsf08rEn8_5QIv8SL9Lir9DsTP8c7ZkOE_PHv1bWCExJkHrv_8xRgGSXEI0dSxN5LwoZGHfc_Oga4eqDGpHpUN8euRkXZIUK0j2dcP0ZYMGQX-9NNYkmg-bjrwFyk1AMeb0guEPqgvhRU1B66eVVVWYgTZLXJMLT-_5_JsYx9B8bmSAnUbi3X691WL0gQC0dzm_wCZg0BVYPqFJO-yd1VbihrtOET-R-X0pZhMXrPMtNqrB3Dpcn5PqBIAXq2wX-gmqhE6ASAqFBZ3PZyX9Olj9gfBdjJB2xK4REAYnYbKv-c-fNeqEt5yy-NViWmdh8T9TrxM_j2jfc92KsxGWXP8MpgNsKoSdyVIbjT5wqFek72X4ha5jD9vYWDqhThxonlxXtj3X_o2WoKVV4EbxDbRSHfjgfgHnrR-xFg-wq3wk3VjeVS8fwbvb4GVHT67sbdZZ0FmYb-IkrUtkx3vz4Pa0UZkGJ1zeoM_N1NTw7shKeshKcR7qbh_BHZbMlI8e4PLia9-zPcd2LmdJOD0yYCdLKZKay-8tast6FnNTQEeravCVwXGo8B2EJFbDzu48sm-IPaFnP6IljqKMRFx9UUIV0zHUltkopKwIlsX9tfbp5-k_omrZqxOZpCsk7FEBo8UmIjYJf3JMN_mRT8qM11OwHf3ML5wQ1cQfH1pbSF-4Zdatheo8Al_Tc3W1eEpvFBJ36fQBU-deCkZCLqzxnPE33yfL9FXX8Mebr2vwcNn_RO4t50L80hEBhP-l741vzODysIGFRjuyhv-Ivxox7A0TwDjfFys8jFP4AKLhTxm7nHPnKtYxEhDNddpRcQogcAL9VLZy4uYE0Hvn28TaRENWJP1v6ZOzFH11zOTut8pgu0j6DmyKTzps47gMicJFUt1U0Y5IRTG7e5MNr4uI8Z_O6e18rUFr5aNsCy-NBsZAl7-kxsAz20pfZ-OP_BB0rCH1a9rhNmHzeCmqumJ9tXF6TiI4ZVh4Ht9XFn3fQkVz-C9_yWK7pIEZMuN4yvEAjG2CCtdo3dMTvzkigdT06NRMAaAApMAHkWDut5EU3NQzc4l&cid=CAQSKQDUE5ym1bJly_Dzeg-gJ-95AoSuuBU2AQpxpCMhRemp_9Mt5R6jvN8tGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=4360082974317013500&adk=4022746785&idt=211&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

31916b9fdc85bc36d93ce8f4e744cfe88bf1f1915b601ebb3a5d8094b97de44f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38103
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4E52 0
0 56ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstiwK0D47HeZlYh0plctZM8TBsCFTO3VxzipnH1i_Rd37Ef7_moXW0z4-Mzo0jhgMSHkaHQEaqsRQJugOV-uccYf1bFJNWpNPK9wyV-ZSFykYgmXtBoJVSHMYHzaYO22JdSBYhXSdzHcP1Nux4HO59nPYmi5VrRyOyZuhMNLnPS-CnBpKxA941S30irfcbQY7LUICfci_5X51SWVGhSVFkh2Di6xeU0gWXk8le7ph2ssPmnpHhiV3kC4bc2-HFigY7yYMwp6ElKD5OrO-pGudQvNIa8UyZ0UQs2q-giEAuY4SLdymcSMMDQyk7_oVG1l-9e5vThKQs&sai=AMfl-YTJywGbIjFVNbYKC2gWRZjNg9lVDMqfALk53_d3LfjXeZMnl5btVA42ZK8enZzxlTd7vg1XKfTgv3qDmrv5yjPgrmwNkMgLFGXvd4uFPdN0FJbTObn--cSikR5-_hWWSRihJkS74njmi4sUe20H&sig=Cg0ArKJSzOf2Ks14pp2nEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C851 0
0 61ms
60ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMRVWqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS8AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D3792hI1jHa_l163H-1op2gANf3NhF34JU-lzXwIqulnCPrjVH6LGCugAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi04NDAwMzA3MzA3NzAxNjUwGAA&sigh=AhzxOknjccs&uach_m=[UACH]&cid=CAQSKQDUE5ym7Xz7dXQQyr_75hKGfxc5--ZzPgJK7HaI5BesoOpUiEBHm1iEGAE

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame C851 0
0 81ms
28ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kdtr3ftqpss84gg6ws40pkcrsksy38n7rfd6fq7hgsbeag38sqwacg2pq2j3zwk16q3648kbx5grsjnq5dc4h0zwkdzkggh5ynf0ryb8n01z4btq9ttvt5q136gmwmvv3b673960z0nqjgb0xkaqaw1nrcqeje7709cz5y9xza4xc0mdmxysn0neafbmv7gzqd3v7zt5767pwenrmh1gdm5tcxq75ngktgqtjdrprfnh0ykj2amw0t1e7fm73mvdfkr26wszmr8qpwcc1a906nr5w8d3bh5dfark5tmvdcsbmtv8fg1k47ecq20ftgb53qecqe10qhk63266f43q7gn4sm6h1v9k9s7y25nv7wznv44sgd288fv453ckbzb4mm7r6awvrc07vg&b=ZB1vqAAIpkgKwlR1AApC5gDq5VItozxh97LtOQ
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 24 Mar 2023 09:38:49 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 4106 2 KB
3 KB 92ms
41ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1k6fpk73kj5v8ksta3h514zn1rb9wf3r7vvmpe3726yvqbjs411r24vxmwx8fan88kym4hs7ty1q5m9nfapqnm662b5630z9144hyq8cr0a1x8p7hg27kjwpktk5nxm75y6rbxkpx7gej9eqqgb5a63g9vyn8c9pp2355k00g8f2dw9fs9ajk9cs45desmqqgc0bj0j9cvbzs2ddx8cvfqepp70sfm46xrexgnkf7smdnraczzjj9q5xbqx1prea9df57tgxkxp9p0xvbr8q2wmmxy7va35n1v7pw024p40s2zrcr7z74kpzf66mdgs336zgwcpb5yy8aa37cc6axtrx5qh7538p5r110tsxr5r938nav4744he4qa7yg46j3qxr7eyr1ysrgja0rwjbqtd8ejpnqwaqhcvvdyqzhtsz9442fa088222gsbhkthpmsef7bkc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%26client%3Dca-pub-8400307307701650%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22829bd69e36b744d663cbd6a2f8b432ee0a79b41b66e88361149aca040c3d3c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7acdf1817b389b7d-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:49 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame C851 3 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0956 1 KB
643 B 20ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame C851 20 KB
8 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C851 0
0 27ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS7_-xopUGqA24iB97gf_J878lko0HlXul-IO-49UFBS2czZ2Dom-YYCzbafC9VljnW003IIgqjZ5ScDQ3LO8b_Qij6xQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C851 158 KB
48 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
DATA 200
OK truncated
/ Frame 593F 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame 593F
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
8 KB

19ms
19ms

Image
image/png

2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Protocol

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
age: 142418
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Mar 2024 18:05:11 GMT

Redirect headers

date: Fri, 24 Mar 2023 04:40:25 GMT
x-content-type-options: nosniff
server: cafe
age: 17904
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 23 Apr 2023 04:40:25 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 48FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOTSI5ogndTA7nvid6nknL8&google_cver=1

43 B
114 B

28ms
28ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOTSI5ogndTA7nvid6nknL8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYwpC-4gEwAQ&v=APEucNXvwzI-TXPbkOxSzt64ke5nX-idJPkDqNLAnvQhC26Q8-PlEVgfo131UZWq1Y7RIGcq7nfAeuJ1cO-XqLz5MP6yZmcIIghGOoR1QDhYtvNboHUogzBusoblccIvm4mciQA3IQcvNcs1xjJNl2I4Ew8nydsHmeb42O10vo9VzcpWdm1iTn4
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOTSI5ogndTA7nvid6nknL8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 48FC 43 B
304 B 86ms
28ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYwpC-4gEwAQ&v=APEucNXvwzI-TXPbkOxSzt64ke5nX-idJPkDqNLAnvQhC26Q8-PlEVgfo131UZWq1Y7RIGcq7nfAeuJ1cO-XqLz5MP6yZmcIIghGOoR1QDhYtvNboHUogzBusoblccIvm4mciQA3IQcvNcs1xjJNl2I4Ew8nydsHmeb42O10vo9VzcpWdm1iTn4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 48FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDHuAh_HS6aShtuoqyNAfPE&google_cver=1

23 B
172 B

61ms
61ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDHuAh_HS6aShtuoqyNAfPE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYwpC-4gEwAQ&v=APEucNXvwzI-TXPbkOxSzt64ke5nX-idJPkDqNLAnvQhC26Q8-PlEVgfo131UZWq1Y7RIGcq7nfAeuJ1cO-XqLz5MP6yZmcIIghGOoR1QDhYtvNboHUogzBusoblccIvm4mciQA3IQcvNcs1xjJNl2I4Ew8nydsHmeb42O10vo9VzcpWdm1iTn4
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

expires: Fri, 24 Mar 2023 09:38:49 GMT
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEDHuAh_HS6aShtuoqyNAfPE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 48FC 23 B
172 B 171ms
60ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYwpC-4gEwAQ&v=APEucNXvwzI-TXPbkOxSzt64ke5nX-idJPkDqNLAnvQhC26Q8-PlEVgfo131UZWq1Y7RIGcq7nfAeuJ1cO-XqLz5MP6yZmcIIghGOoR1QDhYtvNboHUogzBusoblccIvm4mciQA3IQcvNcs1xjJNl2I4Ew8nydsHmeb42O10vo9VzcpWdm1iTn4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

expires: Fri, 24 Mar 2023 09:38:49 GMT
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D2BE 0
0 57ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss7Gt6PKUeoFbJiLcQqh9n5Wzp-HuaGRoTzv5e5RJfJl8y9XitljK0PZ-w8jJBfd24UV91cIp62WJ5fzmXdiQt1mTM3e4QrCMV_eveEBGN-yyJsjo70PO0idrEytku_3GhofTBGCRyabfS00YLT_RqLc0UvRy_UsBCpEst2IL-d071guWt89tqbTMsj0awW-Bh7bHJN5WcbemE9BMpME4cq3WLhF8gDtBRUia57UyFpKDc4t-AEjEOwPWm309r4Ie5Ii4HMusZhge3ZGBW5XmgkzZqtb243i6ccO_tDFaR5j5SWP1cpclJL4ZtZQvk91lMs8-15b58&sai=AMfl-YSZCbLa-51LzceE6S4enXUFlZR3gFuJ8Zx3guyGHGgpb_WSAvNksY2YcC9gX33xadmXWxVum4GfeUB1jLX4Ck1rTlJMKKn9GorTJQ-RJYM77dfVH3XoNqhu97B3Ikz5kv1V6vM4ii97Z5wn5cOQ&sig=Cg0ArKJSzAPWQUW9xutKEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AB5A 0
0 55ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvdm5tqzc4e5cZLp5-XQJG5rxko-oqFQWTz2WqRK-EecMCHtrKtIshD0Ru6ebkqFF-w5GBoX9DBrsE3ulkCWPTq3tY2x6_3ltzXhQ33Qa5aFIH8q67GqkGc8xTxqRyJ_P3zGxEY3QDcw5DeEX8bdvuNlU614URQzGicL0ayh-Xl8n8txp16EkUyE_xEIvMTwlPuTh1Y6dVg2W9KKsmSkDgiI1mTY8B04Xd04DkvzPoDB9wRcZb01RtKtx84T9k82hsA5G5_hojkpnfT2XYFMgyXScDQpSXnUI_N5sdWEGBHCWKd-O_A_4050qx4bk2DrOI9lSKd6JQ&sai=AMfl-YTU1vKzQH2TbmaI2GzjSS9GpY6h5stjIsBoM7st9GI1BTyCQ3zzStY9eXaGPwdgZprTIsYPyMks-l30W7gB-veVpDUkoUCGYqP7J_RJx8vs2zo-4LwOmeEfI_8nBgSbwKcxGAzxhUpwl058pYmp&sig=Cg0ArKJSzG7skovqrBxrEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3144 0
0 56ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuurpnMz5bD4hqdWWBCPvUiLgMXtcu0WINRorUqQij9NGN0D6L-mIr0wkzSexWOEyMY3FFNkL73xw1f5sMd1aQ-ardWj6nCMdyPTuZZjm2XOKCxRWjDHymSf5kZ3ydvff6cxnVSq5HEImTTi-gJR-A-icPvllfVdO2r5kl_vsNuwwgSRosNLcN1nexCMaNgSL1BsAkLYJi0VRZ8t5hiTKrf63uqxQtH_GukkXCQGK-9hcc7_97r9ApNu17YzjE_UkcQtzUPORTHpogggApz5y-63wIle63Ol2F5-MW3n8taJoOHeckUXV33ta2n1pooZAnV2dffpvo&sai=AMfl-YRXte--UxyDvNZ1GVC1ChXdFrPfTVEQX3wj1R3ICdGk--Ir_gB7iXjgPD2Urda252ggn4iTX91U8-rg9JVxX3BxfpKvaYEMw-kH691diR7ckur7BJklGZSyzXo3xFL0GVJ25F1Z_bUR6-j9erjq&sig=Cg0ArKJSzIyHN7Qq23CvEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C261 0
0 56ms
56ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4GncBfxkqmVYbvoirTazpSE-eyEG0b7OzGhFsyWDT01FYOf_UvA3buO5tDkNBWTmYqA2DkNQvLzZYVdLC4imCUpyFRWWQPXhAqzlNElonAMe0eAGtFV9DaoE-mKa_fb4RJPcSI1G2qd8Ui-TV1BCIXj2WhLUV7KNKgD3uFwomnV3kC4IYBbdHBbFWLy0IcORn8eaHYVq6GjlcVc-BrgHVrAumRrg1J9q-u3P5MhGVsoj_ujo0KBIAeGDbDakZMjG7ZnKYFgyTYdrfA8PkGWRjDfqrv_J510YoX1ji6GOgmO6fwU6hm_lejQx8qfN7CjSjEQDsRtU&sai=AMfl-YQCbh1PO2rWGapSD_E0qaqmkxWDUoY_P8f6nT_TMSup2YCn6qEurxkhUdFoWEEaTCCND5FN2cC-Jlj02fKfaq3aprxiNxrxMwqGGZRTFB16awfQ9rsS7MkS-IQArt7366dxObiptEzJCsQD_qXD&sig=Cg0ArKJSzLPyFtPst3ZIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 179E 0
0 56ms
56ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_1bCtY6q_exh86wsA9t9nTehD-MAIFzlQ-m-_1Iksp3AdY-Z0hNrjLIQhBQl7fjhoeCz0oW_Epg8Fw9ZmJBWEkHorr3RoUa3FLDb16yF4jpQRqkBgekQyAthsAn43YRbCZMQFO0EfET6f63d5CmDDbZo-wmRLsb0Tdn6ENSLKld6anDfkeqVtSNNI-OWIQNokjBDa6jbakGLYaahGBDnqLQDnN-_h8bbt8Q_B90JX8h3U2S5mMc8B-NNN93rIL5bJkIu8pvxXp4MZJgPaSLEFJXMlUKVJopTL99f2qACVbYUvBrH4jqk3Bsxn0P3tE58s3TrnTSY&sai=AMfl-YS_-C0ep8Y6MLrXJRbsLzKsF1qp78Zk5-_-kL_C-bPLAmvAeVdcS63mq_NaUahviLw1YtCBhogwPUSpFCwTXwwZYCd9P9LHicdRiSCqBujXOhkxFt-EXlSdmz3KV4brmx1TcirvQfV-ZTQiGbao&sig=Cg0ArKJSzIRN8E2mXYLKEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AC1B 0
0 56ms
56ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvMPMOp-yvrJsYdul4HgyT5DAVzC2ctZedftz3RVKgvBL5Fd_if2pRphg9aBkUTYF8EOXWSCe9vfydzNZ3aIpYKmqgdpmpKnymerl4_09xNo_3JB8JAvc0Hmz6LGnYj_nortGhO9AXQH9cYhEkczMv1UsNJKMo2pDqPFpxCkM100vgIMjpviQbjh68cGohgKgwo7sD5-dQ43WoesHi46bOd533-tpmqR8g1w3gB3D_ojPq0_bohRr8YJcBctGzRVNna6wGoTaIGYJ46HV1LDtsi4GT0mMmAewNz84G_Zcd70FyqwDVtWb3C07DjSJPWbG8h2f29RO4&sai=AMfl-YSC_nkPKzi9L_EfOxpNBhVvvqspi07YX0aCJe1CxrN1TX1-DuJcaQVULiNAx0eDeexd4w-NSUYbApqD7utguWnosByl3j63SPA1sjHgVMloFa8ZvNky2X7khXsIf40bzMsCJIDxpRWClPPirgmN&sig=Cg0ArKJSzAnZwKrdZXiUEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ECF9 0
0 56ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssgI5H4uOnRReZC_VvHRT04hmBsARRAx1tpzgtELWJwL-wuAQJnbHqBnTiRxrcqk-AtjCZi95StTun-ebbT723shO4ZgBywG-RrDCCYTNUNKbsbvd92J9XxY8JsBwi5B4zZu4tHAl69TmaWooac20evhmcfxjUVcS8Da0j25KnPgZ0l5GkEFy1oDpDgRm-LCY5Obu6jexIEzLqirL-OP07aZAvDDTNp9ZZlOGjoW4tDxZBBsTxnfhJ3VuYUz31yDCqEifvPdpa4S4v9sRWrzhwhWkGPlyT_u2mdPwJr5gefDosjl1OAHcGU9BJcLmj_lSDpjrQ0KVE&sai=AMfl-YTU_w9fMAnzu6HvOah_VFDibkuCQgr_sPFRZNlnzDO12srBd6m3wVHFe6KiXDeaDx46DnyK2SEJNZyE8gHNG3dnnlD_K3k25q5WE_-qn-v4TTE0TUDeqDFc8dvgPIj-3UVWnGvvXAXvAG9DaiqF&sig=Cg0ArKJSzP0Q1Q8x5aMAEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4606 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssJsXUrCykQ9HXagTHEw-bBaMlkOsr0V5XDc-_z1CqsKcoVFnwED_Q_aZ07MsoRjN3Mpi90Y66czP46vDghHt7YbU8DqME3QK_KQUG44uF22VAY8WcRqzdx2RX6Ku_eYX_K-vF6vne5EOnbgjeDKw22QbxJ62-KucGm8AeJmx7yqaC61CMGHLkJr4AqBj1iteGVoBBPbZuWM7coAJclQCWnityz_HZxSwsiJ0LxnRJsa8LgT_DLXcN0HgOEjIg45HwUITGX1bDPY_yZH6pPLgilQlf4wLcSTwSfcO52AOc_SPVYHL3T2YR_48x_eawhTNYLpBJOCIM&sai=AMfl-YTT2Mcmxjw10spGphdLyBTkQ4bJKUX5FtVNfLRbAJ5Qj5Rn2bz9HWAmAVviMg4d09SaSB0tOll4A_l4gZdSltwdwSP9lzWDytJFg5iCGxtvQZAnY5g6f93JguoOiO25VKG0ovnQkmdgyN7w9at8&sig=Cg0ArKJSzFQQOEiMaY0DEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2E2C 0
0 56ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuw_x94P766jzdyxsZcBBD3yKyfr30msAZGHzHCmbdN6xzvEqKEQ4MH1t7i9ICmBWOIN1f7pYbG5AtwaBQZ7BPaLgFrDtza5tRdVMscHpbyD7tseQcwWRtrpqRNxgRtkV0nwT0pZT3ZZK6FxGx9zsVVefhpqCD-l_Lm0Lu2Ta2Gn0heHmgSsdw9b6pmvIFI-JBO7tenOIHwOenbTwaB-1m3DQzsbrvMztPU7NorFOaNAO8si0DGM1NaH6NfooRq6k-OaiU4px0ceVDYBIA4oDRQwysYn4_ITSwGhjLhlFptbQEnckiVZvHtOCHS7BGl1oypnPiAk5I&sai=AMfl-YRKU1IC92AqPbLfbRelDQmY7mzfDMmQwgO8kqdRGpAMtp5jZUNnitvI3qvwLGX1Ow4hURv2bHl2vupXfAaE7VD012alTDPU8yDqwB3N2-xi7yYDT0yQfNbNRy3ZiajW1aOMxFlNrQjofq_llz2U&sig=Cg0ArKJSzPahMv-EJfptEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame AB63 0
0 61ms
61ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cg5ZBqG8dZNiqI462iQa2s5v4B97l88Rp0p_eyLkQoJaA7JACEAEg9a3kigFg7QSgAYmx9cAoyAEBqQJhExixfSmyPqgDAcgDywSqBNYBT9AzKncUqKmBq7XF5AfECvMjpLCHK90l1DWzE50-ekPjAj3WQHuu0w1AXDe7IwIBkfYDXWp7G0hSMqsF4kEwlR5Zf8gTciIRg8DgSsIiatclnGI-wtTMH2OF2AjbqY0LmRnruhS7-VMK7dgVF7siWwiAhFbnWxhick6AaaaWcOnRPkoVlexB1QCHn3-X43erjVyVyGuZqFrJ3XFS6N0_tSmI5-IV-EblqJhF3r0VOcBTyssW7N0LIvWBBRpJzC5xXevV1mFZYBC-H0WPaaXscBY0b1VvHsAE-vTTvoEEkgUECAQYAZIFBAgFGASAB4npxaADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQr7YG0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwrQFQGAFwGyFxwKGggAEhRwdWItODQwMDMwNzMwNzcwMTY1MBgA&sigh=qqpqFLgWLwc&uach_m=[UACH]&cid=CAQSKQDUE5ym9U7d4vv0q1yW8F6pK3pakhztbOXwjVewB7Zg7KvN-f8JBhlAGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&format=468x60&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727890&bpp=1&bdt=390&idt=640&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2011364098162&frm=24&ife=3&pv=1&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.rgliiog0vwvd&fsb=1&dtd=644
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 861C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83babf-ca27-11ed-8be1-192cb16e0406

43 B
548 B

31ms
30ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83babf-ca27-11ed-8be1-192cb16e0406
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3K1_gCEKzp0s8DGIOLhuEBMAE&v=APEucNWn4C39RI1beIc1aWcqx1cPqTQdNTmyNgARQNykMwmZXdif185kyyzsMDyL3JDredH228SfxlOIfeNS97P3Vb70i_vkzSQIe-gXI2yenglAOKDEiUx-nnPPN51lcC3TCQrHvrHnFzhU9Ds3xXivEG8E-BU003txbxtABGo2fAFpgxKkcTo
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 96
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83babf-ca27-11ed-8be1-192cb16e0406
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 100
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 861C
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3K1_gCEKzp0s8DGIOLhuEBMAE&v=APEucNWn4C39RI1beIc1aWcqx1cPqTQdNTmyNgARQNykMwmZXdif185kyyzsMDyL3JDredH228SfxlOIfeNS97P3Vb70i_vkzSQIe-gXI2yenglAOKDEiUx-nnPPN51lcC3TCQrHvrHnFzhU9Ds3xXivEG8E-BU003txbxtABGo2fAFpgxKkcTo

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 86
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 861C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B
date: Fri, 24 Mar 2023 09:38:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
DATA 200
OK truncated
/ Frame AB63 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2779 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9901657008405&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2779 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9901657008405&version=m202301230201&ct=76&x=1&cor=10710016312983839000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2779 95 KB
37 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BAG_aruxOjyhNgt1Ks_mywubb7wutehzv2-YL2WyFNwpU07zg1awCoGX2DYuq1SXHH5akonWfyNRRgh07ZAIvilOJEX61BBJnueNOtjs-6FNio8MWJjzfv-pfLkKlBUQbBMeA0OZF1jvxge9qrx4CK898Eagz3Ier26tb1TtM5sR1ORho&dbm_d=AKAmf-Cj4d5lsFkJKmu1BQ41pBNBad9stQa8APlDTCTAPasRUnqnVEb1OQuYUXmNV1_Y4jPDT6ZWMkwAGqZpOQEriaILrMhhdKYksaiB2aCzuna2P0V1BMBaglINx-9_uwq-2I09xqvK_up7p8ltvPh8nRuIcx2aVXMpiV4dcb3jPPX5QxF2ZO9zlIsmDI1IFnG0yp8rWIr9ZWioAkwKx-Xpq9T55fYRyvg6vRNK7Wx_tQhRFcBuWGTOJlycUPheXWYa4JI2A4fJbE9WHhm106ETstSUMP-_aLsDLzMwvkBMK-ksYhmGMmfbWqVASMiz9Fl7eZv3XIgtVUxXxlggpQYnnbnRlPDY9-hrlMhR_PuJb7xpeTDfiA5CSbIfepzbPwJtWvJkc-OQY03Pz0Ix72Ws_5St-6S2av6TnyTFNEooHSrJHS7fOl4jyavNxnQKoeggsYPLRbPiVvKDTx01kr2puuGLLTy1JUrTR9-LgDOwJ-ufYAAM1FQmpAwF2BeD8BpoogIRh9p3KiMlBNqyC9TQTzCr5FtyiZxuPKTPCjBh6t3iyXaTSHl4rEry5Dyz67_3NoEDjPJr9B5HrVKiCwBE7HcWjtqoRVm5k00vjBB39YF2xuWjiY9yDmuKUMzesb1snQpKasmoWNLU0BooLhNeqAAT_rGq0q7p6LX0en2fdE4XLkFK2IjC5dH-tO82Ck8dKUmfAtTL96PU1wnZAJYRWWMLCbPtVozz_6lq9IR4mnHw0MgN5oBm3qvwneKJ6gFwPD4HtEWrzf3trbdXi6LYQUEFZiGryDWRm4Rt-FrEUygicE9vQ0VZrrHpO4lpMp6uF7llx5NF-YdBco6e0jNgqZrC3NzIBe9846BE_KmxHtp3T97K7ut_Yboe9O90oxox9NcRqPLlNjfusbjVlND87ciXN47GATB6UjST7XesGah9srpKqrxTII-eKQ4ytExbdQxVDBs0uh2Gvozyb1Vs-cXv114abHCqkT5d7dJSfn5Quwls7wysr3SXNHRdheivIhJQKhKBEhHDnFlnRVA-YoPBDlJp9adeDV2z_vTeI_f6VxRXrDXiopx5vankAIap5b788rBSgChVvT2P3a_ijkHPkBdaf5svGSRpGyQLjX30cVNRLoSWbbQ98sRlVeWHVqhuva1CG66iW-PDEXuowZBTQin7XohS4qm7PtvwQBD2Qjcm5X6RUCCKmjnJ0VjpQXAUpmodJGNqfx09KkkNo5Lem_wZ__G7blfzTGgMQe8D0YBZ-tOwz-aBs_KhlRMX8DaiF2EqW3UEmFeEVvEt-GxbP9iGIHh1fa7lTkx3PPDg4Kgu1qLc3Rv75aqmrbw_LGORxqJApR8us9VgeOmRhlkBiVS0BNxZ2uXKZxQJA04nOAYWaZdKBsC1es4ceYfoxGOAkzP0WxrFpLtsdswytcBMkTmpie_M74WeGvP3sv3jyOon4qBo5R_IiNoEUGc2_0s7gFZKks2ljGjh3vjeZ-ZHrxLYRRox4VPTJDEX7tExU_A5Lno1iU0p9LXJ2VtFxfMaPAI9CUCn7zJa7fGK-4LfpkkI1R9qpgjOf9IBZ93_ZsETU9iZK9ZPgWJzuQwh_1GP26AA99qn2bEYuVRIBpJa4lA8-GHyLMB5dH5idPra4htwrHoDMPvNIOsvbJqlTqgl4Sxr1LPuL8nEC7JfujXD3Ub5J0B-IXDyc5xQz0sc6aLKMd3oS7a-k04KthOB244cd2EANU_zJP5fdi_FDOB4Xz2WnODIFJm6-C8vtTiv2sPPZYa5o3e6CUA-M1LuAo_SlaA0i-bJzJGs-2xQM7eofswbbmMGaRC1xTmNsDqfKmR563g9CuwmAspNKcYE5WMqKfKosfSRVld0fYUeVKAEBrTGx4qiamxHGPePWGGEaZsVVomJCsoCurZVyHMYwzJMbGiZp1iqDiZ6_XRQpt4TuNB18P5bTI99HL5SOGcu9_jI0cQIdJw_2yJww7nqXIHCacEoYY4RWEdQ-7OKqKkC7vSXFtuJ0lY_TCEnNU8UZixrSECQbZexghrv1RLbqgahGhgqC7nUPUHOSoqQdU0LQKm4K9sEkalqMkpcPSYOB8eac6yIPGCh3Dqx8P9qKNcliUAlFVVT9DTQOzkSeGG02081NXin-Z3ybiJm8PDWDskH9kTqtwmty1s9Kbmj4MjImBaShcTys-XOU2ZVuZOUWxVkJFgg8HMV-GE7_Av6Gok-QMTullXXtAPA9Ww1sv1skNpBaIRXxHeMvUhUauPl_dilyAkNzmWxKr99mm_6VvQMn_ZYNI6buEFIuSAqgTnN36sFJ2AjD-s6VRu-uXh_ol0JyLAM4_3sb78nLeoJyByqB5zioBCFL6TdyZWjxI3c-n9nnSHmH_ryYIqup8jsJ-iF9BWxIiAG_QjdEOdVA5VwwqTS9EqIS9lmH9YzLuYjOaoxdJKUq5eqC21Wm-qLAFhkFPf6AhmROqnGUs3J5t_wjalpb7LtT9qmlH1mAOxZzRGt-mds7bMupcVSjA4_X4oTuGKsPqwMvQOMZpMG584xZnplpp2pmpKRDcfi-XTI8G42SlPdQXa_ceQA1ENBZs4EEMVfCUX2ZN52qmceeByDYQMJgjzAfHrOQWXdwsTOPbzmwsjy7_VTwuqr6rqcIOq6f_0Lt830V0mz648_6a6-pasu8wTq3VhgmZZmEjajPVL0FRHfcDaVXT8dXHulJHS_TOIG0tgr8Nbnyg40IfLFmIDUc3D5p41w_W7WSNKNdy8WY8lkHVyV-t44ued32GJrue_UFI-l_9SkltvT6qdJnotmOss-YIlOcF0SQiD7QQGHEekqND1DBaIV07fE7l7rqY6I9CjMwOF3QVTUKu1Ds-KhRo0XxLD-1sipOznE4YHtch5ZbGWBEg6TDtBO3lDIugEK13knA0DR6jH6exe3geaBvwGQ2mYZI50kYG4s9okvyfT54qDU6SUX0K5uEnTcQQssK7yVWp9jB-pewxZd4boHgA8myYraRAACm0kxer7VWlB0fdGpOTX8iy88lW9VIeUR51ABDbqprnI9kSYFwxoW7KL9l7whTqpK8QcUd2n2bz-8h-33X4eK66jWOvR443dbzFtQjJ2hfFx3Pfp5rmF1rkPjMyPX2JG_Mh4X8iColEkcLfzyiTsqhAGJ5KpIgBLMrZU1CCjHvq3Ay7Hk7Stm1CZRIcAgFg07Ddwa5GVUIOhxC6jwaR6ZGrvfqiHMapmHcsFM0qARtKsSOaOUTHUS578OU07lDcSPJ5SETHeua5iUTQaAiyGz_SOeG6sGv0nfpd9UCg0VCCivblrPyXEyfDWpFl19PTMm5aD3s_AS&cid=CAQSKQDUE5ymQp0jh2SzTaL5rf34ZoUNWrSazMgSzGVox6m_NQeo5niYeR-7GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=10710016312983839000&adk=608880704&idt=307&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad0bd6d7c9d0aa1ef426452c396f8dae73a0b6d6d99d79c4af5858f9165fd8b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38029
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame B0BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83a0f8-ca27-11ed-a369-186cd56e0106

43 B
549 B

30ms
29ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83a0f8-ca27-11ed-a369-186cd56e0106
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGI_29uABMAE&v=APEucNUpynTTR9NollCajS9P27xH02al9tYaYoHQb37SyTUS9N_uByhGryWqs7yQm5vgKnZnXOfpeznj9u2HoGtYrMrxVI-k41iG5Qb1rvkujiFrmzCCzPq_BkAUBiQ9c7EsK_4eDP1zkq83lcizMkEceDezYD1sWb9n_BeTeBnQxCZXBpColIE
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 143
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESELUmCFni0W7nPg6wJwsVzWc&google_cver=1&__user_check__=1&sync_id=ae83a0f8-ca27-11ed-a369-186cd56e0106
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 54
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B0BE
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGI_29uABMAE&v=APEucNUpynTTR9NollCajS9P27xH02al9tYaYoHQb37SyTUS9N_uByhGryWqs7yQm5vgKnZnXOfpeznj9u2HoGtYrMrxVI-k41iG5Qb1rvkujiFrmzCCzPq_BkAUBiQ9c7EsK_4eDP1zkq83lcizMkEceDezYD1sWb9n_BeTeBnQxCZXBpColIE

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=YWU4Mzg2NWItY2EyNy0xMWVkLWI0YjEtMWFmY2RlYTAwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 8
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B0BE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0wQ2pNek5wRTJ1RVlldVBDWE5Vd1lrVlJLd1I1d2FMR35B
date: Fri, 24 Mar 2023 09:38:49 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
DATA 200
OK truncated
/ Frame 4E52 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d0417b29883daae5a08dc92614323cf6e09f82cad4986fc1b87278b2b859192

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAAE 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2058348752447&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAAE 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2058348752447&version=m202301230201&ct=76&x=1&cor=3446042989077842400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BAAE 95 KB
37 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DDv4YjOVnYDfZH3odmrdTVoQ-2q9mWQh_Ch16Aeg4cpffjNv0T8mB1ZjYCx6kaipjnIjB3DSExA9neMYZib2uy7NsR141MmiJJ6HjTlkw6Dn4szQKYPkAoQntC5tVlKAQVx-PIUla3DSql8hA8r0SiwHy17NCG8sl4y-CE29rB_5ha4Ak&dbm_d=AKAmf-CB3iGn_ona9maTV4gHjzuNrqrA_fy2OlEoHrOBoF-f32X_bU0WH4GYVFmze2zwbFwtyR-CRfqJA8Rt7ZM9DkzDfs074hHnuWVhkOkqCRLnK2bgQek7hiBDYyNVcT1IKRpxdSFrljQpirGjP6VqBsrlJM8j5ZQBhUAqkEOOBIAk6ZWzwxVYqNv7VQ2f3qOS1AtWKB08iqJ5v2-Q1ZeO3-6N_RpMZWIw5nxrmpZ69koP1dXZ5WOXnkYxCC4iMr8sRHNRq-K9kRNTB4JugxRiJwE25-2EUSAypWN-4FI9sQVvopoP4Iarfu0iINDdDzNq6pXqXvVypVA5VKBcUctW_n9E17rXpJTWtdM4OI7S1VLOVFym_Wj-xnaSDtVFmxFH2nDjtYt7JWm9TZq7fioA1n6gNcDyK7kNYIrCYhXAlGCiIac92QNepsqrLKZRyylyre6kP-atgaxMeh0k5bx2Z-J1ljS6304KaS5zu58swlYgo0_r22zDelTJQIu_-vBELMpz3Aal2Zp9Ygqxrd1LxmV01Ygv3xXAqqgNTkkDMvzYeSnHyl3ULaJgHHf_r9HVFNuVF14tWg-BovukVZ57y_beTDLxHOemqEZKWH2PC8JBn62AP-GfjQAh5gssDhc3fh7SfbTbVQMGgl4I0PYOt5wOm93Y0bJNqaEijEE9-r3SUTiF1cXCNdvjMRFVEXuFfO2aABXvR89RK83DcKp88DAONGqidvjK_aRKri9BChVliyJzuxWfpkfEAvk2x0k29On22yc5IPrTpvplx-S2ReTNq9DabZJ49OxhTXuJauerTkTKYRu5U3M6Ati_ewncEC4GwqLHxWBOyCGyjuR_zlnYItdTk7Yif5O7K92DcG6Jhxc38AZSo-fJ8-skU4rQYdg01Xr084Y-H5Y81nYsUkGLeI0igXn0dZShF5pM2Ex9OIgbKO1--TySWp6q-h732q4vkkD9rFLE8IqONYZ62oRmtbE2EVrXxwoht_31Y6F0yb3OK78_xyDjt5LDnkbdGmTHoYqpSahOm4UTmxkpzD6MyHu9RHhCYGSDuGsBbiiLAkqhds6MmSlE8MMckNfqKNPCDUtbstmfNjzWpyhVFyDnGnQa2AazoG31R7lWDJ8WNdH9pboNN7Qtu89BKTv_vQK1os3aHEdDz_0uRnFKSAKg1CVh_7KZsWa5U_dANUrH9VtThnHPZpUTKMxXdnBU8H_xEJLAY35vJk52k6bdwb8tzZs1PTMCf0YSBpoXtRlBYNSROj-5C1A5KpUcW4Xxsy3PsHaSKqre64QQqQ0ujpyDet5o3uy0ixtESCdFcGeTS3rX6utSOhoDTN1rqzX5kMAGk4rJ46GjGLY2WDZYDIwKJ2qZNjJLzlz-Mucui4Tk47RZakKGAITRyzdxva1bXD3cIwMFYeAUQCbVIm7gNVydJt_gS0O6Kcop-X_itSSCyzHPQ1Ri0BDGg4mSWGEQQc3JNdcgj3ntC2lZehyZbgCcXVI7UJVRaC7baCSQiBI23yhK9DdXmFGjD_WGfSra2o_sOKqb05JnKBjVr8hQKsX-pD192exsbzRJv9UOp1rEjSrSVnsQP098tPHysYnfjvFtVOfT1Cdl_vKi35qM7hxo1mT0HDOjfQ-D6Z8AhsFV8VyJOADzfvDzz5Uhaw5d4KBCjPd4S-eKGPWCCqF2tZwkzvo8eccJVpygtvlm4j7Eg4O3CjeAPGttqVFR3NqLYL_aSfjAHTvDjuqbFYcopsDoRg-F9TBkuJm0ef2qkl-6YaHgCtkuvmEZrOtow5NjCbN0ITAtyGPqhzjMy4aX7hF_FYZMLsQGLTSWZeSqnO0tVciaQUEuUNfj_VIPzM1Gxj2SQND8OetUIqmLkogWDB8geFQ8soZbuA_q7ZShLnvovGmXw0bLUT08N0bTWKI1PElIFa4h9nxuciROCCOC1gBzQAjabZXJUC1VYRC7K0gSV-tG9osCjeMEIJ2nPWkqKgN7cC2uHh0CJ5ZgWzB6wAt2hbrDOvEwzzpjCm5muEOgM0gew4gkVxVqTfGzQFHkkX3klEZfCIfu1p7BYIyNPDyz19Q94dqCAOMOXMyBf59jorQaYGrodpobiP-OowqavI9u9sT3-uUhqf5LaNomN9kBw80OEX1C9Nn8iXBEzJ2mKld5EuosFpRozSkU9lqNVBg3Gc2xr0stWlVULXhi6S16cnVkQ1fQzqsA0jrkwPZ5IVkyGMqrXyQQAcAf3LEy7m8cix54Apz2aGbk-_FEhC7E8y-xRixeBkIoNk-P_OVkxhrNrqvPx8TaUWVA8KVmKrxx-rfbYLmlCXVZwy4V8_P5ydXEGCJsGUOF7iaNy4jX1oxC_eP3b0bP-UeqPxF_hYDHrbuDeI_BeyiQF_jAMIxTRrIM3hfypevNRHBx1EEUOI9bO-TpxpEQuTsyCtPieGoLWDhzH84k7_GtRzE_7XMcqVO94LJDas1thr4gKskXdnZ78OObWEptRySw5b-MeyaO6M6BfIndX0J3GCt4ZwgOJKsQ83aKp_2_XCXaahC2UtI6JyXmMzjxgdLScRyLjg9LTxBDNhoZm9y4TZCjc7WhzYUm4cMereZ_jOR4M_udEzTx4Y98qFx22YR9ebyCQWahEpZJ3qO7qDKYEmaC1uu37BHccTsbJO0-0UB4VNr7R934af6zHFQ5EykHxe8E-IAuWA_BB5LRd8SeGHVB_EfEsgkLiQr_K13leZR43hixTy7RpkjcVAc1lu8FLKekwjsuhefauxZo4FvR2D-3a6D4yaqEQjW4ofHfxz8zJhQe9fmP9Wox3mrQ7vVjUO9qKBqAQnbyidtBF4OLOslEf_w8De5qU3B8bXyp4r4SSjocJG0pdFRGncUuDantG60xkP6R-oZTQ-6fRE39dZbBlheS9lbQGbotNppSSLiM5WicXxgCEJqaBXjF4sFyAs97XFrK7RBqwdfMcaaw5hCr9aixKNJsNilu4znIp_IPyU5RvNWLhO7egwxf3qjTsuaDzThbXe5f8I4hII8JSKv6UrNa-gB7rwTAzkTsRGO10IFdtQRZLXSyrxTozrPHt6pRUy5zb_vG2y72sWDHg2lmv3ZJhY8VZ-nrgVy5pZqWqIEnqAYwHfqpIYrGvZRrgD7HJ9ey4EP9YHIh3mu0yINnzYt9ZT0B1iUDBWKcStHj9AATEnCv93HLxwR99242chRbQDszZ1MOHMbbsRnm0ktcl1qKC7CRswHdeusH6v_7gh3kbeAGDAjmOovu3ixzcySpLZVWqXikk2Iu-X6stL9716BUX51Pwl98Ltelm2RWjRiU_D-ZXQw&cid=CAQSKQDUE5ymRGnmxvOatJ6WujnlNIZFD7-gHRBWVLVZTjiY8PQArh_Ft2mhGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=3446042989077842400&adk=3268666075&idt=239&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae8af00b31a2e69e3fc2dbc7617313ff5a3b86bccb92ca1cca13aaac26211d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38147
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.35/one-ad/ Frame 4106 94 KB
12 KB 31ms
30ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.35/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k6fpk73kj5v8ksta3h514zn1rb9wf3r7vvmpe3726yvqbjs411r24vxmwx8fan88kym4hs7ty1q5m9nfapqnm662b5630z9144hyq8cr0a1x8p7hg27kjwpktk5nxm75y6rbxkpx7gej9eqqgb5a63g9vyn8c9pp2355k00g8f2dw9fs9ajk9cs45desmqqgc0bj0j9cvbzs2ddx8cvfqepp70sfm46xrexgnkf7smdnraczzjj9q5xbqx1prea9df57tgxkxp9p0xvbr8q2wmmxy7va35n1v7pw024p40s2zrcr7z74kpzf66mdgs336zgwcpb5yy8aa37cc6axtrx5qh7538p5r110tsxr5r938nav4744he4qa7yg46j3qxr7eyr1ysrgja0rwjbqtd8ejpnqwaqhcvvdyqzhtsz9442fa088222gsbhkthpmsef7bkc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%26client%3Dca-pub-8400307307701650%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 926a4ca073c39c40cabffbf1b0371803f245f084cdb9177fc7b3f9d81c0e394d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1k6fpk73kj5v8ksta3h514zn1rb9wf3r7vvmpe3726yvqbjs411r24vxmwx8fan88kym4hs7ty1q5m9nfapqnm662b5630z9144hyq8cr0a1x8p7hg27kjwpktk5nxm75y6rbxkpx7gej9eqqgb5a63g9vyn8c9pp2355k00g8f2dw9fs9ajk9cs45desmqqgc0bj0j9cvbzs2ddx8cvfqepp70sfm46xrexgnkf7smdnraczzjj9q5xbqx1prea9df57tgxkxp9p0xvbr8q2wmmxy7va35n1v7pw024p40s2zrcr7z74kpzf66mdgs336zgwcpb5yy8aa37cc6axtrx5qh7538p5r110tsxr5r938nav4744he4qa7yg46j3qxr7eyr1ysrgja0rwjbqtd8ejpnqwaqhcvvdyqzhtsz9442fa088222gsbhkthpmsef7bkc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%26client%3Dca-pub-8400307307701650%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1677666448
age: 774317
cf-polished: origSize=96968
x-guploader-uploadid: ADPycduxnnyMRJTFaD4Dg7Hd8aRn6xTYu1PRy7TXWWh0GjCBxwAMZMkehaNAf-UCycuwqnGLPQWuj1EZCp5aL6ZRZOMYGSoR-sy7
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 01 Mar 2023 10:28:06 GMT
server: cloudflare
etag: W/"6110dc3a24c902508647a582294bcc25"
vary: Accept-Encoding
x-goog-generation: 1677666486645030
content-type: text/css
x-goog-hash: crc32c=6qzuyQ==, md5=YRDcOiTJAlCGR6WCKUvMJQ==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBUK%2Bq7AyiPLds7yZNQTgB9Raf%2FOPwGQygXb%2FKgr0hb%2BjzCzGYQjIxrkx8lz5AL%2Bot5F%2FJf5Tjy%2BA2UEfXYHhxklGX0eu4W5aFyy3mP%2FZmo5pD3EKZzUt5pHLM6qNLufE%2B6LcM6N3Yg%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 96968
cf-ray: 7acdf1830d939b7d-FRA
expires: Fri, 24 Mar 2023 10:38:49 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 4106 25 KB
10 KB 38ms
27ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k6fpk73kj5v8ksta3h514zn1rb9wf3r7vvmpe3726yvqbjs411r24vxmwx8fan88kym4hs7ty1q5m9nfapqnm662b5630z9144hyq8cr0a1x8p7hg27kjwpktk5nxm75y6rbxkpx7gej9eqqgb5a63g9vyn8c9pp2355k00g8f2dw9fs9ajk9cs45desmqqgc0bj0j9cvbzs2ddx8cvfqepp70sfm46xrexgnkf7smdnraczzjj9q5xbqx1prea9df57tgxkxp9p0xvbr8q2wmmxy7va35n1v7pw024p40s2zrcr7z74kpzf66mdgs336zgwcpb5yy8aa37cc6axtrx5qh7538p5r110tsxr5r938nav4744he4qa7yg46j3qxr7eyr1ysrgja0rwjbqtd8ejpnqwaqhcvvdyqzhtsz9442fa088222gsbhkthpmsef7bkc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%26client%3Dca-pub-8400307307701650%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 244389
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8cYZTSmuW2BkxR7dlVlfpK7OkaCEAuFBfuqSriMCjZox3sniH8BowvrZiyAaio106Kp6TvYicQRzvvk67eILKRApfLNL1MjZxKnWTx3sz4Et5CvpIin72cYD2pWxZdBE23E2iE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7acdf1831daa9b7d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 21 Mar 2023 13:45:38 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2744 1 KB
643 B 27ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D2BE 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed12bdfac4ce8f4b8acfb9e906ab6d5ce05e937da31234620b56adba00f9fd1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2179 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b04b75bd8eefb657a643d7da99812a4fc165abe22fd3408587d11e43baec5b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame AC1B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eba83e7ea77a84f704f9487fc6b2507197c82983aa1a5b22032336eaa5221dd8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C261 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c88f93adfcc6c5886eca075b507e5ba4ea5f36cc35304e88305d37ee44ff015e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3144 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef4854a989cfbb42e554712516e6f8d4de58c73d41ae29f840e8a30c07f551c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame AB5A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 362dcb5b2afc1493304b740b4735d30b73be0c88fa6193a991a8048ecacfb90b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4606 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 438bb41aa1c771eaa68c855379deb5ebaa0b61f917b4e4e2c8ab00a3c7b94e92

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 179E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 490e91e6c3549e4c51eccf313b68a23a5cc6cd1581adb4b57c8c0d0965159e21

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8243 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E0C0 6 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:47 GMT
expires: Sat, 23 Mar 2024 09:38:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0B8 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2200041717465&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0B8 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2200041717465&version=m202301230201&ct=76&x=1&cor=1650744365359390200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B0B8 95 KB
37 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALEgDp1pmCUzRndLLf4nSHqcIDGIc7LXnD_wImBQhq838yUQAUiO4XAb17uXhGcayanHnoRBXAXjQNRhqo1X48vZ1D5Q&cry=1&dbm_d=AKAmf-CsOxITogSH3hb0sDgi_6onTc2LDf6e7WTWG6o906iO2yBtp2Hj-O_fM4Wht-YVHKQVWvpE0xbUM0KRbJHhyF1OD_ZZb7Q6gVCUPmaOoZ23RwGvfUGO00-7gZtMk6s_m7sLnNHUB5Z2nwqoUOstA3iiqWaxRKRcQPMO0knrMdFoT9WpO5bqtNdiEnYzQBhJ051Lrh-qWXwPegCDQdfpMR8ShrDg6_C1Wc8JhD82P13uc9Gx61sAqxgXwAN1POCjUlqu6FD7P5THZb7uj8-urfkXoZgUTaUu8oXms8QpBOQlovoPmZwQK5PIkMP_wWoWjAQV8sJobqwNxIwXviKDuLJB2bi7NF9Y1FZdoJHhnUic7lSyW3zqwpsjzeFOAI7mmRbaO1DqjOtuGjN9FlpgVlOPCIMGKoGI3I-YCMYH245FONenyFOpxAsJljJ0J4-Sy4UXq9GrJJV5QWuaM_kbI_CqH4M8JQtZFD3XamnGs8SsnA5y-jfJs8Nrn4cIIahuxM3twEZvH7iQ5rb3oCgt-llZnLs3Gyfb_f6Bf7nKIggVajMacBoE6AlSLOmiovEsNRa2GH4ohsP-cK6EFeYCAGLBK7wo36EJUMruEjzpJOKe6y-A6RcHxj4SPnGbBUcWmEnp1G9kLpPro8m62JjkFUl1j_44Z7pxdF_i-Hau9N7L4pg4ZIoEX19IJTnsvtFDKMoDDUhVr1bBepR9lAmh6XF_iTHMBpNu0f_LncnooX6GBneq0zuH1f6wXBYWM6vkDXlry2963v0yXxe89ZeKI8ShtZTHZRMvXt-XVkQmMdUBvHt0ZGjjFD0QPOKj0X9VOa8XLdM9obqhl2gjgt46Ls6CVPTmFvqqZChX2lyTpZXP7bm-UrY9gbpkiDeUNHBZ5Ggkzn-fPL_eAQcnut3ys368A2Xhl63K3QqoO-GmlbEbyAXOAum2GAWp276NQhPmkdPMRDaszM82XhJQ0O3kAmZsyYZSYvcmy9ZP-wgjN9JjNUtPpE0kDeIK99fohcv5yTJFR6XKrImjl0TQw44MgaT5sYtIr2TbxWTARe0qnXAgCneP2ulWJvYrclSrbUqcV5hLIVpjRG4XwvC2rc0guUbeB-olWODIBm_0zwYCY8IfdU9vu1jcGAKs-XXVC-_pcSFBIDzlUXUtKowd44VdexNSXRU6jHincMnHd53crK-ENyuvl7rkv8B1Kuwg4-G5qbkptkT5RXV7lT1rNt3s0EzTMe9pbIotvi0KLqgYP3yo3eeWFT5ZMBXelXhhwCLuXXX3ZMinRYOLAmRvTl1qQUjF9USYA2a02DTGPMzLLC9DeBVlxG53TbAp4b92HvgnwFPZac9xorbpIsFZCLhs-XAeHM2PVJrjYGU6CrWc9i7NUbnOB8iE5s8rGaZr-BoQvSG3bpBNcczv0GLZ2Jrb6S175I7nG_aMF6r3V2zZn5ZNklLJtlBP_c--dznSvxAx-bF6DIYcjohlG2_vxThhrvDoe-Arb85-vtXQv4DHyd0L4HA1WscH8g6NhAz-J7DII3gtPYZSdu--RpwCTND82mYObZ_zhAp9gd6yC5vveouV8p0Iu8phyBy4NI04WDHH6FlZ9jm65EjQGuQRU5e-Vnzr8I-KrFZD_IzKFbZ5GoqvRMJ_-E64wzZlYjUDB43fRcF_pLodRR-iYNKYBcU2Viyz8yUTiVo6El5xroGvLneW6KJOCJuWADo-HVaa-hUMFiFdMR3u4xBFWltrXr8XSkIBU1YaOnarAzz-W1BgbO86rKG93Ud0BRYBH6RoOPYfccwDbu-G1CcA9RU5BccQvYhKZ61cVN5zhUjF-qBCqKepVKmeUFeHwLXWD_irJW3-QY-wvmTU7Y-qWM1AI7RlCn8dez7VUAJhOrsvux3m83bVdkxiHrI0epMps_wSizRXx9DQcT5ZGqIFZ3wG4oF8DKdY827Kp5k745YKBcJVmHh1SxAd7H8xcwbt1Lswtm4HyVbikSBYLRXJMZSzkm3i3UYOwpkZeLgN7LmHPrE9OKFHEt4z6u6XN4tz2oIn_17T2_h2oM3brVaamjTqtX5pVQq9FCY_kAJrXyjMsBV26Nxee9rv4QP6KdvEu1TOENuImxiNoYyGu3sVVmXMQwXpf03n6J3LhqgiIxJZ0rPQwnXpxJp2buireXl0wzgqTH-pRJlZoHJUWWtkiMCsDnxJNBfz0Z8sTlsLnAnUK9vT01Y4KsHzqbahM1gHa2X7SGYmZnbpvHgBYRciRxuRR2H2tOXP1PDBCcHZT9fh_FNkiZjPaiaENSY9sT2GsCdje6aMLTM54zfNgsntlA2qOiYOBgSck-o6zAk5v7KiVc3t4xRR8ujZ8KDay1r8gR7HbSp2caQz4ZiNvVKrmq_dn3yQrk261OQMaiixvJYIIL3JtzBLiqMfuq6_xoCspqtLXWDdRS0YJwtyX0kK6YJUf7Q8rF9-dZp8W-eiVp5cHUDd576BbYh9Uy0MJ6fCG1vtyt9q3gL-PHtZKkCPTEjurMuw-8vCe4R5RxhCtfiKlbpH5d3wJM-5WhrPA7p4bbwvxxsm0zi2uBAxeuGdSeb-k8halwCrpLj_KIy8301tOfVzuxdKQLYALJt9icJnvO3hoZ8rsNaqzG4RolH3QmuCDvJTOo6ElDUJTatvLkjo57FONoRl51sInABrLuoXUzJ4ol_2cJ53yHp9nIOG_LG9Cp1mxEri5k8ZfTA2eodquPn3zB7flpRcfWcosIBSHx8bCWyHZaj0FIM9TYPmPm3ehbKYSjDvzHu4bxUafZG91Xb4uEBjEj7_cnBrkarMeLUeH674G8fQVmicFJ0CUWL7Zradol5A8wVw9AqZn88p5j0kA7JEZNsyy1GAm8tMrHWFJH2AkjGR0FeWsK0LaOy7XLkoDYMyUjLiloE-a0sz3wnzrHwR28PEEpuFHh2QlJXy88z9pSgV65UtZc_a4n3Sjek_nJk_DSHV4Z2wd53Cy7j4Vs1l2x54cw7XjX3DimgWUwawH5INID8SBXrnxztpUqI1AdUaacuK3RXQRZy1mmyGatNQngfl56Xg7MW7AEb678erIOyUcaHXKwhcWFpSFm29w52LK7FXAXZH3kSAgS88x7A0FE_S6mMdykpKVcn8Hha7Y-P1Q7437b0NWzcFnsBB3qW8adb_uNjjuwueqW8XGRFimlKgcb9EE5yV6SU93J9IJLT6CJanmW6Pl9hy6ZcSqlYgFuV0DvGgna06arKzsT8zRHKBVfBDdFpSjwJBgUNvnZUPxBqWfHfBvslr43600LEbR_dk9w&cid=CAQSKQDUE5ymnagZUZn9FDqQ1IhK41ohmAwT3lHhLGdbN2ZixOUkUtbhhcdPGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=1650744365359390200&adk=945720016&idt=255&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e74ee88647f77e5a3df1c5a79f55cb1167382f677a81b3bc7751fc4d71e24f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38003
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1333404/69076802/ Frame FA46 243 KB
73 KB 153ms
46ms Script
application/javascript 52.48.240.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1333404/69076802/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16627720464&bidurl=https://www.kesatu.co/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jwDo3fVItVVnZVfspCzPCl
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.240.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-240-209.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 89aeae72e37b8c08105973f3c506211e9b6e7f1b894e48772eaf20fcbc0d0ab9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame FA46 106 KB
37 KB 76ms
23ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame FA46 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp9HPe2Qz7VLK9IXbaAZmfRDd-UlrFq5UICsH_Jr90T0SdlQ50ayMeQCNsXfkRsIgOzE4z2ttIEeG69ux68OoayHAKTw-b0-QsZh6uo8mcP7Bsy39hunPcvN5h8V_bCM5EOaweTrcz4FL_5JX7oFBvq4AOZtxB-f5R-l2USolavGTLKQI&dbm_d=AKAmf-C-Ig66v1MpAsDOdvh2_xq3KxJAvC7sYme20jPsBJDZ1raG_iq0_KljARR5VqiPJbdJ5QNOLwRcT5MjAYBrwG0m5-XC4Y_PP-UJ9ukMuuOLuulwwj6KgBbTiNsW5cG8H5rDmeCWibEj3015cd09ZU7d2pJuMyM38sjqQBv3PtdaTUH5-lok2GPmQpZNu6UQtVKntNFOqn5OLatIix9vuno3jNwYp2Rw6Yi68CydrFhwDCI60iR0V1YaqLo-_lvkqgQdnvgFvxup3GNPrJdYhxo0GWrikyE3BIgHy12WM4UAqexwXlSToFwFyXIhedqlUfjUAfVuyw3XC57r6tiBpRRuFrKV8tIgXJHdud5rKo2_mG7SAK1REB3bD9wx15i0JixMdvAV7NcDR8741HKZ7LAVpHANnLXLgHh1NAvfTm6qidAtSCYZW_vk2tTduexBdllfWMWv3dkkQKTT4m6stbCnK5b8oWnjYX59ZHmbfVnMZphvpcY6v82N_fmctzSOG_opQd_ePo0OJO5qplBNHKT77gBdvw9vSlBOFzW6hE0UnNEAzviBaTx61_HwjRfR4uCpsak5ShTTSErrvb4Lm-wcrrMcYHRBZ2jMgluCldlTm_auVYzAwa-ImHABO_-GtJSVVQyD7lLyfblu1gJEZ8t9GgGi69Co8OG_AphABHarv0jOPHea_T8ObV5raezyKVLYpwdcevay-z9tdPLKrJ3vS-a8KrmnGokaklVj_-e-XFf-LH9foht4-1qq-7YxAm0nj9D27EgzFuwXgDOOx0SBs9GWMjZe12hQuZ68LEMrIB0y-NqSTGBgesZU-tyHgC288OkAcKBItVWFZsG_6goY88OdOFj5CzW1NiURlvF2ZS8OHEkGdNfHsQvYGDVF7SDfwoQKqiJnUuuXrOweB54EGyB3iP_kzd8L5IuGN8kB9f8frNDEIKAUbu1xlG77Qo2NjLf-l_R4Ar7xuHleWzyIHI_ysrXyKT-Yth0NA4JGPNgPjacd1MeQHGw7nViLp9rJ9gOEowTNsmIj46vfo9n7CYAG3fSkfKU1Bgq5NL9APfy5NB9dj6tOwvQtRlXD0CyTakUHcbi_KipUODKk0aiAkbfXdGH5w5ykk-lopSluQG9Vai80WFp-HoZMTCXQ4mYA3gW2HifzlyTWBhuUrSIgnj2ugO80UXFs2MtV0MejiNF27c_yTXShidltaWuk29T24D4bQDy_-UQb_5BdAxZl_ksLivZDTjEEgGCEbCn1li7pVx_Bon4XwnOL9kceMZ5WDo0hnaGbs7zlpumlefs4vVF-x5QzZKrAg9xA6Vr_B3tdwd-cPzpbxwLgpJwa3S9VjMInLFhdn4jRjNAF4gUt7HbfD66bvAwihYxUwsfYFmklbhbqY0lO6mkwZ5WEaFFETyHMhK5Hwy2eW4eDWFE_Mg3wr0-tv_sVLigwXp49KNhf-ne9LDQtQhk8u4okVXDYkpOYtTDlaArXSpqfrg9-WIxDn7X9KqhoncKfY_e9EbQznvneOnU2YsdzLZuRV6jAVReIleP3juq6s2EmTRhiEByfaEHA_u7PRSGrzQSDqgEkignew65gRjeKT0l98vIbdjOIah486fYPO594mAKwdn5JJ0WGbeoxIvheJkMn4WScdsuMpx5l75APBMNptT5aQATjCm1y_FGtZreI38xaFXL4mpvOnMgvng0h_W70SxoINhiYkKG929mZWEH_nS0_eFzrjpxYdIQVuu6eweR4d9S2eUAxbnTrXI1GkefwP-O8i3KWCN3_Es-HmUtWjsjq069SHfjr4h0VkKjuovHXh2RL5wv3rXdrYyUrk3BmksJLO3Z_YDJVHGTXbpEhgED2KlAzBzJqinaEJbLvh-TUe8IwMQ-vn02kDIfSyDz1nbYVmIg3jq4B2WGoB3XWFtmdm0mjMM7elFth3ZTOtF639-LsTth_XSz3Rif3wXR0JgOP-rTExGGB5WVPdrdXuPi9El09u4Zx2IlHFiti4RmRu3Y877MKfzcBFKdiwPieE1rY_sU9iL7O9JiiatKqEsMxibUpOAjhgkx2NxvGM6O31lfSOQMp6ecGAH2nESEi-KY1jEO0rloHWi8sWVd61fROTpu8O1_DV_l64kru3btvXOw9tJ98z9iSWx7UKdGcxGvjYiyzTpstGpUpe6hpjvlAFjit4W4EXo0yiLXHRckEdUAT1NvV5aaufKEiMJr-SMoyLs08Mqt4Sgh7btV1cHCl-_3DVv3bxlnvcnT_B7XEZTfsf08rEn8_5QIv8SL9Lir9DsTP8c7ZkOE_PHv1bWCExJkHrv_8xRgGSXEI0dSxN5LwoZGHfc_Oga4eqDGpHpUN8euRkXZIUK0j2dcP0ZYMGQX-9NNYkmg-bjrwFyk1AMeb0guEPqgvhRU1B66eVVVWYgTZLXJMLT-_5_JsYx9B8bmSAnUbi3X691WL0gQC0dzm_wCZg0BVYPqFJO-yd1VbihrtOET-R-X0pZhMXrPMtNqrB3Dpcn5PqBIAXq2wX-gmqhE6ASAqFBZ3PZyX9Olj9gfBdjJB2xK4REAYnYbKv-c-fNeqEt5yy-NViWmdh8T9TrxM_j2jfc92KsxGWXP8MpgNsKoSdyVIbjT5wqFek72X4ha5jD9vYWDqhThxonlxXtj3X_o2WoKVV4EbxDbRSHfjgfgHnrR-xFg-wq3wk3VjeVS8fwbvb4GVHT67sbdZZ0FmYb-IkrUtkx3vz4Pa0UZkGJ1zeoM_N1NTw7shKeshKcR7qbh_BHZbMlI8e4PLia9-zPcd2LmdJOD0yYCdLKZKay-8tast6FnNTQEeravCVwXGo8B2EJFbDzu48sm-IPaFnP6IljqKMRFx9UUIV0zHUltkopKwIlsX9tfbp5-k_omrZqxOZpCsk7FEBo8UmIjYJf3JMN_mRT8qM11OwHf3ML5wQ1cQfH1pbSF-4Zdatheo8Al_Tc3W1eEpvFBJ36fQBU-deCkZCLqzxnPE33yfL9FXX8Mebr2vwcNn_RO4t50L80hEBhP-l741vzODysIGFRjuyhv-Ivxox7A0TwDjfFys8jFP4AKLhTxm7nHPnKtYxEhDNddpRcQogcAL9VLZy4uYE0Hvn28TaRENWJP1v6ZOzFH11zOTut8pgu0j6DmyKTzps47gMicJFUt1U0Y5IRTG7e5MNr4uI8Z_O6e18rUFr5aNsCy-NBsZAl7-kxsAz20pfZ-OP_BB0rCH1a9rhNmHzeCmqumJ9tXF6TiI4ZVh4Ht9XFn3fQkVz-C9_yWK7pIEZMuN4yvEAjG2CCtdo3dMTvzkigdT06NRMAaAApMAHkWDut5EU3NQzc4l&cid=CAQSKQDUE5ym1bJly_Dzeg-gJ-95AoSuuBU2AQpxpCMhRemp_9Mt5R6jvN8tGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=4360082974317013500&adk=4022746785&idt=211&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62458
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame FA46 28 KB
11 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62458
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D934 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1477045905366&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D934 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1477045905366&version=m202301230201&ct=76&x=1&cor=17678322049815730000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D934 83 KB
35 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-IAA7FuCF_-z9DZCIUDGgFLTEFzb9FaTBQpfJ__pU6DpW1-i1iV_UDz-NmOHvOAARiiYRAP7dkEUHADw1gcs18bXNvw&cry=1&dbm_d=AKAmf-Dn-oiPRe7etr5OuATV_iAXkssQr69H-09dtvsvXZkxNkL6QbTej1-P6B4X_dYwT6WMacXpdC5CLKFtRAcO26XGt19IPWXtV4G4pvVNawtPOtbGTqqUALuiw41ebNuYuIzFx1x5lzcFvLwVmJN_ySnqU8ScsKTg2I318IWM-AtsAzjegswL5Cs-q_6zCxIn43haixshe-vGn4i55zvRigSrFs1rIfTkphx9MOx36mtqTFMY-5hD3vbppbXw8P9DxMQ1bscoo7T5Uvm7v5QI4B4yA6LrmNY4JezqcSGLExyneyIzuaujHcYUjKfAqG9E3mx_VrpA2sOUiYNbvbJ7GFvejBpAvyvZI4mObcB_iCkORnGeFzix0K3y-9capGNMsdSCEc-4fXlulVtCusb9qr5xJAVxaoc_L1_qIDLYuhaRG1ns0OqZoqeSM0oyL9lll6T9emN9HwC0sNwSiw2II9X7twTZxjA871de5uVwUUceDcRzQm-XK9teqFcEcpbfElmyOJypUEPedo8Rcjg9jNfJ2l_CyMJrYYdJVn-1bSOiVxiYXqGdBK6E8gyV2414E5-k_a1znkFg-aBUiinq_0jjqdTJPohC6mAfRHoXwCGIjz5IQzwFng-8mAPF0cd9tuL97GapiWpRK_IlPST20LQwFwkgxDGFhjmFroNSx8JVdPhgz39B11BRN_Dt-_xrGXmJU-K7c8UId3HnfbcxkpSRjPXoui5f1DTAQM0ns6ByqiEeJFmud-M4S12CKEjkc1mtxFHhJQnbEkgx3r6jRXOkEqe5qJcOhxwX-CC0b2iZEfBfQUopqYj6c0A2vOb60lJxdnjJF7c1x2gX0WUki3f_NbjhEG5Z2cFI46CHF52VoBkNMtpeRx17YfnYFtpIhUrQvzUNL0FjCZYYjmUhzXQkvoh9Y-5U6gn8RfrUzNvnRqUXUIZ6o_2VMRr6zB9_9SFx5j6GGVvO9hl7JlI03LPl141nJKKmVsTgmcZNJf8Z2r2jv2Pay2VgEyCVplHYNfuEnEDtpaN67HRV7mJvH52Iuu-o5nZW5PC21rEIJ32hQ09an0fr7VNLqw0daIGcqInPUw-_dRzwf_HRXuHIL4iV9d-I7w5vUbc0zQFHLKQuGKPtt8uWJg09hRQv5u9kfDPRFCJPEcCFCHsUbrvE21bcJfS8YQjUYT5te10mTr6cPTE0JSM9vLoQIdmjHiv44kwwPu1grFJNQDBA0awfYgYWwXQB-0koa8wLJNX6j4oMlP6G4Kn6lrOvN7fq7DXew9_rJ-6pAX-LEeBFnvazoAB_n5uCdDSCslRxHHdOcVBy55u-3twY6GGgRPbv3y2ZRHE0o4MKlEUVHBdO-kQPTpBr1cLDejrjj0nsIYMQWtxMnx1LddUYFHx9KxKvPkYX7m1v44TD2HHOkKV8jorxTspW97lWzQC-jxivjzmZTc-Z7FwbOiAOVgfZ3smZU3OH2NwbJxXFw6QDhYzEMoVO8krdkGas0KH2aDcHG061aAEmGLDKpsJpdRHkydxICuWQgiEnlQvsL0wAGNscFmSa5RKKnY5xICuIE1zT0yFTp4sbXxZmrp3SGuRs6yjpK9shdmFDZJrnDd76dftm8RC4W1uBklQbdvnVA5hdJ2pqF1IBW2eFAvYCvf3rLwt-cWaT57gFHAFudwVz1u5kWUvOdqmUivCHJicLDBEwm3UVTvCDBqzuYKM_lzT-EYrg6hGe5hyVPsQHEbkMXkdiW7uy6c66WC4-l0xTRujDfc5eoEXVXAZCk01A8_WvROW3Z2gygpfRLfviQ7FaEj8yUKQJ7gyLOw4I9rVg-Fk3utLHjQufCZ_817s4k7D9p28Hpbj9Idk8rS_elSEdcQdII_xswHNrnfhY7GBdmMC8yh8eY2Cll3zuhQukt_VOJ_Ov3_fJWqqEfxjV__Yc0OoW7qmZDbPua7yNAGqyTd-2ZT0WHnpERUQbT9awPpvy_s-o_D96s76l_TmeHrshsc9kj6DEKHD8G1muMC-O4ryGLsXyonnvWnbtoUfrAtM_NdfCSVEQrMpnlos6ROSv7EswKqJPJCjB_tHj7C7tpOWCGHit744BPwMrS7xiAx0s-1NmoHj20tTVOXZkZmZn8LnRuxDVrA3m-ijq6eWxDye5Y1QDBNagVGuQ_pc1FK_rCUtvR4ny8-vn2gUBeLzhX8bg3730wq_nqRM7me0NA_LLGbNgIJipYviBg7kzClF0NqeEZyZ2VLcRiuyBuHsS00UiiT5_RXThKkqEDW1hq3hoRkO9W-LvLPYWP54uHnaM0-0w0svqOSyrJiOHmfW3BA4aCxDvymIYWV_RPrvHYHN1ikC7-da5MJ1zmY6EgenXW0Px9eZ96szhdwNpNCNMAqLDV8dbzg7SJM-Ngtw1Vy_VGWj6Py99HA6vZKktQLRHY6SM2_1FpiveRPxWk4nKfAHnZMC-3RtSWdsyrpsle0He5YLFzW9UYQ6JicLCck4yFjblkhyOZ4lpMElzg9C6dgkivuSRGSOuumJbO6nc5cYwnODaK8YP9h2uNx7ko3tqOWb3ypJ_cOGQPTy_d5ap1bXRIng-8O0pWCzYRUtnNEPX7f2NhFwekJhDj52VIgq1ilnIPlnKU7HGmONeFdL20hNaWO71pcEI6rF2OTcbyJ0LYXVJqQDHuiFlRpJ3ll8aNp3D_zW_RQD-QZm65XJNHaYisgbEeLJiY5JUVxk6r9jySlDqFDA7_YH31BNPVa3STW1vso5c5Jn3WSi_NYT7Hlc12Z7AR6wJSlf83QCYePPziSiY2tBxSz4zmXZuZ79_FsSfpUiddcP_516UAAL7_7xi7ilvIGDhENeJM7P9xA5XmqDDLi7ZXL_gWmLQ1tj3io4Sc6XdMbYQjriIhPAFfnMZxDDq3KVudUlQzeoKVevNpRcw8JIt7P20uz-r_QBXFwsq4lJUtKbG-LAdyq-DZu7qveYt8yiX1YqUOJN5ngwGVQEaw4jUfPBxdZrdfd749tl_fdNnUNtH0Kko3T3zDIyPhdaG9qNyxalcBP8vbR-ig12nLirqeZnuwc8SOT8e4nNdlFj57MrpUWhHTZ4A7xJv4VOgzO7U-_MNSKU9uDad_hQd6t-JXRzaVFa5iYa1Qiw4O8seFY7l3SelMOzA1QsjDhcW_mrU5YH7G7h9NeDYDTDzIkJ3nlBSJIbSUB5vjjqIIbNk0xOQHAURjBnkFzeHKe6aowQIoHaYmTHVahKZsWu38ZoKwbwssn_Be-xGAlKmKNoAP3mSxMDdI2pG1GQtZ2HDnACseDNvKA&cid=CAQSKQDUE5ymRcuvD5jFg3-U1xFrRWPsojFj9PVodXHDQTXKuEuz60XBzTi_GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=17678322049815730000&adk=2191498966&idt=321&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b6f03dbf7a961d2263d9b82514563951150b0e8e8a1f88cd40cb17844446a94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35538
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F459 8 KB
895 B 43ms
42ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:21:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame F459 2 KB
765 B 33ms
33ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame F459 22 KB
9 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame F459 3 KB
1 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame F459 20 KB
8 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F459 158 KB
48 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame F459 34 KB
14 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
DATA 200
OK truncated
/ Frame ECF9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b68d120efe52bc7011381f0162949fccce5b979e97d6e2b8c3fab473e2cc7f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2E2C 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97fc46192ba4021f1636ae312a3b9fc1c22e9e1521ad9ae565d359c406e1c056

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C523 143 B
166 B 26ms
18ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2527
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 08:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAE8 143 B
166 B 21ms
19ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2527
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 08:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 738B 1 KB
643 B 22ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0956
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvLvSAgCCJ8IXgY4OWDyBBwfPLwgG_tzl9zk7btGMH-7tFkcKIxJXYw1-ljYvqEk-2RBfrndt0ZIfjQLfTaO...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvLvSAgCCJ8IXgY4OWDyBBwfPLwgG_tzl9zk7btGMH-7tFkcKIxJXYw1-ljYvqEk-2RBfrndt0ZIfjQLfTaOqjzN0tH13va9dqY

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvLvSAgCCJ8IXgY4OWDyBBwfPLwgG_tzl9zk7btGMH-7tFkcKIxJXYw1-ljYvqEk-2RBfrndt0ZIfjQLfTaOqjzN0tH13va9dqY

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: MT3 668 4401257 master hkg-pixel-x26 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvLvSAgCCJ8IXgY4OWDyBBwfPLwgG_tzl9zk7btGMH-7tFkcKIxJXYw1-ljYvqEk-2RBfrndt0ZIfjQLfTaOqjzN0tH13va9dqY
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0956
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_push=Aer7DvIyGgHLKwMGJnmb6hcJ96uJXsJEOYFPzyEXFZBJDEK6UO2_auDB3T...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_push=Aer7DvIyGgHLKwMGJnmb6hcJ96uJXsJEOYFPzyEXFZBJDEK6UO2_auDB3TW4CtB9AApMwPuQBTlwowrxffRfG9f2htxOGZgJQLO45Z0

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220047-HHN
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1679650730.812126,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_push=Aer7DvIyGgHLKwMGJnmb6hcJ96uJXsJEOYFPzyEXFZBJDEK6UO2_auDB3TW4CtB9AApMwPuQBTlwowrxffRfG9f2htxOGZgJQLO45Z0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 0956 70 B
265 B 155ms
44ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE9yAMIv1Tx4WXXMxuPHd-I&google_cver=1&google_push=Aer7DvL61nauQBrAUkeXNDuOEse6BwpE5aEMVzPu2gSCWih-3x1Yt66ge-qAqZWLA7_P6faSsMdyxB2pCLYvDP65xsr8niygOeLrog
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 0956 0
98 B 89ms
33ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAer7DvKh6-j-A4ZNukuQhwtu2wDUxp_oDtr0ctH92cgE6IFBSb9Mia1zm8sVeDfbr68uLXzOvI__N6coEbRLYOAlGyFvC_Wt3w3ieg&google_gid=CAESEEpxCzJLkG70X_-2KDLSmFg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=75&slotname=3616667720&adk=2842032366&adf=776186312&pi=t.ma~as.3616667720&w=300&fwrn=16&format=300x75&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727866&bpp=2&bdt=375&idt=647&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8289227754072&frm=24&ife=3&pv=1&ga_vid=1570082638.1679650728&ga_sid=1679650728&ga_hid=256146508&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=75&ifk=1734841143&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44777876%2C44759876%2C31071755%2C44782467%2C44786631%2C44787455%2C31071264&oid=2&pvsid=2284349887114769&tmod=365673818&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C75&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.yc5wqooqzefs&fsb=1&dtd=652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0956
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvKHFcyz5azmsnqM9Y0l5hOW48Qu3BKwKs6qIWtZsvLM6IC2qzzMOnlux5EWpAwl136UksuRsCYBEc6kLt...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvKHFcyz5azmsnqM9Y0l5hOW48Qu3BKwKs6qIWtZsvLM6IC2qzzMOnlux5EWpAwl136UksuRsCYBEc6kLtAOay...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvKHFcyz5azmsnqM9Y0l5hOW48Qu3BKwKs6qIWtZsvLM6IC2qzzMOnlux5EWpAwl136UksuRsCYBEc6kLtAOayukgRt4XbIvfA

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvKHFcyz5azmsnqM9Y0l5hOW48Qu3BKwKs6qIWtZsvLM6IC2qzzMOnlux5EWpAwl136UksuRsCYBEc6kLtAOayukgRt4XbIvfA
Date: Fri, 24 Mar 2023 09:38:49 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0956
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEKK9_U06XKWEO4r-g9VDB4&google_cver=1&google_push=Aer7DvKxmicgSOGrIqGKfMMYTU9sKsFKiT0obQJiiv1c_NYIjL-nkjp_iEhdWGjUdXMvoYdMunL...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09ETzMtVC01Nlgx&google_push=Aer7DvKxmicgSOGrIqGKfMMYTU9sKsFKiT0obQJiiv1c_NYIjL-nkjp_iEhdWGjUdXMvoYdMunL0EXyN_cg1vqiYWNsnHG9dSrSpeeU

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09ETzMtVC01Nlgx&google_push=Aer7DvKxmicgSOGrIqGKfMMYTU9sKsFKiT0obQJiiv1c_NYIjL-nkjp_iEhdWGjUdXMvoYdMunL0EXyN_cg1vqiYWNsnHG9dSrSpeeU

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09ETzMtVC01Nlgx&google_push=Aer7DvKxmicgSOGrIqGKfMMYTU9sKsFKiT0obQJiiv1c_NYIjL-nkjp_iEhdWGjUdXMvoYdMunL0EXyN_cg1vqiYWNsnHG9dSrSpeeU
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
Expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame 0956 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0956 0
12 B 32ms
29ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I0REGZ1xXrocVehtDO3NeBqFVu5KrCbLeVAtkTRhFn8jmU6LCpcSUnUZ6lyPwOT4e9bwkydg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2179 16 KB
16 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:40 GMT
x-content-type-options: nosniff
age: 262869
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:40 GMT

GET
DATA 200
OK truncated
/ Frame D81F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 034ca45cbb529fae03ef3369e27196c183682014c1a2c68124702696797df250

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B418 1 KB
643 B 28ms
27ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C851 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4381ca6d2c4d3e21f899823c0413f157b52343dfc2d6803c087450607421fda

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame D81F 28 KB
28 KB 20ms
19ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:38 GMT
x-content-type-options: nosniff
age: 262871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:38 GMT

GET
DATA 200
OK truncated
/ Frame 593F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3617a94ea1a7348522bc5f79cac7ca75fb37403e83861ca8ab62fb69b59300f7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css2
fonts.googleapis.com/ Frame 8243 4 KB
636 B 28ms
28ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:12:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A043 8 KB
895 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 08:10:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame A043 2 KB
765 B 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame A043 22 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame A043 3 KB
1 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame A043 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A043 0
0 33ms
31ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS35KcSZxYJ_l9rePYERPtlOLx53nU0NgR2OgW6gFDqsWnqzMUCogs9gMmD4v46VaB4lk3wak72RZTh9oXs6RAYOwMwRA
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A043 158 KB
48 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame A043 34 KB
14 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 21:56:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 02:42:45 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8243 205 B
229 B 25ms
24ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 08:50:05 GMT
x-content-type-options: nosniff
age: 2924
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 23 Mar 2024 08:50:05 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8243 604 B
628 B 25ms
24ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 08:42:22 GMT
x-content-type-options: nosniff
age: 3387
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 23 Mar 2024 08:42:22 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame 8243 20 KB
8 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 17:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59844
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8563
x-xss-protection: 0
server: cafe
etag: 3720302941478166528
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 17:01:25 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 98CC 398 B
222 B 67ms
58ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGIHsmeIBMAE&v=APEucNVqN64mYBGgmajhiFlwkAqi9j_yqygwkY_FnBFxKuKkFYP8W8T_f9cBDPnzG-A5b_Ope2q74Qt3MJ9p5DGdWecJULkO0UPAr3ksq9WyQystPup9yf8eFudtTavbiKff5Kz5UMDRliGDuTCC5sEsbTPOLacw5szlZStKFsB3bwpaPmnCMAI

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 202
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E0C0 78 KB
27 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0C0 42 B
63 B 55ms
53ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BnTLU3gwzQkuSIksdfI9ffkto_bRGqxJ1x8RzzGA0CtGyMRb1cYVr1PFc75h3tFb9jdfxYrBxbifG992XIhnqOi9C2TJfY2XbYeHon23vHktBLqIE

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0C0 0
20 B 55ms
52ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17528183328642311330&x=1&ct=77

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame E0C0 2 KB
1 KB 202ms
32ms Script
application/javascript 2a02:26f0:480:9::210:ee0e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=15911784&cmp=203336&plc=7224807&sid=18330&dvregion=0&unit=970x250
Requested by: Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee0e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 10:59:51 GMT
Server: Microsoft-IIS/10.0
ETag: "2d4a10aae224d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1170

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame E0C0 3 KB
1 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 06:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Apr 2023 06:49:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame E0C0 20 KB
8 KB 26ms
23ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E0C0 0
0 28ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTqMPUruhbBZ34jvU7_Mpx10z7J8RpIvhwCXW9Uem6WIRzqJnBRf1OxnVYWZyL5edjs7FbFMZ_P74oApukVMfAywyAIfg
Requested by: Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E0C0 158 KB
48 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1351698/69475176/ Frame B0B8 46 KB
12 KB 45ms
44ms Script
application/javascript 52.48.240.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1351698/69475176/skeleton.js
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.240.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-240-209.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 59ccf972686ec8f63ef06ef82b4bf7fc02fd4d6c0e037e1e920fd47c2b11c59a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B0B8 106 KB
37 KB 34ms
18ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame B0B8 11 KB
4 KB 32ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALEgDp1pmCUzRndLLf4nSHqcIDGIc7LXnD_wImBQhq838yUQAUiO4XAb17uXhGcayanHnoRBXAXjQNRhqo1X48vZ1D5Q&cry=1&dbm_d=AKAmf-CsOxITogSH3hb0sDgi_6onTc2LDf6e7WTWG6o906iO2yBtp2Hj-O_fM4Wht-YVHKQVWvpE0xbUM0KRbJHhyF1OD_ZZb7Q6gVCUPmaOoZ23RwGvfUGO00-7gZtMk6s_m7sLnNHUB5Z2nwqoUOstA3iiqWaxRKRcQPMO0knrMdFoT9WpO5bqtNdiEnYzQBhJ051Lrh-qWXwPegCDQdfpMR8ShrDg6_C1Wc8JhD82P13uc9Gx61sAqxgXwAN1POCjUlqu6FD7P5THZb7uj8-urfkXoZgUTaUu8oXms8QpBOQlovoPmZwQK5PIkMP_wWoWjAQV8sJobqwNxIwXviKDuLJB2bi7NF9Y1FZdoJHhnUic7lSyW3zqwpsjzeFOAI7mmRbaO1DqjOtuGjN9FlpgVlOPCIMGKoGI3I-YCMYH245FONenyFOpxAsJljJ0J4-Sy4UXq9GrJJV5QWuaM_kbI_CqH4M8JQtZFD3XamnGs8SsnA5y-jfJs8Nrn4cIIahuxM3twEZvH7iQ5rb3oCgt-llZnLs3Gyfb_f6Bf7nKIggVajMacBoE6AlSLOmiovEsNRa2GH4ohsP-cK6EFeYCAGLBK7wo36EJUMruEjzpJOKe6y-A6RcHxj4SPnGbBUcWmEnp1G9kLpPro8m62JjkFUl1j_44Z7pxdF_i-Hau9N7L4pg4ZIoEX19IJTnsvtFDKMoDDUhVr1bBepR9lAmh6XF_iTHMBpNu0f_LncnooX6GBneq0zuH1f6wXBYWM6vkDXlry2963v0yXxe89ZeKI8ShtZTHZRMvXt-XVkQmMdUBvHt0ZGjjFD0QPOKj0X9VOa8XLdM9obqhl2gjgt46Ls6CVPTmFvqqZChX2lyTpZXP7bm-UrY9gbpkiDeUNHBZ5Ggkzn-fPL_eAQcnut3ys368A2Xhl63K3QqoO-GmlbEbyAXOAum2GAWp276NQhPmkdPMRDaszM82XhJQ0O3kAmZsyYZSYvcmy9ZP-wgjN9JjNUtPpE0kDeIK99fohcv5yTJFR6XKrImjl0TQw44MgaT5sYtIr2TbxWTARe0qnXAgCneP2ulWJvYrclSrbUqcV5hLIVpjRG4XwvC2rc0guUbeB-olWODIBm_0zwYCY8IfdU9vu1jcGAKs-XXVC-_pcSFBIDzlUXUtKowd44VdexNSXRU6jHincMnHd53crK-ENyuvl7rkv8B1Kuwg4-G5qbkptkT5RXV7lT1rNt3s0EzTMe9pbIotvi0KLqgYP3yo3eeWFT5ZMBXelXhhwCLuXXX3ZMinRYOLAmRvTl1qQUjF9USYA2a02DTGPMzLLC9DeBVlxG53TbAp4b92HvgnwFPZac9xorbpIsFZCLhs-XAeHM2PVJrjYGU6CrWc9i7NUbnOB8iE5s8rGaZr-BoQvSG3bpBNcczv0GLZ2Jrb6S175I7nG_aMF6r3V2zZn5ZNklLJtlBP_c--dznSvxAx-bF6DIYcjohlG2_vxThhrvDoe-Arb85-vtXQv4DHyd0L4HA1WscH8g6NhAz-J7DII3gtPYZSdu--RpwCTND82mYObZ_zhAp9gd6yC5vveouV8p0Iu8phyBy4NI04WDHH6FlZ9jm65EjQGuQRU5e-Vnzr8I-KrFZD_IzKFbZ5GoqvRMJ_-E64wzZlYjUDB43fRcF_pLodRR-iYNKYBcU2Viyz8yUTiVo6El5xroGvLneW6KJOCJuWADo-HVaa-hUMFiFdMR3u4xBFWltrXr8XSkIBU1YaOnarAzz-W1BgbO86rKG93Ud0BRYBH6RoOPYfccwDbu-G1CcA9RU5BccQvYhKZ61cVN5zhUjF-qBCqKepVKmeUFeHwLXWD_irJW3-QY-wvmTU7Y-qWM1AI7RlCn8dez7VUAJhOrsvux3m83bVdkxiHrI0epMps_wSizRXx9DQcT5ZGqIFZ3wG4oF8DKdY827Kp5k745YKBcJVmHh1SxAd7H8xcwbt1Lswtm4HyVbikSBYLRXJMZSzkm3i3UYOwpkZeLgN7LmHPrE9OKFHEt4z6u6XN4tz2oIn_17T2_h2oM3brVaamjTqtX5pVQq9FCY_kAJrXyjMsBV26Nxee9rv4QP6KdvEu1TOENuImxiNoYyGu3sVVmXMQwXpf03n6J3LhqgiIxJZ0rPQwnXpxJp2buireXl0wzgqTH-pRJlZoHJUWWtkiMCsDnxJNBfz0Z8sTlsLnAnUK9vT01Y4KsHzqbahM1gHa2X7SGYmZnbpvHgBYRciRxuRR2H2tOXP1PDBCcHZT9fh_FNkiZjPaiaENSY9sT2GsCdje6aMLTM54zfNgsntlA2qOiYOBgSck-o6zAk5v7KiVc3t4xRR8ujZ8KDay1r8gR7HbSp2caQz4ZiNvVKrmq_dn3yQrk261OQMaiixvJYIIL3JtzBLiqMfuq6_xoCspqtLXWDdRS0YJwtyX0kK6YJUf7Q8rF9-dZp8W-eiVp5cHUDd576BbYh9Uy0MJ6fCG1vtyt9q3gL-PHtZKkCPTEjurMuw-8vCe4R5RxhCtfiKlbpH5d3wJM-5WhrPA7p4bbwvxxsm0zi2uBAxeuGdSeb-k8halwCrpLj_KIy8301tOfVzuxdKQLYALJt9icJnvO3hoZ8rsNaqzG4RolH3QmuCDvJTOo6ElDUJTatvLkjo57FONoRl51sInABrLuoXUzJ4ol_2cJ53yHp9nIOG_LG9Cp1mxEri5k8ZfTA2eodquPn3zB7flpRcfWcosIBSHx8bCWyHZaj0FIM9TYPmPm3ehbKYSjDvzHu4bxUafZG91Xb4uEBjEj7_cnBrkarMeLUeH674G8fQVmicFJ0CUWL7Zradol5A8wVw9AqZn88p5j0kA7JEZNsyy1GAm8tMrHWFJH2AkjGR0FeWsK0LaOy7XLkoDYMyUjLiloE-a0sz3wnzrHwR28PEEpuFHh2QlJXy88z9pSgV65UtZc_a4n3Sjek_nJk_DSHV4Z2wd53Cy7j4Vs1l2x54cw7XjX3DimgWUwawH5INID8SBXrnxztpUqI1AdUaacuK3RXQRZy1mmyGatNQngfl56Xg7MW7AEb678erIOyUcaHXKwhcWFpSFm29w52LK7FXAXZH3kSAgS88x7A0FE_S6mMdykpKVcn8Hha7Y-P1Q7437b0NWzcFnsBB3qW8adb_uNjjuwueqW8XGRFimlKgcb9EE5yV6SU93J9IJLT6CJanmW6Pl9hy6ZcSqlYgFuV0DvGgna06arKzsT8zRHKBVfBDdFpSjwJBgUNvnZUPxBqWfHfBvslr43600LEbR_dk9w&cid=CAQSKQDUE5ymnagZUZn9FDqQ1IhK41ohmAwT3lHhLGdbN2ZixOUkUtbhhcdPGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=1650744365359390200&adk=945720016&idt=255&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62458
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame B0B8 28 KB
11 KB 29ms
20ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62458
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 02C4 143 B
166 B 22ms
19ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&format=468x60&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727890&bpp=1&bdt=390&idt=640&shv=r20230322&mjsv=m202303230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2011364098162&frm=24&ife=3&pv=1&ga_vid=765731676.1679650728&ga_sid=1679650728&ga_hid=530975814&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=1680904070&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759927%2C44759876%2C44777876%2C31071756%2C31073105%2C31073359%2C44785292%2C31071264&oid=2&pvsid=4439608642517411&tmod=2014917502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.rgliiog0vwvd&fsb=1&dtd=644
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 08:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CD2D 1 KB
644 B 22ms
20ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1333404/69076800/ Frame 2779 243 KB
73 KB 46ms
42ms Script
application/javascript 52.48.240.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1333404/69076800/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16627720464&bidurl=https://www.kesatu.co/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hwb7J3u9Wnhb7q5rtaPnWM
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.240.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-240-209.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4455ce32dda87764fa53b686912d078c7657d7ad58551cef57387d47b39ea788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 2779 106 KB
37 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56019
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame 2779 11 KB
4 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BAG_aruxOjyhNgt1Ks_mywubb7wutehzv2-YL2WyFNwpU07zg1awCoGX2DYuq1SXHH5akonWfyNRRgh07ZAIvilOJEX61BBJnueNOtjs-6FNio8MWJjzfv-pfLkKlBUQbBMeA0OZF1jvxge9qrx4CK898Eagz3Ier26tb1TtM5sR1ORho&dbm_d=AKAmf-Cj4d5lsFkJKmu1BQ41pBNBad9stQa8APlDTCTAPasRUnqnVEb1OQuYUXmNV1_Y4jPDT6ZWMkwAGqZpOQEriaILrMhhdKYksaiB2aCzuna2P0V1BMBaglINx-9_uwq-2I09xqvK_up7p8ltvPh8nRuIcx2aVXMpiV4dcb3jPPX5QxF2ZO9zlIsmDI1IFnG0yp8rWIr9ZWioAkwKx-Xpq9T55fYRyvg6vRNK7Wx_tQhRFcBuWGTOJlycUPheXWYa4JI2A4fJbE9WHhm106ETstSUMP-_aLsDLzMwvkBMK-ksYhmGMmfbWqVASMiz9Fl7eZv3XIgtVUxXxlggpQYnnbnRlPDY9-hrlMhR_PuJb7xpeTDfiA5CSbIfepzbPwJtWvJkc-OQY03Pz0Ix72Ws_5St-6S2av6TnyTFNEooHSrJHS7fOl4jyavNxnQKoeggsYPLRbPiVvKDTx01kr2puuGLLTy1JUrTR9-LgDOwJ-ufYAAM1FQmpAwF2BeD8BpoogIRh9p3KiMlBNqyC9TQTzCr5FtyiZxuPKTPCjBh6t3iyXaTSHl4rEry5Dyz67_3NoEDjPJr9B5HrVKiCwBE7HcWjtqoRVm5k00vjBB39YF2xuWjiY9yDmuKUMzesb1snQpKasmoWNLU0BooLhNeqAAT_rGq0q7p6LX0en2fdE4XLkFK2IjC5dH-tO82Ck8dKUmfAtTL96PU1wnZAJYRWWMLCbPtVozz_6lq9IR4mnHw0MgN5oBm3qvwneKJ6gFwPD4HtEWrzf3trbdXi6LYQUEFZiGryDWRm4Rt-FrEUygicE9vQ0VZrrHpO4lpMp6uF7llx5NF-YdBco6e0jNgqZrC3NzIBe9846BE_KmxHtp3T97K7ut_Yboe9O90oxox9NcRqPLlNjfusbjVlND87ciXN47GATB6UjST7XesGah9srpKqrxTII-eKQ4ytExbdQxVDBs0uh2Gvozyb1Vs-cXv114abHCqkT5d7dJSfn5Quwls7wysr3SXNHRdheivIhJQKhKBEhHDnFlnRVA-YoPBDlJp9adeDV2z_vTeI_f6VxRXrDXiopx5vankAIap5b788rBSgChVvT2P3a_ijkHPkBdaf5svGSRpGyQLjX30cVNRLoSWbbQ98sRlVeWHVqhuva1CG66iW-PDEXuowZBTQin7XohS4qm7PtvwQBD2Qjcm5X6RUCCKmjnJ0VjpQXAUpmodJGNqfx09KkkNo5Lem_wZ__G7blfzTGgMQe8D0YBZ-tOwz-aBs_KhlRMX8DaiF2EqW3UEmFeEVvEt-GxbP9iGIHh1fa7lTkx3PPDg4Kgu1qLc3Rv75aqmrbw_LGORxqJApR8us9VgeOmRhlkBiVS0BNxZ2uXKZxQJA04nOAYWaZdKBsC1es4ceYfoxGOAkzP0WxrFpLtsdswytcBMkTmpie_M74WeGvP3sv3jyOon4qBo5R_IiNoEUGc2_0s7gFZKks2ljGjh3vjeZ-ZHrxLYRRox4VPTJDEX7tExU_A5Lno1iU0p9LXJ2VtFxfMaPAI9CUCn7zJa7fGK-4LfpkkI1R9qpgjOf9IBZ93_ZsETU9iZK9ZPgWJzuQwh_1GP26AA99qn2bEYuVRIBpJa4lA8-GHyLMB5dH5idPra4htwrHoDMPvNIOsvbJqlTqgl4Sxr1LPuL8nEC7JfujXD3Ub5J0B-IXDyc5xQz0sc6aLKMd3oS7a-k04KthOB244cd2EANU_zJP5fdi_FDOB4Xz2WnODIFJm6-C8vtTiv2sPPZYa5o3e6CUA-M1LuAo_SlaA0i-bJzJGs-2xQM7eofswbbmMGaRC1xTmNsDqfKmR563g9CuwmAspNKcYE5WMqKfKosfSRVld0fYUeVKAEBrTGx4qiamxHGPePWGGEaZsVVomJCsoCurZVyHMYwzJMbGiZp1iqDiZ6_XRQpt4TuNB18P5bTI99HL5SOGcu9_jI0cQIdJw_2yJww7nqXIHCacEoYY4RWEdQ-7OKqKkC7vSXFtuJ0lY_TCEnNU8UZixrSECQbZexghrv1RLbqgahGhgqC7nUPUHOSoqQdU0LQKm4K9sEkalqMkpcPSYOB8eac6yIPGCh3Dqx8P9qKNcliUAlFVVT9DTQOzkSeGG02081NXin-Z3ybiJm8PDWDskH9kTqtwmty1s9Kbmj4MjImBaShcTys-XOU2ZVuZOUWxVkJFgg8HMV-GE7_Av6Gok-QMTullXXtAPA9Ww1sv1skNpBaIRXxHeMvUhUauPl_dilyAkNzmWxKr99mm_6VvQMn_ZYNI6buEFIuSAqgTnN36sFJ2AjD-s6VRu-uXh_ol0JyLAM4_3sb78nLeoJyByqB5zioBCFL6TdyZWjxI3c-n9nnSHmH_ryYIqup8jsJ-iF9BWxIiAG_QjdEOdVA5VwwqTS9EqIS9lmH9YzLuYjOaoxdJKUq5eqC21Wm-qLAFhkFPf6AhmROqnGUs3J5t_wjalpb7LtT9qmlH1mAOxZzRGt-mds7bMupcVSjA4_X4oTuGKsPqwMvQOMZpMG584xZnplpp2pmpKRDcfi-XTI8G42SlPdQXa_ceQA1ENBZs4EEMVfCUX2ZN52qmceeByDYQMJgjzAfHrOQWXdwsTOPbzmwsjy7_VTwuqr6rqcIOq6f_0Lt830V0mz648_6a6-pasu8wTq3VhgmZZmEjajPVL0FRHfcDaVXT8dXHulJHS_TOIG0tgr8Nbnyg40IfLFmIDUc3D5p41w_W7WSNKNdy8WY8lkHVyV-t44ued32GJrue_UFI-l_9SkltvT6qdJnotmOss-YIlOcF0SQiD7QQGHEekqND1DBaIV07fE7l7rqY6I9CjMwOF3QVTUKu1Ds-KhRo0XxLD-1sipOznE4YHtch5ZbGWBEg6TDtBO3lDIugEK13knA0DR6jH6exe3geaBvwGQ2mYZI50kYG4s9okvyfT54qDU6SUX0K5uEnTcQQssK7yVWp9jB-pewxZd4boHgA8myYraRAACm0kxer7VWlB0fdGpOTX8iy88lW9VIeUR51ABDbqprnI9kSYFwxoW7KL9l7whTqpK8QcUd2n2bz-8h-33X4eK66jWOvR443dbzFtQjJ2hfFx3Pfp5rmF1rkPjMyPX2JG_Mh4X8iColEkcLfzyiTsqhAGJ5KpIgBLMrZU1CCjHvq3Ay7Hk7Stm1CZRIcAgFg07Ddwa5GVUIOhxC6jwaR6ZGrvfqiHMapmHcsFM0qARtKsSOaOUTHUS578OU07lDcSPJ5SETHeua5iUTQaAiyGz_SOeG6sGv0nfpd9UCg0VCCivblrPyXEyfDWpFl19PTMm5aD3s_AS&cid=CAQSKQDUE5ymQp0jh2SzTaL5rf34ZoUNWrSazMgSzGVox6m_NQeo5niYeR-7GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=10710016312983839000&adk=608880704&idt=307&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 2779 28 KB
11 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1333404/69809932/ Frame BAAE 243 KB
73 KB 72ms
71ms Script
application/javascript 52.48.240.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1333404/69809932/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16640277530&bidurl=https://www.kesatu.co/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hFbNHWvxFREVfxJsEo4hMd
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.240.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-240-209.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 83eba7a2beac4d750c0ab403fba9fc91aa36d4dbf6bee0d836b86d48be9fa074

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame BAAE 106 KB
37 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56019
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame BAAE 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DDv4YjOVnYDfZH3odmrdTVoQ-2q9mWQh_Ch16Aeg4cpffjNv0T8mB1ZjYCx6kaipjnIjB3DSExA9neMYZib2uy7NsR141MmiJJ6HjTlkw6Dn4szQKYPkAoQntC5tVlKAQVx-PIUla3DSql8hA8r0SiwHy17NCG8sl4y-CE29rB_5ha4Ak&dbm_d=AKAmf-CB3iGn_ona9maTV4gHjzuNrqrA_fy2OlEoHrOBoF-f32X_bU0WH4GYVFmze2zwbFwtyR-CRfqJA8Rt7ZM9DkzDfs074hHnuWVhkOkqCRLnK2bgQek7hiBDYyNVcT1IKRpxdSFrljQpirGjP6VqBsrlJM8j5ZQBhUAqkEOOBIAk6ZWzwxVYqNv7VQ2f3qOS1AtWKB08iqJ5v2-Q1ZeO3-6N_RpMZWIw5nxrmpZ69koP1dXZ5WOXnkYxCC4iMr8sRHNRq-K9kRNTB4JugxRiJwE25-2EUSAypWN-4FI9sQVvopoP4Iarfu0iINDdDzNq6pXqXvVypVA5VKBcUctW_n9E17rXpJTWtdM4OI7S1VLOVFym_Wj-xnaSDtVFmxFH2nDjtYt7JWm9TZq7fioA1n6gNcDyK7kNYIrCYhXAlGCiIac92QNepsqrLKZRyylyre6kP-atgaxMeh0k5bx2Z-J1ljS6304KaS5zu58swlYgo0_r22zDelTJQIu_-vBELMpz3Aal2Zp9Ygqxrd1LxmV01Ygv3xXAqqgNTkkDMvzYeSnHyl3ULaJgHHf_r9HVFNuVF14tWg-BovukVZ57y_beTDLxHOemqEZKWH2PC8JBn62AP-GfjQAh5gssDhc3fh7SfbTbVQMGgl4I0PYOt5wOm93Y0bJNqaEijEE9-r3SUTiF1cXCNdvjMRFVEXuFfO2aABXvR89RK83DcKp88DAONGqidvjK_aRKri9BChVliyJzuxWfpkfEAvk2x0k29On22yc5IPrTpvplx-S2ReTNq9DabZJ49OxhTXuJauerTkTKYRu5U3M6Ati_ewncEC4GwqLHxWBOyCGyjuR_zlnYItdTk7Yif5O7K92DcG6Jhxc38AZSo-fJ8-skU4rQYdg01Xr084Y-H5Y81nYsUkGLeI0igXn0dZShF5pM2Ex9OIgbKO1--TySWp6q-h732q4vkkD9rFLE8IqONYZ62oRmtbE2EVrXxwoht_31Y6F0yb3OK78_xyDjt5LDnkbdGmTHoYqpSahOm4UTmxkpzD6MyHu9RHhCYGSDuGsBbiiLAkqhds6MmSlE8MMckNfqKNPCDUtbstmfNjzWpyhVFyDnGnQa2AazoG31R7lWDJ8WNdH9pboNN7Qtu89BKTv_vQK1os3aHEdDz_0uRnFKSAKg1CVh_7KZsWa5U_dANUrH9VtThnHPZpUTKMxXdnBU8H_xEJLAY35vJk52k6bdwb8tzZs1PTMCf0YSBpoXtRlBYNSROj-5C1A5KpUcW4Xxsy3PsHaSKqre64QQqQ0ujpyDet5o3uy0ixtESCdFcGeTS3rX6utSOhoDTN1rqzX5kMAGk4rJ46GjGLY2WDZYDIwKJ2qZNjJLzlz-Mucui4Tk47RZakKGAITRyzdxva1bXD3cIwMFYeAUQCbVIm7gNVydJt_gS0O6Kcop-X_itSSCyzHPQ1Ri0BDGg4mSWGEQQc3JNdcgj3ntC2lZehyZbgCcXVI7UJVRaC7baCSQiBI23yhK9DdXmFGjD_WGfSra2o_sOKqb05JnKBjVr8hQKsX-pD192exsbzRJv9UOp1rEjSrSVnsQP098tPHysYnfjvFtVOfT1Cdl_vKi35qM7hxo1mT0HDOjfQ-D6Z8AhsFV8VyJOADzfvDzz5Uhaw5d4KBCjPd4S-eKGPWCCqF2tZwkzvo8eccJVpygtvlm4j7Eg4O3CjeAPGttqVFR3NqLYL_aSfjAHTvDjuqbFYcopsDoRg-F9TBkuJm0ef2qkl-6YaHgCtkuvmEZrOtow5NjCbN0ITAtyGPqhzjMy4aX7hF_FYZMLsQGLTSWZeSqnO0tVciaQUEuUNfj_VIPzM1Gxj2SQND8OetUIqmLkogWDB8geFQ8soZbuA_q7ZShLnvovGmXw0bLUT08N0bTWKI1PElIFa4h9nxuciROCCOC1gBzQAjabZXJUC1VYRC7K0gSV-tG9osCjeMEIJ2nPWkqKgN7cC2uHh0CJ5ZgWzB6wAt2hbrDOvEwzzpjCm5muEOgM0gew4gkVxVqTfGzQFHkkX3klEZfCIfu1p7BYIyNPDyz19Q94dqCAOMOXMyBf59jorQaYGrodpobiP-OowqavI9u9sT3-uUhqf5LaNomN9kBw80OEX1C9Nn8iXBEzJ2mKld5EuosFpRozSkU9lqNVBg3Gc2xr0stWlVULXhi6S16cnVkQ1fQzqsA0jrkwPZ5IVkyGMqrXyQQAcAf3LEy7m8cix54Apz2aGbk-_FEhC7E8y-xRixeBkIoNk-P_OVkxhrNrqvPx8TaUWVA8KVmKrxx-rfbYLmlCXVZwy4V8_P5ydXEGCJsGUOF7iaNy4jX1oxC_eP3b0bP-UeqPxF_hYDHrbuDeI_BeyiQF_jAMIxTRrIM3hfypevNRHBx1EEUOI9bO-TpxpEQuTsyCtPieGoLWDhzH84k7_GtRzE_7XMcqVO94LJDas1thr4gKskXdnZ78OObWEptRySw5b-MeyaO6M6BfIndX0J3GCt4ZwgOJKsQ83aKp_2_XCXaahC2UtI6JyXmMzjxgdLScRyLjg9LTxBDNhoZm9y4TZCjc7WhzYUm4cMereZ_jOR4M_udEzTx4Y98qFx22YR9ebyCQWahEpZJ3qO7qDKYEmaC1uu37BHccTsbJO0-0UB4VNr7R934af6zHFQ5EykHxe8E-IAuWA_BB5LRd8SeGHVB_EfEsgkLiQr_K13leZR43hixTy7RpkjcVAc1lu8FLKekwjsuhefauxZo4FvR2D-3a6D4yaqEQjW4ofHfxz8zJhQe9fmP9Wox3mrQ7vVjUO9qKBqAQnbyidtBF4OLOslEf_w8De5qU3B8bXyp4r4SSjocJG0pdFRGncUuDantG60xkP6R-oZTQ-6fRE39dZbBlheS9lbQGbotNppSSLiM5WicXxgCEJqaBXjF4sFyAs97XFrK7RBqwdfMcaaw5hCr9aixKNJsNilu4znIp_IPyU5RvNWLhO7egwxf3qjTsuaDzThbXe5f8I4hII8JSKv6UrNa-gB7rwTAzkTsRGO10IFdtQRZLXSyrxTozrPHt6pRUy5zb_vG2y72sWDHg2lmv3ZJhY8VZ-nrgVy5pZqWqIEnqAYwHfqpIYrGvZRrgD7HJ9ey4EP9YHIh3mu0yINnzYt9ZT0B1iUDBWKcStHj9AATEnCv93HLxwR99242chRbQDszZ1MOHMbbsRnm0ktcl1qKC7CRswHdeusH6v_7gh3kbeAGDAjmOovu3ixzcySpLZVWqXikk2Iu-X6stL9716BUX51Pwl98Ltelm2RWjRiU_D-ZXQw&cid=CAQSKQDUE5ymRGnmxvOatJ6WujnlNIZFD7-gHRBWVLVZTjiY8PQArh_Ft2mhGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=3446042989077842400&adk=3268666075&idt=239&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame BAAE 28 KB
11 KB 22ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame D934 106 KB
37 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56019
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame D934 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-IAA7FuCF_-z9DZCIUDGgFLTEFzb9FaTBQpfJ__pU6DpW1-i1iV_UDz-NmOHvOAARiiYRAP7dkEUHADw1gcs18bXNvw&cry=1&dbm_d=AKAmf-Dn-oiPRe7etr5OuATV_iAXkssQr69H-09dtvsvXZkxNkL6QbTej1-P6B4X_dYwT6WMacXpdC5CLKFtRAcO26XGt19IPWXtV4G4pvVNawtPOtbGTqqUALuiw41ebNuYuIzFx1x5lzcFvLwVmJN_ySnqU8ScsKTg2I318IWM-AtsAzjegswL5Cs-q_6zCxIn43haixshe-vGn4i55zvRigSrFs1rIfTkphx9MOx36mtqTFMY-5hD3vbppbXw8P9DxMQ1bscoo7T5Uvm7v5QI4B4yA6LrmNY4JezqcSGLExyneyIzuaujHcYUjKfAqG9E3mx_VrpA2sOUiYNbvbJ7GFvejBpAvyvZI4mObcB_iCkORnGeFzix0K3y-9capGNMsdSCEc-4fXlulVtCusb9qr5xJAVxaoc_L1_qIDLYuhaRG1ns0OqZoqeSM0oyL9lll6T9emN9HwC0sNwSiw2II9X7twTZxjA871de5uVwUUceDcRzQm-XK9teqFcEcpbfElmyOJypUEPedo8Rcjg9jNfJ2l_CyMJrYYdJVn-1bSOiVxiYXqGdBK6E8gyV2414E5-k_a1znkFg-aBUiinq_0jjqdTJPohC6mAfRHoXwCGIjz5IQzwFng-8mAPF0cd9tuL97GapiWpRK_IlPST20LQwFwkgxDGFhjmFroNSx8JVdPhgz39B11BRN_Dt-_xrGXmJU-K7c8UId3HnfbcxkpSRjPXoui5f1DTAQM0ns6ByqiEeJFmud-M4S12CKEjkc1mtxFHhJQnbEkgx3r6jRXOkEqe5qJcOhxwX-CC0b2iZEfBfQUopqYj6c0A2vOb60lJxdnjJF7c1x2gX0WUki3f_NbjhEG5Z2cFI46CHF52VoBkNMtpeRx17YfnYFtpIhUrQvzUNL0FjCZYYjmUhzXQkvoh9Y-5U6gn8RfrUzNvnRqUXUIZ6o_2VMRr6zB9_9SFx5j6GGVvO9hl7JlI03LPl141nJKKmVsTgmcZNJf8Z2r2jv2Pay2VgEyCVplHYNfuEnEDtpaN67HRV7mJvH52Iuu-o5nZW5PC21rEIJ32hQ09an0fr7VNLqw0daIGcqInPUw-_dRzwf_HRXuHIL4iV9d-I7w5vUbc0zQFHLKQuGKPtt8uWJg09hRQv5u9kfDPRFCJPEcCFCHsUbrvE21bcJfS8YQjUYT5te10mTr6cPTE0JSM9vLoQIdmjHiv44kwwPu1grFJNQDBA0awfYgYWwXQB-0koa8wLJNX6j4oMlP6G4Kn6lrOvN7fq7DXew9_rJ-6pAX-LEeBFnvazoAB_n5uCdDSCslRxHHdOcVBy55u-3twY6GGgRPbv3y2ZRHE0o4MKlEUVHBdO-kQPTpBr1cLDejrjj0nsIYMQWtxMnx1LddUYFHx9KxKvPkYX7m1v44TD2HHOkKV8jorxTspW97lWzQC-jxivjzmZTc-Z7FwbOiAOVgfZ3smZU3OH2NwbJxXFw6QDhYzEMoVO8krdkGas0KH2aDcHG061aAEmGLDKpsJpdRHkydxICuWQgiEnlQvsL0wAGNscFmSa5RKKnY5xICuIE1zT0yFTp4sbXxZmrp3SGuRs6yjpK9shdmFDZJrnDd76dftm8RC4W1uBklQbdvnVA5hdJ2pqF1IBW2eFAvYCvf3rLwt-cWaT57gFHAFudwVz1u5kWUvOdqmUivCHJicLDBEwm3UVTvCDBqzuYKM_lzT-EYrg6hGe5hyVPsQHEbkMXkdiW7uy6c66WC4-l0xTRujDfc5eoEXVXAZCk01A8_WvROW3Z2gygpfRLfviQ7FaEj8yUKQJ7gyLOw4I9rVg-Fk3utLHjQufCZ_817s4k7D9p28Hpbj9Idk8rS_elSEdcQdII_xswHNrnfhY7GBdmMC8yh8eY2Cll3zuhQukt_VOJ_Ov3_fJWqqEfxjV__Yc0OoW7qmZDbPua7yNAGqyTd-2ZT0WHnpERUQbT9awPpvy_s-o_D96s76l_TmeHrshsc9kj6DEKHD8G1muMC-O4ryGLsXyonnvWnbtoUfrAtM_NdfCSVEQrMpnlos6ROSv7EswKqJPJCjB_tHj7C7tpOWCGHit744BPwMrS7xiAx0s-1NmoHj20tTVOXZkZmZn8LnRuxDVrA3m-ijq6eWxDye5Y1QDBNagVGuQ_pc1FK_rCUtvR4ny8-vn2gUBeLzhX8bg3730wq_nqRM7me0NA_LLGbNgIJipYviBg7kzClF0NqeEZyZ2VLcRiuyBuHsS00UiiT5_RXThKkqEDW1hq3hoRkO9W-LvLPYWP54uHnaM0-0w0svqOSyrJiOHmfW3BA4aCxDvymIYWV_RPrvHYHN1ikC7-da5MJ1zmY6EgenXW0Px9eZ96szhdwNpNCNMAqLDV8dbzg7SJM-Ngtw1Vy_VGWj6Py99HA6vZKktQLRHY6SM2_1FpiveRPxWk4nKfAHnZMC-3RtSWdsyrpsle0He5YLFzW9UYQ6JicLCck4yFjblkhyOZ4lpMElzg9C6dgkivuSRGSOuumJbO6nc5cYwnODaK8YP9h2uNx7ko3tqOWb3ypJ_cOGQPTy_d5ap1bXRIng-8O0pWCzYRUtnNEPX7f2NhFwekJhDj52VIgq1ilnIPlnKU7HGmONeFdL20hNaWO71pcEI6rF2OTcbyJ0LYXVJqQDHuiFlRpJ3ll8aNp3D_zW_RQD-QZm65XJNHaYisgbEeLJiY5JUVxk6r9jySlDqFDA7_YH31BNPVa3STW1vso5c5Jn3WSi_NYT7Hlc12Z7AR6wJSlf83QCYePPziSiY2tBxSz4zmXZuZ79_FsSfpUiddcP_516UAAL7_7xi7ilvIGDhENeJM7P9xA5XmqDDLi7ZXL_gWmLQ1tj3io4Sc6XdMbYQjriIhPAFfnMZxDDq3KVudUlQzeoKVevNpRcw8JIt7P20uz-r_QBXFwsq4lJUtKbG-LAdyq-DZu7qveYt8yiX1YqUOJN5ngwGVQEaw4jUfPBxdZrdfd749tl_fdNnUNtH0Kko3T3zDIyPhdaG9qNyxalcBP8vbR-ig12nLirqeZnuwc8SOT8e4nNdlFj57MrpUWhHTZ4A7xJv4VOgzO7U-_MNSKU9uDad_hQd6t-JXRzaVFa5iYa1Qiw4O8seFY7l3SelMOzA1QsjDhcW_mrU5YH7G7h9NeDYDTDzIkJ3nlBSJIbSUB5vjjqIIbNk0xOQHAURjBnkFzeHKe6aowQIoHaYmTHVahKZsWu38ZoKwbwssn_Be-xGAlKmKNoAP3mSxMDdI2pG1GQtZ2HDnACseDNvKA&cid=CAQSKQDUE5ymRcuvD5jFg3-U1xFrRWPsojFj9PVodXHDQTXKuEuz60XBzTi_GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co&ds=l&xdt=1&iif=1&cor=17678322049815730000&adk=2191498966&idt=321&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame D934 28 KB
11 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 16:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:17:51 GMT

GET
DATA 200
OK truncated
/ Frame AB63 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79878c8bfe88210cd8d54af52c9199e525c19fd63cda51c1368d0929aac0814c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 593F 0
22 B 52ms
51ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=26&version=r20230322&sample=0.01

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2744
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIL69qGVJPlGQzjpPpyJWi7w-PrS0GmpweLgx6BBB1...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIL69qGVJPlGQzjpPpyJWi7w-PrS0GmpweLgx6BBB14a16fszPgl25g8tK3puuN5ZJjB1tjSfWlnA3huuYut7Gi5C0PuaKCj9U

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:49 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-017dcce659d1d3103@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIL69qGVJPlGQzjpPpyJWi7w-PrS0GmpweLgx6BBB14a16fszPgl25g8tK3puuN5ZJjB1tjSfWlnA3huuYut7Gi5C0PuaKCj9U
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2744
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvJwH4s0dEpPA6ljgea2TbFRSkmSm2CKHLVWYUS_1PU2Ib67vz6TpCt89AKOmFo7rgDyD84PMacWWx52SnOw...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvJwH4s0dEpPA6ljgea2TbFRSkmSm2CKHLVWYUS_1PU2Ib67vz6TpCt89AKOmFo7rgDyD84PMacWWx52SnOwKoOrIKGodQdBWA

170 B
188 B

34ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvJwH4s0dEpPA6ljgea2TbFRSkmSm2CKHLVWYUS_1PU2Ib67vz6TpCt89AKOmFo7rgDyD84PMacWWx52SnOwKoOrIKGodQdBWA

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: MT3 668 4401257 master hkg-pixel-x12 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvJwH4s0dEpPA6ljgea2TbFRSkmSm2CKHLVWYUS_1PU2Ib67vz6TpCt89AKOmFo7rgDyD84PMacWWx52SnOwKoOrIKGodQdBWA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Mar 2023 09:38:49 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 2744 70 B
264 B 44ms
42ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE9yAMIv1Tx4WXXMxuPHd-I&google_cver=1&google_push=Aer7DvJNnkhnODJPqJyR6H0BE15J--YwIVOoHHBDMJSp4Qi5cHlwl7h5AU7PgK4AY60Vwva5Vnjnsmt7682L9IjZBZmY-5MZxuFpLWo
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2744
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAer7DvKLHQnA...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAer7DvKLHQnA...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzAzMjQwOTM4NTAwMDAxMzc4NDA2MjY5OA%3D%3D&google_push=Aer7DvKLHQnA0PHVhxjv8m8_xsXBev_pWz3u0RFcEA5H_YF_o8bvRVT0urTuAWCQEb010M...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzAzMjQwOTM4NTAwMDAxMzc4NDA2MjY5OA%3D%3D&google_push=Aer7DvKLHQnA0PHVhxjv8m8_xsXBev_pWz3u0RFcEA5H_YF_o8bvRVT0urTuAWCQEb010M09jH96E3_WFGGHt7o0B9ck5VBhXfW4lPE

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzAzMjQwOTM4NTAwMDAxMzc4NDA2MjY5OA%3D%3D&google_push=Aer7DvKLHQnA0PHVhxjv8m8_xsXBev_pWz3u0RFcEA5H_YF_o8bvRVT0urTuAWCQEb010M09jH96E3_WFGGHt7o0B9ck5VBhXfW4lPE
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2744
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAb8Q9KwLrbMjKGi3LXg0rs&google_cver=1&google_push=Aer7DvJvqUaSYf8m46DDQeFzChbvHB-PYzC4UbLmACvV1iv79_CF05HZAIkPIXmQ4Ih13MIsNIjdOED8Pk79NX-TAzudvtb...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJvqUaSYf8m46DDQeFzChbvHB-PYzC4UbLmACvV1iv79_CF05HZAIkPIXmQ4Ih13MIsNIjdOED8Pk79NX-TAzudvtbB2OtuXew&google_hm=eS1qRXY4OTUxRTJwRV9...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJvqUaSYf8m46DDQeFzChbvHB-PYzC4UbLmACvV1iv79_CF05HZAIkPIXmQ4Ih13MIsNIjdOED8Pk79NX-TAzudvtbB2OtuXew&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJvqUaSYf8m46DDQeFzChbvHB-PYzC4UbLmACvV1iv79_CF05HZAIkPIXmQ4Ih13MIsNIjdOED8Pk79NX-TAzudvtbB2OtuXew&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 2744 43 B
351 B 73ms
27ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEHGVJmssy5XMCvT-Xn0I73c&google_cver=1&google_push=Aer7DvJVeQdLN-e29NUeNR-jssF5AV-7QUDzu4qdryqOD98Qfjti-0fsLXx8Mui4cWcGezyuhmULuPOGx3k0kexL0beTec962_MNQOc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=5069350193&adk=2658235593&adf=3173046729&pi=t.ma~as.5069350193&w=970&format=970x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727626&bpp=2&bdt=188&idt=327&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2993714645179&frm=24&ife=3&pv=1&ga_vid=763165882.1679650728&ga_sid=1679650728&ga_hid=1150379931&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=250&ifk=2703479400&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44777877%2C31073336%2C42531705%2C44786631%2C31071264&oid=2&pvsid=135737501720967&tmod=187214551&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.7o09y69gyndu&fsb=1&dtd=333
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:49 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: vmiritohk1jqdcui7b35uahqn8rqiv35

GET
H2

200

report
sync.teads.tv/um/ Frame 2744
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvKX5c2_u4KpTS-oXfRKw5JE3Z_BtJv657v1RvM6ScU1FyJODdJRMaG--PHxxLqN4CgO6ngiLpNwQMTjqi5v78aeoRVn5PkIaogz
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

71ms
70ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

expires: Fri, 24 Mar 2023 09:38:50 GMT
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2744 0
12 B 27ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ILhO8uwg16eGxRDjFC1SzeWSWw58j08GdzUkkpwHv9oM-aBewhhmkgHFXZbR166gBwImTTPA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D2BE 14 KB
11 KB 66ms
66ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a66d2c94311bd31f11ac1745221fbf79cce5d9d7e7aec61e9603ceef634eebd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11116
x-xss-protection: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 98CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEGchAj6bO3q7-HFCceM6548&google_cver=1

43 B
163 B

72ms
42ms

Image
image/gif

185.86.138.152
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEGchAj6bO3q7-HFCceM6548&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGIHsmeIBMAE&v=APEucNVqN64mYBGgmajhiFlwkAqi9j_yqygwkY_FnBFxKuKkFYP8W8T_f9cBDPnzG-A5b_Ope2q74Qt3MJ9p5DGdWecJULkO0UPAr3ksq9WyQystPup9yf8eFudtTavbiKff5Kz5UMDRliGDuTCC5sEsbTPOLacw5szlZStKFsB3bwpaPmnCMAI
Protocol: HTTP/1.1
Server: 185.86.138.152 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEGchAj6bO3q7-HFCceM6548&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 98CC 43 B
163 B 266ms
42ms Image
image/gif 185.86.138.152
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGIHsmeIBMAE&v=APEucNVqN64mYBGgmajhiFlwkAqi9j_yqygwkY_FnBFxKuKkFYP8W8T_f9cBDPnzG-A5b_Ope2q74Qt3MJ9p5DGdWecJULkO0UPAr3ksq9WyQystPup9yf8eFudtTavbiKff5Kz5UMDRliGDuTCC5sEsbTPOLacw5szlZStKFsB3bwpaPmnCMAI
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:49 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 593F 16 KB
16 KB 19ms
19ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:40 GMT
x-content-type-options: nosniff
age: 262870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:40 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame AB63 28 KB
28 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:38 GMT
x-content-type-options: nosniff
age: 262872
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:38 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame BE42 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 738B 0
104 B 202ms
81ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKDHwUub993Agos7UWxHjzA&google_cver=1&google_push=Aer7DvI2sJ1DW3YiM0gD3JO6iNqlwooc_2YckdkXK86v6dLBlp2V6OebovtDe_7sbt4fmBRBF6FP9-ym90YRVRhhRV9zlLXpBlXChjE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 738B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEKt-mVyXw95TgGI1jhVORiA&google_cver=1&google_push=Aer7DvIS7OCo2TGCkDqZCqK2Ha-hOjZikzlxBm8fGlsoud5kBP4r_ssDYZuOfazgTheh6sOT5PiMVo9YGHMJZexR8a2KCfE6raa6ViQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38E4F25D1E4F41F687FB0B297861641C&google_push=Aer7DvIS7OCo2TGCkDqZCqK2Ha-hOjZikzlxBm8fGlsoud5kBP4r_ssDYZuOfazgTheh6sOT5PiMVo9YGHMJZex...

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38E4F25D1E4F41F687FB0B297861641C&google_push=Aer7DvIS7OCo2TGCkDqZCqK2Ha-hOjZikzlxBm8fGlsoud5kBP4r_ssDYZuOfazgTheh6sOT5PiMVo9YGHMJZexR8a2KCfE6raa6ViQ

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:50 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38E4F25D1E4F41F687FB0B297861641C&google_push=Aer7DvIS7OCo2TGCkDqZCqK2Ha-hOjZikzlxBm8fGlsoud5kBP4r_ssDYZuOfazgTheh6sOT5PiMVo9YGHMJZexR8a2KCfE6raa6ViQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 23 Mar 2023 09:38:50 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 738B 70 B
264 B 45ms
42ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE9yAMIv1Tx4WXXMxuPHd-I&google_cver=1&google_push=Aer7DvJRd9hk2V3rOAbSHfOfBWAm5fO5JPd_rbPBkTVkGHOFTDBrauhG_Dh6ut4eso6EwUN7P1pXLrqxUxny6HoiKpswMMH60ZoR6Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=9780134286&adk=3718468712&adf=3173046725&pi=t.ma~as.9780134286&w=728&format=728x90&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727725&bpp=1&bdt=258&idt=449&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3475047514032&frm=24&ife=3&pv=1&ga_vid=1769861502.1679650728&ga_sid=1679650728&ga_hid=1089162798&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2181590528&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44777876%2C44759876%2C44759927%2C31073099%2C31073270%2C44786632%2C31071264%2C31071268&oid=2&pvsid=1012824931882618&tmod=881605232&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h48pzvx2oom3&fsb=1&dtd=454
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 738B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAyDDerd7e_nZqGZJF-13ZU&google_cver=1&google_push=Aer7DvLYzD0g1iiOxN-Dlz5fJz3prNOjte2BMVMmN4owDxZCTzx6mjKec9NHRJxShYricIkSl09rlK1bpD8...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLYzD0g1iiOxN-Dlz5fJz3prNOjte2BMVMmN4owDxZCTzx6mjKec9NHRJxShYricIkSl09rlK1bpD8G1BQdnnV0441qou0zOFI&google_hm=TjDaOKJuTvqAGTZN1...

170 B
188 B

33ms
32ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLYzD0g1iiOxN-Dlz5fJz3prNOjte2BMVMmN4owDxZCTzx6mjKec9NHRJxShYricIkSl09rlK1bpD8G1BQdnnV0441qou0zOFI&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLYzD0g1iiOxN-Dlz5fJz3prNOjte2BMVMmN4owDxZCTzx6mjKec9NHRJxShYricIkSl09rlK1bpD8G1BQdnnV0441qou0zOFI&google_hm=TjDaOKJuTvqAGTZN13OoA4Q
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 738B
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-...
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google
https://x.bidswitch.net/sync?dsp_id=119&user_id=5124322325586237356&expires=30&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R6qLddSAnng&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R6qLddSAnng&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvK396XQhIFKnqqGEb-iFpzg9--RHgcSQ6byV0dWyjC5dnOqq1Mqyqqq2paXJ5l6-dnxLk8vETswnuIkP-2_hh5R6qLddSAnng&google_hm=bAJi1WUdQGK9jKR9-PZqAA==
date: Fri, 24 Mar 2023 09:38:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 738B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

40ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJPOLpxkGOZyNDK3IfJJY1nX9CF82eRRwnZqvdIQkG44OkxBK62kDeDqq_ldV8yeufnMyYYyk1Tl1YI3dGBiPApSPaNEAwUogY

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJPOLpxkGOZyNDK3IfJJY1nX9CF82eRRwnZqvdIQkG44OkxBK62kDeDqq_ldV8yeufnMyYYyk1Tl1YI3dGBiPApSPaNEAwUogY
date: Fri, 24 Mar 2023 09:38:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

report
sync.teads.tv/um/ Frame 738B
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvKQw8VEB8cRj4rYLpabV8go6MkFdDmHrD-uf4LwDeJcb-uv5QSfNAta88bnCMBATSJBvtLwcafSsdB2LdIkEhVgl5Zc19phtvNo
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

62ms
61ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

expires: Fri, 24 Mar 2023 09:38:50 GMT
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 738B 0
12 B 28ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kibf2zOkqlrWfIq6QciUdld7tIFT3qWsvUYVKeQghT4c1bqK9AgPZ9zBxdPvg1asb-DCVxyA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3144 14 KB
11 KB 67ms
67ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2da86afb3b9bf7434c854f859a918567212286f93a802c14597acc2cd2060ea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11152
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4E52 42 B
64 B 54ms
53ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuklly7eraByHEdDk3ITz79qam6MKI_lIf1FVrLiXlebfp3_dsj8_vHL9H15mGSDDvn7jZwH9DjL71Qj3WI7nyLmbkIKUPGEC0UcWzqlouqWWKKJyUd&sig=Cg0ArKJSzHkefqp9odNiEAE&id=lidar2&mcvt=1124&p=418,1035,1018,1335&mtos=456,1124,1124,1124,1124&tos=456,668,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1553110440&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650727375&rpt=1738&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame FA46
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1333404/69076802/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16627720464&bidurl=http...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

39ms
39ms

Script
application/javascript

2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 18:43:35 GMT
x-amz-version-id: ml8sLXd95uD59cm.BnrTx99uclgxfFZ2
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 226516
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 21 Mar 2023 18:43:33 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: QQ2jgRuiCKcQiOMFj-4hKVrUAb9ilW8TIK56FeqHoEJF1bW8o0Cobg==

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6F96 91 KB
23 KB 107ms
21ms Script
application/javascript 2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15876154
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 9pYpHYIs8gj26OgCHSIkfxn8n14-d4k_LC0eZx_yD5B95_THJhUF7w==

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 4106 3 KB
4 KB 87ms
38ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.35/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2355
x-guploader-uploadid: ADPycdvK0i-nNNMv3fNeMFP8ktxrB0s9Rxn1yHxNJcTu0YzGgL1oQ0J5-KUL8U_oIDMeEhRvKXfkGwmOw_rmBs79tac
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FA5gum%2F82Vo3ZQfOqUHDi9ylXAU2GDuuHjXs%2Bprx1DKlj1xxHFlsvS24TdoWyGAbtnCvZXKx14DbYksGvIux6rQEgokGw1bCRofHCnm%2BnNRWlYU%2F5iXbIQysLD%2BeMKtBqKq7tCUAfP4J1vEAvrlhoqTT"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7acdf1893cc39247-FRA
expires: Fri, 24 Mar 2023 09:59:35 GMT

GET
H3 200 7669675762607249920
tpc.googlesyndication.com/daca_images/simgad/ Frame E40C 8 KB
8 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/7669675762607249920?w=180&h=360

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80bfbee189e13831ea39158324a0397a2718547843453c42916d55cc28fb30d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 07:53:20 GMT
x-content-type-options: nosniff
age: 92730
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8264
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 10:26:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 30 Mar 2023 07:53:20 GMT

GET
DATA 200
OK truncated
/ Frame E40C 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f81c2ce40f0e71819182a4d4c72300ee2cb0e690e537e4e68bafc6a8c900570

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 2087828980973800721
tpc.googlesyndication.com/daca_images/simgad/ Frame AD24 9 KB
9 KB 94ms
94ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/2087828980973800721?w=180&h=360

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cfba95bb449c14585a7f3495536a09c40266b422e942c3c8be4ccb0d74587c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9518
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 10:27:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 31 Mar 2023 09:38:50 GMT

GET
DATA 200
OK truncated
/ Frame AD24 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b18cb4c5b0084b16c8506f0a8af0823cdac6cf1dd43f8eeb129b49314e2db7b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D2BE 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:50 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0C0 0
22 B 54ms
53ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8602216624694&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0C0 0
22 B 60ms
60ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8602216624694&version=m202301230201&ct=77&x=1&cor=17528183328642312000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E0C0 15 KB
11 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CxIXcXDf5X_UVqfxFzKADsXqeuyVAhongiXNi0ZPxBPeVqX6V7ST-oJLgUY3Uv9mz4jluwr9qfhanT6SQw4oJNeUM8WEfLX6VR7gzjf5iP-KHpJuL2xnNYlnXIO6IspayfGhUO8I6nhWwUNh7HXPK_xSyOJvJyPbEAn1sB4q-_V2PyZBM&cry=1&dbm_d=AKAmf-Cy03gRi8yb7q21u8eW7V8J42JOgm6Jdb1pJV4sUKPRA1enu1RrM4_3Q3W6UKBzzQQCq_WwHl4kYvCH47LMPlrvH37yoHgebPzG868_vFACNFgxb9WK-YoPXSM-n2bIL4RU_7qtKrFr7fEYb7_bgQq5kWyXMizrM35X69sKzASlW1LhjW2GHZRdZ9Idyq2026IeD-zlxVRy5Sr7nbeJgTWgm4Vke1zcr3po72-5-mItDeqHf76JOIaU1us5a3132dDpqqTgPvglRMzRPOeSQa1PKpuAqq4YxlrJZqIcr6_nLoTp-5FoQqNThXC-l7jkCKOhoX87dqPB1r0Sf2Yg44QbX8qlz3ZbwVRYNBNf7k6Pv7ngLGJVMmx9sKNZY16HwyCBxBsnwnVDtCKQgPRXyRXZWVMZqfe2pfE3tShpVvHZCjg3K8aqXvsET4eMw31UKapRXijOoSqC75a7MJo5XuEV9H5nIBn-DTXWEitCk4gOaFBu7XmXeEAuUox2mOmp1zRUE4iDDRO287rYw5qJnQd1ngxHua1evGhYdehoYMRQRR-mLsUynWViYMqxC0sBFN-du3fAkSr_g7ZQv3CYibIv30na9AhXn6fY5UdlFzy1BmCDqOrf5vVznJj61_wA0sB2OlDMctXft2hy9_DYsyVaHt0D1AbKPfnnjtybm2oMXiZCZ7qE3UtHlZ1NR8b552dDt-eeNFC2fVXAsXWdDvY20ANPtXZR594zVd678F_IrHpaiRgxgbmSv8tDGHzClwP-T_xG7bspGvxJGA8E0gG6PS0lPTs6JG0NQ5i_z-PaE74TGCUlhhleBqn-iuoldZXNn03BcCKrsNmpZJeI2nmrHA3Dju91EKAX_PQf0wOLgxIFYmLsqVhWdsAHSJL9sTybVwVpH3VzKC627vDTjL-KzXztfni2YbbidZbEZH-jtfonM9CaE_RzVWMdpdsZmxnvcddN-9olwcBAGjyUBZBW-30dnf1vzCghvytwSPc8Us49oU8aBvZTG_TxSqcwfZ0nBf1So9I2Zi7ghfWYGT2MsVQPz8mgMEo_mD8uOWDas1akHEF3pPgleNV4qcIymGXw8TQwKdyqxqW88OsGaV0bcGWqKiRRGvDu7hPXY7E6pkk7T_76j3aTOdOAIejhA-I8CbyAwPKDjV3_fY2iNz17BCAP4FBffwHEOq_0MXrGWDI6ftUXszOS-s9vmZ7CI_0uHNXX-W-v1hSmyZ880Vh9PoWimK9fwxYz0XoXm9-6wqWib0LQYUfUZWKImjSGjvx2lz4tXXkk84EXzkZJTXLN12D425-SF-r4eBbt2cgekFG5_KBSUy_PKWH98h7EWMBOcJnh8QGsmHSLTTFlj6G3AuMkwJZjFvByPuPuRbWvLSZFarTGNrgvvm3YJ6_omBGpNpt5zut47O8kogdotQhxbMZKkZ4CkF8fv46f39nhVa3WPqxF3DjIQHQgvkddXu1DrdhBbh4QKyS8eUeaUqXc_Jlf7-dckmk8mJCpqR3WSPifk55t5CGOG7JhoLUwnzLbVarNdM920li5Uy3dMFEmSH9niSh1RaVegM-H0NqkEzJ1_qnioyIekykScmxHLm-we8eBnj9xcNT1Z3bioGoNPP8sjBDSqoN0eMdN_BXavGThymw8wYNv9EzmQay19VmPDs9RLGxG4Bx8pZFc07cP_nNG-5ybL0N2D0DFdhrgBuwyqwLTlNGjq4M9bCX55kbQ8cC3BAL2glHH24xwYDpkVa3FZcuKFgXYaM687BL9Qe2rUvD7oULVTdH1lzQFlxjpL1u-FwffbH7OAPrk5v355dAkNGa6aabE6zDTShTdXUiwFV26vfeERqpgO6y6vYeRkzoZDVviurEXY6axGiCmZ3krVovrWCjbjUPjvXJInF2KsugYP9tjwdOi2BZo-0xxMn68WPdlFtCVKvRbbwN5ApRKABbV882AExKF56D7pH7bLpK8R9tUAJODH7aNXwJXz8Jss7JTQrUrJYK8QenUbuVwckx52qeZffygux55YI67yWpfYKScSr673CzSIBeFJHAb3S88YfAYoVOBX8IYgN6409t0u7k0elpD8JQ8s5io8G8bnm1z4oXgF99eCLhoHRWv451H5UYOIo4HJeEwJP-VdMwh4igZNlOzfedFsxEK-_smg_GbaSUNNS_1ZjAVHTE4UPaQKqYg8GT-E_9dxCzOPlHJzeqUZi94eIXMb0lFqr5loYuYEAJvYUxZ7GmfeMAAa2Jnet4abLxcGfafmxN4X0MS-Ndg9-KqMsm-hNdUi2ys-7BEvUGkBfhCusuHo65p_v37W4EmsZ1Y3c6G_XYIFK28JI7539lqsx1hfH9SemTVEsEWDrq-bu63B4HMn62BwgJCLVHzKn79lsS4IVlz4F2JpMCnuMmUDhML4TQaczZ5P3Y2gWDhQNhvNudNihxfG89LC2JqVrgh6BMhqdcpBWGpZHTIK94RB9DPCWaw8BbYOYNdFfHIO1BOCZh9uKCtxLTRpnztU9b-s2wtuVEqmYsG0t3AB34YoyfhDRssuABjSKWQ6etDEJ-Oj3BZYHxF2tJXyIAscav99s4mS7aLHRyhBnlf9Mk96qJiKwah4y0szSzepJkMNB6dgPqpvllK1OQcjRI7HUfkzCDDvy7ACRWiCTmifKMLAHR3WysYUvBgwe9tTcIbwL5ewv4-okR9RtfRqZL3XkqFQjYlS4lQ2I9LCRZ70R7JhH-j4Sy9awtU3L3_H6Lj1iNBanbDtQBC0sBVp9JdnDJgRYQdY4TRm6XISHtDjpBoMvXpKnDi7SamH7LNYKdEsZSdlS2tRb96qUlgm01VOL7UUuWwjc5eD5E-uZtr0vo938NvjanKX7G-wK5I1ONMI_c8QiH_D1UIJapztQgWCEGrD2pEgYHor3BufQZVtrjXwFmUXtPkfCQktiA4mAHt_5vELP4CpYs5wrjV0YY_TlkKtojzpecvewqQELzBUjVZ-2kL0i6oi-fHCtJR5hFs04HkOaLb1zJDNjquedwHDOKsoocJr3gfo_i22nPsRrUQF0LvCCWUdhM5O_MhPRyQveY-scbUFYD3zO1PmXtt4RiwdOvpdgd-R10b58vvQJmKKCKHRU6miVfDAsZtoi8OmmPCnjB-K1PdQ0gtmQ38MtE1lHH0IdhE6tKjuBpAn4ENFEItlPm_ivfWgk5hfqXm8sUAaypiz6tCx92hvK-HrQ204hP6L3bcD0gZlABOQVwqmHsI1piA-qY&cid=CAQSPADUE5ymr8pFk6Yz_-wUKKqERjjL2u3IXxRakoJiTiLbtZVhhwClMhz15ZruqM7T2qk-DXaiuBPqZwmBZRgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co%2F&ds=l&xdt=1&iif=1&cor=17528183328642312000&adk=2265872549&idt=91&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5323f7f140aaabca00b3e80d9b8adbdba6b38c60caac8ee35cf3b8ecd252090c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11188
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame B418 70 B
264 B 45ms
43ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE9yAMIv1Tx4WXXMxuPHd-I&google_cver=1&google_push=Aa02lx_OQ-aS9xGlbj-DED3Uy3u7stDFH6BtA5HLwRhBb7X8wa4GCiKHOFX6IVSMIWIRuRfkvHb9A9_k6Md7EEZH15KMN9Opjc1egKE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=280&slotname=6032460967&adk=4050463280&adf=776186313&pi=t.ma~as.6032460967&w=336&fwrn=16&format=336x280&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727788&bpp=2&bdt=304&idt=575&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3584592226481&frm=24&ife=3&pv=1&ga_vid=1763829273.1679650728&ga_sid=1679650728&ga_hid=1632274528&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1654548738&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44777877%2C44759926%2C44759837%2C31071756%2C31073311%2C31071264%2C21065724&oid=2&pvsid=4112785457605545&tmod=526185039&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.vibzbo7sttq&fsb=1&dtd=579
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B418
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEFxEBma1gDDqi1T7F8yZ2OE&google_cver=1&google_push=Aa02lx92xF65PyLW5gUVskAO8FlMJjuHn55RXm83eW3W-1Dia8e0Tvkdrz33wbSmr3HtZAdvKy6eFr6fztUa63tFWIE-BhTNKYwslw
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=Aa02lx92xF65PyLW5gUVskAO8FlMJjuHn55RXm83eW3W-1Dia8e0Tvkdrz33wbSmr3HtZAdvKy6eFr6fztUa63tFWIE-BhTNKYwslw&google_hm=Q0FFU0VGeEVCbWExZ0R...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=Aa02lx92xF65PyLW5gUVskAO8FlMJjuHn55RXm83eW3W-1Dia8e0Tvkdrz33wbSmr3HtZAdvKy6eFr6fztUa63tFWIE-BhTNKYwslw&google_hm=Q0FFU0VGeEVCbWExZ0REcWkxVDdGOHlaMk9F

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:50 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=Aa02lx92xF65PyLW5gUVskAO8FlMJjuHn55RXm83eW3W-1Dia8e0Tvkdrz33wbSmr3HtZAdvKy6eFr6fztUa63tFWIE-BhTNKYwslw&google_hm=Q0FFU0VGeEVCbWExZ0REcWkxVDdGOHlaMk9F
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B418
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDv9JrCLTN9zoqXivAsMNE&google_cver=1&google_push=Aa02lx9MAJGgl5kx7oaYzloFxLz0tzhFDW4z1Aw-hjb9_yYgv6R7P-JDmWPy58PL3kceCLps9ePtq7AcUulXxumZ...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aa02lx9MAJGgl5kx7oaYzloFxLz0tzhFDW4z1Aw-hjb9_yYgv6R7P-JDmWPy58PL3kceCLps9ePtq7AcUulXxumZ65Xp-nq1YDkE8g

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aa02lx9MAJGgl5kx7oaYzloFxLz0tzhFDW4z1Aw-hjb9_yYgv6R7P-JDmWPy58PL3kceCLps9ePtq7AcUulXxumZ65Xp-nq1YDkE8g

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:50 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aa02lx9MAJGgl5kx7oaYzloFxLz0tzhFDW4z1Aw-hjb9_yYgv6R7P-JDmWPy58PL3kceCLps9ePtq7AcUulXxumZ65Xp-nq1YDkE8g
x-host: tde-deliveryengine-production-86c874c4d8-5kvn9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B418
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAb8Q9KwLrbMjKGi3LXg0rs&google_cver=1&google_push=Aa02lx9EiTYSqDR2ZswmniTa49xXdo0lA4uYqKLCBDRXFdHkFhsFuuH9F0wl9IJ7SsNQHbQkcExIUFqbn7QCkPZZM0TuQf7...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9EiTYSqDR2ZswmniTa49xXdo0lA4uYqKLCBDRXFdHkFhsFuuH9F0wl9IJ7SsNQHbQkcExIUFqbn7QCkPZZM0TuQf7erjqR8Eo&google_hm=eS1qRXY4OTUxRTJwRV9...

170 B
188 B

28ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9EiTYSqDR2ZswmniTa49xXdo0lA4uYqKLCBDRXFdHkFhsFuuH9F0wl9IJ7SsNQHbQkcExIUFqbn7QCkPZZM0TuQf7erjqR8Eo&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx9EiTYSqDR2ZswmniTa49xXdo0lA4uYqKLCBDRXFdHkFhsFuuH9F0wl9IJ7SsNQHbQkcExIUFqbn7QCkPZZM0TuQf7erjqR8Eo&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B418
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3u...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3uJFVEzoho

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3uJFVEzoho

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx_ZxVAa15KX8S1-3X0wPyKD0ryJRkLAcQKcZOwYx-zizmfniU2VeUQW5c3KMXn8ETxudCHMsBNderrqUL6y9ROHU3uJFVEzoho
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B418
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aa02lx9bw8aTMvUJHv8rPx3IeridI2taNqwq8...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aa02lx9bw8aTMvUJHv8rPx3IeridI2taNqwq8_qYAk3LMlB6PVmoOkDpkOKOcg510KRMvpMLLnpI8aJY2rZR6vfb3rcwf3S_xc4i308

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aa02lx9bw8aTMvUJHv8rPx3IeridI2taNqwq8_qYAk3LMlB6PVmoOkDpkOKOcg510KRMvpMLLnpI8aJY2rZR6vfb3rcwf3S_xc4i308
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2

200

report
sync.teads.tv/um/ Frame B418
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx8FYnDbrjttGDVOUM88WltS6K8FfwMISgXd_9JTyvQHvHt_vcyG6VHoYHogqo07b87gPPaEGJyE9iV5xrK4s5xY6aUYggJQyQpO
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

60ms
59ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

expires: Fri, 24 Mar 2023 09:38:51 GMT
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B418 0
12 B 27ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lvy3Z_PBMynsy5DtGM281elYWShNMJSr1om6ABCEcQTxuhchvL2jSh6UBdMkr4u8xuH60peg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame ECF9 14 KB
11 KB 67ms
66ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

287803722ee056b6063bced4efed58e67cb7b856d6ba61d95f1bc6aa6fa6d838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11131
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C523
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

30ms
30ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:50 GMT
expires: Fri, 24 Mar 2023 09:38:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:50 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9066 36 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAE8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
30ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:50 GMT
expires: Fri, 24 Mar 2023 09:38:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:50 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 5774 36 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D2BE 42 B
64 B 54ms
54ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEK-v-KJH-_WKopJfmK3ZFs20Pz0iVg3HDXeT_1WLtsb_aYzc73FHu20raRx3OBFUdYGzNv2o6Zw1ElDCQeuK6W18ER39t2829dT2Z6LCbJHosBolA&sig=Cg0ArKJSzC9q3DeeU2VVEAE&id=lidar2&mcvt=1190&p=138,315,388,1285&mtos=1190,1190,1190,1190,1190&tos=1190,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3560153341&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650727369&rpt=1800&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3144 42 B
64 B 55ms
54ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu5pgULQOoKKLVO4sTywIH_iCt_GMKVUQCjDR_QcotyjuXrs6LljPg9PESHDI4GvOlWagM3M6HvrYB0DuTRMCionGoAvgucpIeaodRsgW9qjmPYesew&sig=Cg0ArKJSzAwtcRf7qxKlEAE&id=lidar2&mcvt=1192&p=1110,436,1200,1164&mtos=1192,1192,1192,1192,1192&tos=1192,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2925822550&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650727389&rpt=1818&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C261 42 B
64 B 55ms
53ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsumPYDXSJdxyVLd5qya6pxZSlfEEIGiQdhZ0XbngEudBryjUIK-AyM-2fGjeXejsnoKrV-omHxd741kgU-B-jwg_mkSP5Wt8z-wCAH0emmT1_3Bq7No&sig=Cg0ArKJSzOjCjwhTvvHPEAE&id=lidar2&mcvt=1194&p=102,1350,702,1470&mtos=1194,1194,1194,1194,1194&tos=1194,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1706393270&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650727385&rpt=1845&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FA46 41 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431969
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 69FE 1 KB
644 B 19ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FA46 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32fd62775e3f6579551434ca7c9722ab27db9635ec8c510b5407b3f054cd91b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/18152685472987497224/ Frame 1B87 140 KB
23 KB 59ms
19ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18152685472987497224/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08995eed2bec2ac358fef4b8da9fa99c2c60ac7f3ce96937783c49c365f9ebbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 185791
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23887
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 06:02:19 GMT
expires: Thu, 21 Mar 2024 06:02:19 GMT
last-modified: Wed, 18 Jan 2023 15:12:13 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FA46 0
0 148ms
63ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuyfRCcBx51or2dNmB8D82NlQqp0k0-wh8oQeNS_BdhcYjC5WN9UEoF-TTbwrLXZrWY1-wBm6c_YdivAmFC40Q3d4gd2tuD-lbuEtgHYSsYZwLxdzBKgtbgmcTRfjaPLDIu1AAGaJQNj0NN0Qqp9A40x9T5opny6Q5J1wIcFnhYFRjjofT8MuAg-dhYZGPMerCfLrSt4m4WJewYdHoSDlJ2zPmJLt2JbTi3-xeM6UHGq1dgrfBlrbCpKSBHpd2QDZ1zBdCA4HXRzNoMRJ4IWko9UlNOXBuL2Y6iSYfeGCM2etXB4ELvqWjIRU13hLThqWdwCPx1CNaPLOzt-9yzjIi0uacrdDmzJWO4rWsjMmsPtz3BJ_ba-9KlqkQRElmj8QLZF_Ryv3nMqHnnQfq4689PlSNRpDHkFCFs6lhJS0dv_s6Qu6WHNuqztmCBrqgpxWv-xPfP_ndxdaKZJDteOBLP4jjAWMsIFJeS1Itd6HWUBiMTyL8Im6WBN8-CLMesHly6K8tvMrtflve4_nTawoPDXd46Rw0wd-hB15MM9SWFNZr0HV6we_x-kEIbcz-2DpRCTGZHwwIIfmHrU6TdG173_AcD-dPTPxTXEimKV2Rv7ubFPe1sl9WND8gBt0QLuV2e12vzkqQX6dTBWsjELCbndigVlPjpAY7Fm-r-0sFx5k3FzB1acSFFAGg5hqP6W9VQyqza-jPu1VqjBRVx20oPRDbCqyOCGDMUImrGTsmTQnJC0azbXh1BEkSFmg5vcgYdDfqAnQhEFkx0xKqQ-K8Oh8mGN64tMn1Q1eokavokOFRkfzdhIUudafnhjDLfoEApY8-LTp59IAuXSAyilYO8JpDpZf1lhCVn95Q-xk0wruRbCcfNNLQoFx--A-9HX5BZqMQoOS-oeYU1TBnjdMl1yy8yhp4TxC-IjNOfqlQa33IDLJvvvc2n2r3uh3iUdDTnNfrdieCVAOYXSrLxI_DEciDoKpZ73rra3-hEvVqVuMCeXgS9L7gQ3ulwt0D_8LHEidPVzXYduh3A-sMKCc95Drfw1_6i782rU_2PkFENzEHPgo562W8Zs4y6Miu_gQgFMgqso7EiL3ffkJXMI1yCGDhZyKf5Q8rVz8bZnYBtGzlDFCUao203gnbPAcJvOXoaBiMQ6f-0ZXMdPpkp3rdeFP8b5sADMs3dxrzeED-dsZI2LqzcaVngd0PIvpmRj6YLgTSE3ESKA4FY1NoJOYByATVOYjVczRD3IdEGrv74MmXd76DY00DQZPUB5OIjMUUO&sai=AMfl-YSnkQn9bx9QsGryVIvm603H75QV87V1hb6Mh3xn6CRR-4csZTWEYG9F-l8im9ypJCl9nEzYLhDgRdAc6jjIdJOH88HC6-264bATIHwGXtTdCR_XnWavlh5VZaIpBQfpcOZRPT7dVoS-0_6dJW6gWzj_sBsNDe-qJYqTL0XUi7AFk6_E6BzHUAxWqehuS7Lr_oygVg2voagT&sig=Cg0ArKJSzJtgN9knr6GtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=958&cbvp=1&cstd=954&cisv=r20230322.03325&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FA46 43 B
215 B 382ms
107ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=b451a4c2-b371-a991-1dcb-74f5825978db&tv=%7Bc:7LOP7O,pingTime:-3,time:244,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:33%7D,%7Br:r,w:300,h:600,t:243%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:244,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B236~0%5D,as:%5B235~0.0,1~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152*.1333404-69076802%7C1521%7C161%7C1621%7C171%7C1721%7C181%7C1821%7C1822%7C1823%7C191%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1c1%7C1c211%7C1c212%7C1d1%7C1d21%7C1d22%7C1e1%7C1f%7C1g%7C1h1%7C1h2%7C1i1%7C1j1,idMap:152*,rmeas:1,rend:0,renddet:svg.us,siq:35%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3144 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FA46 43 B
215 B 375ms
106ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=b451a4c2-b371-a991-1dcb-74f5825978db&tv=%7Bc:7LOP7R,pingTime:-6,time:247,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:248,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B240~0%5D,as:%5B235~0.0,5~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152*.1333404-69076802%7C1521%7C161%7C1621%7C171%7C1721%7C181%7C1821%7C1822%7C1823%7C191%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1c1%7C1c211%7C1c212%7C1d1%7C1d21%7C1d22%7C1e1%7C1f%7C1g%7C1h1%7C1h2%7C1i1%7C1j1,idMap:152*,rmeas:1,rend:0,renddet:svg.us,siq:35%7D&tpiLookup=ao:www.kesatu.co*%2Caa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AC1B 42 B
64 B 54ms
54ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstwbD8O53UVMjtaDuXWPxRr8EmBkZifFdzBlrBBbJJFC5puG0fmaPhycAkrBhy_uUy_URfR63rqkjqQ6AghvYtZ4xtyZaOG10aqqfOpbLnfukis0snC&sig=Cg0ArKJSzIwtyqLWS17OEAE&id=lidar2&mcvt=1191&p=102,90,702,250&mtos=1191,1191,1191,1191,1191&tos=1191,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1074728070&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650727380&rpt=1891&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 87D6 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H2 200 main.19.8.400.js Show response
static.adsafeprotected.com/ Frame B0B8 200 KB
63 KB 21ms
21ms Script
application/javascript 2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.400.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1351698/69475176/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f97a39d86834a134b359233cc1b720a106b910d8eab5a5c28aea34400c6d7ff0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 20:30:35 GMT
x-amz-version-id: 9BUnpPANWGwKG0lesMwpAnHwbT.x8zbq
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 220095
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 21 Mar 2023 18:43:44 GMT
server: AmazonS3
etag: W/"2e8e5f6f251e442e71ad1eeec0beab78"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: zMqOHvPNdKvdTCrKpzf01VF2WRqFriz_3Ds6YxUlcIpuheEcriYt4A==

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 96D3 36 KB
14 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E40C 0
19 B 63ms
63ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CkYkIp28dZKe3FIvHYr6znugE3YKE1Wn_1OuInxC3upah7S8QASD1reSKAWCV-vCBjAegAa2WmtkDyAEBqAMByAPLBKoEzAFP0KCc-D0_6oqJLb3pBGvFqf0gy8w3ymddPuT-i2237cX3nwGjObdJYbwNdMZhc4XuHwEa_kXxpV_0v7srwmaUspg7Z55XjTYIeAKK4J3GZjSeJGQ5BsxNzdsWIHbyRuDeb9iFWck0ND_c5yl2gVDK7A46Nz92cou5V6gr4whYeKB6kmhfMFl2Tk9nbSaPCSM8aO7tBpfEjavIBz42TwEjHjB5BCNGuCdAyEcZIkTvjy6R-lBchs2696fZNT8aayr6rAN3ZeWiyGnwfuzABMz46un1A5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAe76eUmqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ8IYL0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItODQwMDMwNzMwNzcwMTY1MBgA&sigh=_GHbD0-CcKM&uach_m=[UACH]&cid=CAQSGwDUE5ymUUhuONGyoGAduAU4xD5wFPgDl7j2cxgB&vis=1

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame AD24 0
19 B 63ms
62ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnvS1p28dZKi3FIvHYr6znugE3YKE1Wn_1OuInxC3upah7S8QASD1reSKAWCV-vCBjAegAa2WmtkDyAEBqAMByAPLBKoEzAFP0K9foGj2uVSntyL_Dg2g71AXFEGmDJGeJ-AezoOZQVw4LcGUieVZJ34RHEwUyqq7GcpgdGFzKeUkXsYJoySBT02f7PY693ywd_rm2SEbtjKED1jTU1PrPAoPYZN9K3LJgz1SyjCAvneviO65Bas3Wujc0BHohN7aIjIkPhn8cmPucwg_mL5fPEe_NJMIOqCuul3ZvGyiarFvbSraMOyMeh5wdVHjDYlGvShZAiYZpPHad_fscTSJ01sPmrRmlD2llfRcQOsA-BXjGLvABMz46un1A5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAe76eUmqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQutcG0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItODQwMDMwNzMwNzcwMTY1MBgA&sigh=GBlxhc5IYks&uach_m=[UACH]&cid=CAQSGwDUE5ymUUhuONGyoGAduAU4xD5wFPgDl7j2cxgB&vis=1

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD2D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvK5PG0DDseFyH-p9XSR9HhlyEGrEuWhNKYx9LxhYqD...

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvK5PG0DDseFyH-p9XSR9HhlyEGrEuWhNKYx9LxhYqDoZdNag4IhHrL0gR8HKuV7FNh5RW26gPJ7niAZhrt3NkTjCphlHIFC2Rg

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:50 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-09a32cc2c473a3db5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvK5PG0DDseFyH-p9XSR9HhlyEGrEuWhNKYx9LxhYqDoZdNag4IhHrL0gR8HKuV7FNh5RW26gPJ7niAZhrt3NkTjCphlHIFC2Rg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CD2D
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzl...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDD...

43 B
439 B

208ms
197ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7acdf18dc9983732-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 153
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvJHAFNFu91V5Nm5IVTHF3IwwyayTswTk5oNs19cGEUXQg2wsNtAEx3WUWiuj-GquZqOhb4KnTlXNgCvTL9Sr0Ti-RbaiDDzlI8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7acdf18a7cec3732-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD2D
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvLl-OUrW_H-XXyDXXnyMxkZzyq41r-5iIAR8eDzAE6JzOjG98OzzbH2u7z3-5iU8piKCTehKjEq_GothV...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLl-OUrW_H-XXyDXXnyMxkZzyq41r-5iIAR8eDzAE6JzOjG98OzzbH2u7z3-5iU8piKCTehKjEq_GothV-4zE...

170 B
188 B

40ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLl-OUrW_H-XXyDXXnyMxkZzyq41r-5iIAR8eDzAE6JzOjG98OzzbH2u7z3-5iU8piKCTehKjEq_GothV-4zECKvmJmelst3eE

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLl-OUrW_H-XXyDXXnyMxkZzyq41r-5iIAR8eDzAE6JzOjG98OzzbH2u7z3-5iU8piKCTehKjEq_GothV-4zECKvmJmelst3eE
Date: Fri, 24 Mar 2023 09:38:50 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD2D
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDv9JrCLTN9zoqXivAsMNE&google_cver=1&google_push=Aer7DvJttvtC53tFXvYMtRJq5labTeKQvWZubzYn5bV6N5lvdQIJXLeoFCoGVpLZwbR5ES8FKG8DsRMS7MaZGe1H...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJttvtC53tFXvYMtRJq5labTeKQvWZubzYn5bV6N5lvdQIJXLeoFCoGVpLZwbR5ES8FKG8DsRMS7MaZGe1HKNwIgNlsrNPTPGY

170 B
188 B

40ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJttvtC53tFXvYMtRJq5labTeKQvWZubzYn5bV6N5lvdQIJXLeoFCoGVpLZwbR5ES8FKG8DsRMS7MaZGe1HKNwIgNlsrNPTPGY

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:50 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJttvtC53tFXvYMtRJq5labTeKQvWZubzYn5bV6N5lvdQIJXLeoFCoGVpLZwbR5ES8FKG8DsRMS7MaZGe1HKNwIgNlsrNPTPGY
x-host: tde-deliveryengine-production-86c874c4d8-5kvn9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD2D
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aer7DvI_f77ZM3OYEnYIY_O2XSiZZ2oTwiMtwFgJSMZGGDgE5NFer2Zr1ZQSq-qeVOkO6iJAFJQkyHh8EVsvZmhIg6vEE9J...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvI_f77ZM3OYEnYIY_O2XSiZZ2oTwiMtwFgJSMZGGDgE5NFer2Zr1ZQSq-qeVOkO6iJAFJQkyHh8EVsvZmhIg6vEE9JiuCGTDAU

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvI_f77ZM3OYEnYIY_O2XSiZZ2oTwiMtwFgJSMZGGDgE5NFer2Zr1ZQSq-qeVOkO6iJAFJQkyHh8EVsvZmhIg6vEE9JiuCGTDAU

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvI_f77ZM3OYEnYIY_O2XSiZZ2oTwiMtwFgJSMZGGDgE5NFer2Zr1ZQSq-qeVOkO6iJAFJQkyHh8EVsvZmhIg6vEE9JiuCGTDAU
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CD2D 0
12 B 36ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I1oBDndpazeHi_5AR53AgoBzEaD2PizJW2oKvgUkwIJylG6Ytp9zx5FH0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2E2C 14 KB
11 KB 68ms
67ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d28bbdf62a792cd8baf45314d7d9112bf77f44768da5e1d4e8225d403244103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11048
x-xss-protection: 0

GET
H3 200 frame.html Show response
ad4m.at/ Frame 8C7F 2 KB
1 KB 32ms
29ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54568
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7acdf18a4ab62bdc-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 24 Mar 2023 09:38:50 GMT
expires: Mon, 27 Feb 2023 21:37:06 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AE%2FGZLn8wdWtoYdQr4sKqnoNcwErIefnttNVD0AIEdHLRVl0ldLSxnBiSukB6ZVV8Sqv982yrC2%2FVElfZpMexon7%2F0%2FGAH7bnP8rKIJ0UcSKQffh7sPyKnVs6aGTIdCIT3H6ue0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 8 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdc8bbdd768967d967bba96cf493094ba2187f0201c78e5780ad718cd4f62a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 422531
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2844
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 12:16:39 GMT
expires: Mon, 18 Mar 2024 12:16:39 GMT
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D934 0
0 63ms
62ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst567lh-jZF_E5EvbBs3FD-J6IAISm926NBaJ-pQ7dIHvJ3s8eq7xgHC2H-tzpdCjP7dlxI-GN718oGI6hIvw3MXncip-STm1dEnd1WzULNi-eAtL9PXMw78tGR--kvWOHaGHFOCyXGyTO2eps7lOVkentS409ePNBx8nZBpZQG79V2FmuGwu2fmMHhJS5hY5iaUiLP0qqRMIKMqgec8K1e8ZOGh0af8wNfvaeDCl_0Cy3dCzhRVAgdymLfk41SMHGlFkg3YJHnxOQumMSD8hVAZh_qvVruxgzf4feGCVa8MNOMNsmZvK6LALKBYtR8AGiJJssZ9R_5K3gr76xr1Ek96ee1VSQZxNsIlUcd65rdMnGUxZmetekL8cQPb-qCZk-whGODtddkl-M_qXyEYqz03X3Ogu7FB24fzgvyASRPUoZ5l-Zcx4piDyHExpLn93aAsyUGNQmu0wIeuDdpHLSS0o048-E02dya4B6mD9TJMOyWrE4KLARoF8Baa-uo0hJ0MwNJvIbv3kdguj9AU5SaFN0qq4ozxz6z5-bYBszmyM9aJTL1VyqIcs_ZrH7_PFmgCUEyx3A2Wcf2Y5EWhyM02Z_IjsYoCFBP44fEm2Bq1M3WIDNQ4_SeVteafDxTYQ3TS6lntODIRNAzj3wCECTexK1G-vSTPS-hj_Z2NuAGn9c0knnEXaL7_h1w9q9Ov8smwUF5TBLEGi0_HSsCCOIUXalB1jF8vdaR3sZCTEZJ_60DUYDnvVXzd-IbPi9n2VilSnZMROwHFAT92FfHK-j1pquhk_EQomkv0oEIP2HD_TUiLdCp1fJYs21cVknL4RC3m3N7MIkaaJSHkxO-ZIp9o27wx2L5yTQV4adEXtoLLnExRJFICnRtOejDby_Fp8wREZs8JfTr5WR76oTaK47N1lAQrT7nWr3JgBg-cQq3TyBqOs1SIdir0Z_2YUIN8MPqIDBZTSfad0fKayTCq7PP-mkeJNsL72IY7lwLPg1hu58-9-0DdWObY2oZ8JwVdMTBZRIlwk7BPTT0sl3J0NDaC_O6E1Hm3Dk0R9uX99RRQcbKU0WM-qKqCKsasTh3Hw24A8nZHPd5mauI8kZ8OLg8d2ZpOeCxjg9Mox-2bewaAQxjxnuktzpKEPX15tyWKT2ienGXunoOLjXGtqaJQgmvlkbWkcPqfYSHthrme6PG1MWQ0ielM6eC_DF7Fn9VQo_NV6w7MZ-jc_Z7CzN4I-0yKHQSEhy-GuwF1TtLZg&sai=AMfl-YQpZpQlF1TH9J6O0nKQ24l8bQWH6mTGP80xyYRZ4fD-eju1cXoB8EuZnEn0Fl4L2XVkcR1ZL6KJKI9wsr2xp2ljGwxNtxKPhQiNr9hq48-JFDkQMDIr-KGQw6YD42e7-uEdKK-Y3DTAh1GN1XbHyJICNA5_UaJDBlf69LN8EFTWJZD_IbZ1TT8Ia5PBs3yiozpvvDNAPo4A&sig=Cg0ArKJSzDrGVywsbAQ6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=548&cbvp=1&cstd=546&cisv=r20230322.18736&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:50 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 2779
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1333404/69076800/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16627720464&bidurl=http...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

18ms
18ms

Script
application/javascript

2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 18:43:35 GMT
x-amz-version-id: ml8sLXd95uD59cm.BnrTx99uclgxfFZ2
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 226516
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 21 Mar 2023 18:43:33 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: owYGnAZK_Wh7ljRusplsBsCm3nsrBQZnY8hCnlaG2Texxpfak5xeYA==

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8F06 91 KB
23 KB 19ms
19ms Script
application/javascript 2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15876154
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: Pabv0tH6SDKDdLQ8YxRHynESW_1bQMBS0tJY_LkJXLHH7Vg872lcIw==

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C77 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame BAAE
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1333404/69809932/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=27496782&ias_pubId=pub-8400307307701650&ias_chanId=1&ias_placementId=16640277530&bidurl=http...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

20ms
19ms

Script
application/javascript

2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 18:43:35 GMT
x-amz-version-id: ml8sLXd95uD59cm.BnrTx99uclgxfFZ2
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 226516
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 21 Mar 2023 18:43:33 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: TvN58xGnXUKIrhugKaspC1G6OTRv_JKpxgu01_SDWWz1iM5hAzXxTA==

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame DE8F 91 KB
23 KB 19ms
19ms Script
application/javascript 2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15876154
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: q1Y5y8ROl6q6RwA97z6lrjyWj99RuaznddzUtDIZkr280p9lZ_ziQg==

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 79BD 143 B
166 B 20ms
19ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 08:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C456 1 KB
644 B 20ms
19ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame ECF9 17 KB
6 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 5726 36 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FA46 43 B
216 B 129ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=b451a4c2-b371-a991-1dcb-74f5825978db&tv=%7Bc:7LOPbR,pingTime:-2,time:495,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:2189,beZ:2191,mfA:2193,cmA:2195,inA:2195,inZ:2201,prA:2201,prZ:2214,si:2224,poA:2226,poZ:2250,cmZ:2250,mfZ:2250,loA:2437,loZ:2441,ltA:2685,ltZ:2685%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:33%7D,%7Br:r,w:300,h:600,t:243%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:495,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B488~0%5D,as:%5B235~0.0,253~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152*.1333404-69076802%7C1521%7C161%7C1621%7C171%7C1721%7C181%7C1821%7C1822%7C1823%7C191%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1c1%7C1c211%7C1c212%7C1d1%7C1d21%7C1d22%7C1e1%7C1f%7C1g%7C1h1%7C1h2%7C1i1%7C1j1,idMap:152*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:svg.us,siq:35,sinceFw:459,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1B87 29 KB
10 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56019
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 02C4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
30ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:50 GMT
expires: Fri, 24 Mar 2023 09:38:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:50 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame E4CA 36 KB
14 KB 21ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 60D3 236 KB
63 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H3 200 TEF_o2Business_23-01_01-Relaunch-2023_04_Traffic_120x600.js Show response
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 14 KB
3 KB 30ms
29ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/TEF_o2Business_23-01_01-Relaunch-2023_04_Traffic_120x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2747415b1a508aa262c4ed4d65b69130483d31d67f116cc3fa0aa742598d47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 422531
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3450
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:39 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2779 43 B
215 B 106ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=1ac97e93-c9cd-dcda-a5e7-06c9907ef04d&tv=%7Bc:7LOPcD,pingTime:-3,time:244,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:244,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B239~0%5D,as:%5B239~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi87+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192*.1333404-69076800%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:192*,rmeas:1,rend:0,renddet:svg.us,siq:36%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2779 43 B
215 B 112ms
106ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=1ac97e93-c9cd-dcda-a5e7-06c9907ef04d&tv=%7Bc:7LOPcR,pingTime:-6,time:258,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:258,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B252~0%5D,as:%5B252~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi87+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192*.1333404-69076800%7C1921%7C1a1%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:192*,rmeas:1,rend:0,renddet:svg.us,siq:36%7D&tpiLookup=ao:www.kesatu.co*%2Caa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2E2C 17 KB
6 KB 39ms
34ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BAAE 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=98d03fd7-6b5d-bd01-3e63-487ce7b9676a&tv=%7Bc:7LOPdh,pingTime:-3,time:213,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:213,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B205~0%5D,as:%5B205~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi87+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1a1%7C1a2*.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:1a2*,rmeas:1,rend:0,renddet:svg.us,siq:27%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BAAE 43 B
215 B 135ms
135ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=98d03fd7-6b5d-bd01-3e63-487ce7b9676a&tv=%7Bc:7LOPdj,pingTime:-6,time:215,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:216,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B208~0%5D,as:%5B208~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi87+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1a1%7C1a2*.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:1a2*,rmeas:1,rend:0,renddet:svg.us,siq:27%7D&tpiLookup=ao:www.kesatu.co*%2Caa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E0C0 41 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CxIXcXDf5X_UVqfxFzKADsXqeuyVAhongiXNi0ZPxBPeVqX6V7ST-oJLgUY3Uv9mz4jluwr9qfhanT6SQw4oJNeUM8WEfLX6VR7gzjf5iP-KHpJuL2xnNYlnXIO6IspayfGhUO8I6nhWwUNh7HXPK_xSyOJvJyPbEAn1sB4q-_V2PyZBM&cry=1&dbm_d=AKAmf-Cy03gRi8yb7q21u8eW7V8J42JOgm6Jdb1pJV4sUKPRA1enu1RrM4_3Q3W6UKBzzQQCq_WwHl4kYvCH47LMPlrvH37yoHgebPzG868_vFACNFgxb9WK-YoPXSM-n2bIL4RU_7qtKrFr7fEYb7_bgQq5kWyXMizrM35X69sKzASlW1LhjW2GHZRdZ9Idyq2026IeD-zlxVRy5Sr7nbeJgTWgm4Vke1zcr3po72-5-mItDeqHf76JOIaU1us5a3132dDpqqTgPvglRMzRPOeSQa1PKpuAqq4YxlrJZqIcr6_nLoTp-5FoQqNThXC-l7jkCKOhoX87dqPB1r0Sf2Yg44QbX8qlz3ZbwVRYNBNf7k6Pv7ngLGJVMmx9sKNZY16HwyCBxBsnwnVDtCKQgPRXyRXZWVMZqfe2pfE3tShpVvHZCjg3K8aqXvsET4eMw31UKapRXijOoSqC75a7MJo5XuEV9H5nIBn-DTXWEitCk4gOaFBu7XmXeEAuUox2mOmp1zRUE4iDDRO287rYw5qJnQd1ngxHua1evGhYdehoYMRQRR-mLsUynWViYMqxC0sBFN-du3fAkSr_g7ZQv3CYibIv30na9AhXn6fY5UdlFzy1BmCDqOrf5vVznJj61_wA0sB2OlDMctXft2hy9_DYsyVaHt0D1AbKPfnnjtybm2oMXiZCZ7qE3UtHlZ1NR8b552dDt-eeNFC2fVXAsXWdDvY20ANPtXZR594zVd678F_IrHpaiRgxgbmSv8tDGHzClwP-T_xG7bspGvxJGA8E0gG6PS0lPTs6JG0NQ5i_z-PaE74TGCUlhhleBqn-iuoldZXNn03BcCKrsNmpZJeI2nmrHA3Dju91EKAX_PQf0wOLgxIFYmLsqVhWdsAHSJL9sTybVwVpH3VzKC627vDTjL-KzXztfni2YbbidZbEZH-jtfonM9CaE_RzVWMdpdsZmxnvcddN-9olwcBAGjyUBZBW-30dnf1vzCghvytwSPc8Us49oU8aBvZTG_TxSqcwfZ0nBf1So9I2Zi7ghfWYGT2MsVQPz8mgMEo_mD8uOWDas1akHEF3pPgleNV4qcIymGXw8TQwKdyqxqW88OsGaV0bcGWqKiRRGvDu7hPXY7E6pkk7T_76j3aTOdOAIejhA-I8CbyAwPKDjV3_fY2iNz17BCAP4FBffwHEOq_0MXrGWDI6ftUXszOS-s9vmZ7CI_0uHNXX-W-v1hSmyZ880Vh9PoWimK9fwxYz0XoXm9-6wqWib0LQYUfUZWKImjSGjvx2lz4tXXkk84EXzkZJTXLN12D425-SF-r4eBbt2cgekFG5_KBSUy_PKWH98h7EWMBOcJnh8QGsmHSLTTFlj6G3AuMkwJZjFvByPuPuRbWvLSZFarTGNrgvvm3YJ6_omBGpNpt5zut47O8kogdotQhxbMZKkZ4CkF8fv46f39nhVa3WPqxF3DjIQHQgvkddXu1DrdhBbh4QKyS8eUeaUqXc_Jlf7-dckmk8mJCpqR3WSPifk55t5CGOG7JhoLUwnzLbVarNdM920li5Uy3dMFEmSH9niSh1RaVegM-H0NqkEzJ1_qnioyIekykScmxHLm-we8eBnj9xcNT1Z3bioGoNPP8sjBDSqoN0eMdN_BXavGThymw8wYNv9EzmQay19VmPDs9RLGxG4Bx8pZFc07cP_nNG-5ybL0N2D0DFdhrgBuwyqwLTlNGjq4M9bCX55kbQ8cC3BAL2glHH24xwYDpkVa3FZcuKFgXYaM687BL9Qe2rUvD7oULVTdH1lzQFlxjpL1u-FwffbH7OAPrk5v355dAkNGa6aabE6zDTShTdXUiwFV26vfeERqpgO6y6vYeRkzoZDVviurEXY6axGiCmZ3krVovrWCjbjUPjvXJInF2KsugYP9tjwdOi2BZo-0xxMn68WPdlFtCVKvRbbwN5ApRKABbV882AExKF56D7pH7bLpK8R9tUAJODH7aNXwJXz8Jss7JTQrUrJYK8QenUbuVwckx52qeZffygux55YI67yWpfYKScSr673CzSIBeFJHAb3S88YfAYoVOBX8IYgN6409t0u7k0elpD8JQ8s5io8G8bnm1z4oXgF99eCLhoHRWv451H5UYOIo4HJeEwJP-VdMwh4igZNlOzfedFsxEK-_smg_GbaSUNNS_1ZjAVHTE4UPaQKqYg8GT-E_9dxCzOPlHJzeqUZi94eIXMb0lFqr5loYuYEAJvYUxZ7GmfeMAAa2Jnet4abLxcGfafmxN4X0MS-Ndg9-KqMsm-hNdUi2ys-7BEvUGkBfhCusuHo65p_v37W4EmsZ1Y3c6G_XYIFK28JI7539lqsx1hfH9SemTVEsEWDrq-bu63B4HMn62BwgJCLVHzKn79lsS4IVlz4F2JpMCnuMmUDhML4TQaczZ5P3Y2gWDhQNhvNudNihxfG89LC2JqVrgh6BMhqdcpBWGpZHTIK94RB9DPCWaw8BbYOYNdFfHIO1BOCZh9uKCtxLTRpnztU9b-s2wtuVEqmYsG0t3AB34YoyfhDRssuABjSKWQ6etDEJ-Oj3BZYHxF2tJXyIAscav99s4mS7aLHRyhBnlf9Mk96qJiKwah4y0szSzepJkMNB6dgPqpvllK1OQcjRI7HUfkzCDDvy7ACRWiCTmifKMLAHR3WysYUvBgwe9tTcIbwL5ewv4-okR9RtfRqZL3XkqFQjYlS4lQ2I9LCRZ70R7JhH-j4Sy9awtU3L3_H6Lj1iNBanbDtQBC0sBVp9JdnDJgRYQdY4TRm6XISHtDjpBoMvXpKnDi7SamH7LNYKdEsZSdlS2tRb96qUlgm01VOL7UUuWwjc5eD5E-uZtr0vo938NvjanKX7G-wK5I1ONMI_c8QiH_D1UIJapztQgWCEGrD2pEgYHor3BufQZVtrjXwFmUXtPkfCQktiA4mAHt_5vELP4CpYs5wrjV0YY_TlkKtojzpecvewqQELzBUjVZ-2kL0i6oi-fHCtJR5hFs04HkOaLb1zJDNjquedwHDOKsoocJr3gfo_i22nPsRrUQF0LvCCWUdhM5O_MhPRyQveY-scbUFYD3zO1PmXtt4RiwdOvpdgd-R10b58vvQJmKKCKHRU6miVfDAsZtoi8OmmPCnjB-K1PdQ0gtmQ38MtE1lHH0IdhE6tKjuBpAn4ENFEItlPm_ivfWgk5hfqXm8sUAaypiz6tCx92hvK-HrQ204hP6L3bcD0gZlABOQVwqmHsI1piA-qY&cid=CAQSPADUE5ymr8pFk6Yz_-wUKKqERjjL2u3IXxRakoJiTiLbtZVhhwClMhz15ZruqM7T2qk-DXaiuBPqZwmBZRgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.kesatu.co%2F&ds=l&xdt=1&iif=1&cor=17528183328642312000&adk=2265872549&idt=91&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431969
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B0B8 41 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431969
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame ECFC 1 KB
644 B 19ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B0B8 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44121e3d1aab7cd18d3186a9016aa16a316590e077a477bd7cebc5b07ee83596

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7366385085728666768/160x600/ Frame F3FC 9 KB
3 KB 22ms
19ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9918a7f432276ce95d1db9b73690cb338020c42950d6f01cdf402d3515653b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 215358
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3047
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 21:49:33 GMT
expires: Wed, 20 Mar 2024 21:49:33 GMT
last-modified: Mon, 13 Feb 2023 09:43:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B0B8 0
0 64ms
63ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDV77rGwyFg7zXuWUCn1EGdqa5xmZBuWt5L7n4OA7TFuPn73iYCuKRW_q0hWhufDDWQ4fqPIxb80zDH1JWk6_ME0dmf-KKjZD4SA6z18mZG62efrnqq8C1DSQZV6M1GwGxvyU7HKLa6CaqrgD_Jb1I0CNLEeZCfEfiS7Q0PhVYcms_M7ZUZTLAmBbheJyRsyc4pXmPO74IO8RWDpPll1EczeZdf2YsMWuc-knXaEymCWtUzLfPO1ml33FS8TgDx_A3DMwE_rGYF-3AhLkFsqesk1JDHqFe4o5cmca957hQcjsQVI16Jx4ZtdZ4FBL1O2TGZJVE6IqqRpuFDheCtiKnbI16cQJYLOIT6mOexMjs4HgJB4vVTfigbb1Y4QzpxIoXwD96lOTW6omsM3BIF6O0qh-SFq5e0P4fkU-n92Zg8IsXPGFbsdugGjO-d1LAoi_1d-V0k-L3ttfkIJHZ43W-OMZYQ-VDtb96ZG0_WCves-p9CJ99Yf4SPmsoWtMd7YzDsDItbplrKzHIo4dq7PMF75vSidh-QwU5GlMjKCPd_R0gmmjVbEEHDsVSFK79FmTJYU7CjZowEN0gJROLA7Fm-RH0cSs5sU3FzgQJ4Z7OYkg4c5kqOHFSa4D1ehQTzzQI9JomefaCWdaAGQU3Vv7t_7BBrsSxPXzWB29VrW3RMdE0t_jneM71EPh9uZsnMGr3gUQnQs3HnWFTXimoukeF3biTYiTGPIXSyngGgRyCwlK6ftEfBmiwwqSnBOFhYtDmXn93YyGws1ElmnPagLcdmHYWCITQd1kb0xUxWYHmJeIP-FMQV70UegGGJ2X7XGxkEtMsNUbRxHMJ1Yf5mB9NrsACI4GQ5DxxUQSLMfhXEO4rId7EjkU1lXMZregWx2ifZHNVWjt9Io1xgT0rT1yl6EYiYBXJyA-YvSCx9aLRb8DOfUsK9fWTxBunoNnrUVJhyG4aWXejRW7k7mHtcgK9vf0aCocKF2vUevXSKTbStEIUUoCQKmjzE9p0MI0R9NVYiXP_f-w6bd1cljCTlvwDTb8eQbRj941xRhmOvRrk5HzUtJSL96T16udf4ANUqw5FPNm_YTad2uXt8DEUsyjO4ke9nRvRhvA9o4yVfFta1d9MkgBYvo0em805G5OoAQjUapb8yc300KATFCR0dT50FFo_EUSGD8OSwzjU_kym_FVt87oMhdrYdVeKkReatmQ&sai=AMfl-YTR62RBqSJWZNGfnuQRCUQgUzQtlO0VH_SzP2CX8R6EvumpZ-jZ-ep9MKC6XY7Tc017_kQLoybuqbiQxSYxKPXllJK7R3dsId1K4OVnrz1Yrg6p21g3rWU49df02QVXKFwjpgrdNsiwd7WPxpZW3pPxr2V36uO3jEuYzUl6SSc-I4PMPmJtvyPqoXYwvuAVbxBvMLwTpjoX&sig=Cg0ArKJSzCLWkLxr6r6fEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1089&cbvp=1&cstd=1084&cisv=r20230322.23365&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:51 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame B0B8 0
338 B 173ms
48ms Image
text/plain 52.211.97.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?confid=ryl4p2oh9&advertiserid=8241999&campaignid=29373356&siteid=7210781&sitename=N755990.279382DBMDV360PUBLICISS7&placementid=359462090&adid=%adid!&creativeid=187208910
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.97.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-97-32.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

x-served-by: beacon-n019-dub-prod.krxd.net
date: Fri, 24 Mar 2023 09:38:51 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1679650731
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2779 41 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D8DB 1 KB
649 B 19ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2779 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 871cb6fcbec52bfeef93a8fb68cd9b00baaf7d7cadb6530ef06523afe25ee9a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/803527930041460798/ Frame 396A 147 KB
23 KB 22ms
20ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/803527930041460798/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a205d65c41e1e75736a6f89d530a8a3dbd67688cc6e8382d7cdcbef38db4d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 199887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23996
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 02:07:24 GMT
expires: Thu, 21 Mar 2024 02:07:24 GMT
last-modified: Wed, 18 Jan 2023 13:23:16 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2779 0
0 68ms
66ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstyUrQweXOS1FQqIP1KvYpG5DPkDQwH1JZgmm988kIJndLhpRgPNSnkpd4GDH3eVI-y8Qm5rUze1EAz4FSK4gHDlVKCZyHphTx_y-dvr7w8fuhLjXRjbi6WyOd3uWkCKBefw0o7TBrNiTbr7Ct1wxRGHRjGHwMopb3zg9Jx8blNki89xEDZqX7mgPdKkjSkvCz_arBkmXRHPudKJtbud5gdEExhOqaHgxHbTwPYdsbetRTzRZj4TAZaLF1d3qJtd3b50uNpkU9vw4hzmPrqxTJS10jJ4BCoyk4MPkUFJvAL-vH_sRWkYDROXbEfzj2Z86h7TzK0s6lSA4HLm5n4-l7adE7fTkzKDDCbfzLX7RzNUCS4DFJ0Li3cr_72k8REyg0sVVOWv4RtgvLVMn7wpoTllGPbpROntILOx5N-yhWDXeeMiwWam7UEXkl9phyIeazwDgZEfjEXQnhrxoeM-VUWwzlwSLi7A4mV71gQ9UfkSJvKgqqAZ8sowndkmeMqQxE9PF2PD5eexBwubIFkn4r1bAmljl5GNB7ZLZnfJVa4748na-bbR7FL6wlv3N74AecmWLUFycVBiTRPXibRQKoq31jvMFzXR60Zc0xcrFjqI-K1kuCdNoc3Oi3-oaRSzgCR8SV5b5hLH3KMjsU6mBNg3_lFop-wPknYBLXX7MqOZkeR709mQ8Mjrn0idgBXmcIQTzAXE6BlJ1MHFxZM1sGRu6EsdzjMxCsOdDSnemmDD9We5Jz6hu6mo814usLJoudClFpkr31jjodTIvinE4chAPLSabi0e8lPAbWerAgJWKENKqozSjJj6kpWN7O5Mf2HVbd0NVcYxlSXu_tPOR6-FBLd4na9BNb7Bo1-fVLLjEssEeMZA7br84c5tsDnyyQlSgyIsVu-CTMNuqoqWQoUS8uLDSYiUXmpPUjBQLpu1UA7e8kr4FEVeRTz6IyaBdvZBQXyeZJqaeTyKIWtMKAVKlxIc2sUfuaQAeeaWGzGVnDEQzdfKuUCWWW3HaUEysJQMC5H1eIfDF9tTVxmnryk2aWfchZ5EkpGUMcUhy8Sgsb05tewoMsTeJl_S7QEsQwQWswosWKKMI4SVboyOidJvN9AaSRZ6dwDF7oIUnPYptOSxugzSlrcz4l2SRbpWB9Bds8W3lpvFxTkEyeWP2lJ7ZdakHU7MoyMybWSlaU1Pei7ufkfZfdLMnbbcsE6m9QI_uz2m8MM7aeFhKYNCIGF_T-Er5oI7b58nrXd6TYwo0n_J6JMjWTo2Sf7pH6DPXrL2A&sai=AMfl-YT1DuXcsmsPumeoJH9-lh7rxqvFFXE10Zhbw9t0XwEszBEdlL9b5zyR8554DPn2yL2DxSPzptxTVLE3eur22L7IhJ1ZGzg_lWajVquIOCcFdcuNczkv4_uv-sZWW986Al-YMqVnwOF8bsuo0UOM-NAMd_M-iDv5IkuTrlJ60C9RDaH8HAAseOjYLJvgZOf6MWtpxJV9KGP1&sig=Cg0ArKJSzLV5MJwDjAQ_EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1046&cbvp=1&cstd=1042&cisv=r20230322.12034&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:51 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BAAE 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AF90 1 KB
649 B 20ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BAAE 205 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72d114a3f4e3a9d06d16c783918e2d4d8101a8c66aa5db94845c97b5e03944f6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D934 41 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6550 1 KB
649 B 19ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D934 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69fbe642be224c81ac8defd6a5b93ef51648e5722593848b4ef0d05dc27c12e5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10479788987402403556/ Frame A567 145 KB
23 KB 20ms
19ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10479788987402403556/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55c8c9f9fe2cf6911d81bf00e08d31567afca911e1cf0252bb54e964fade59d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 264798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23559
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 08:05:33 GMT
expires: Wed, 20 Mar 2024 08:05:33 GMT
last-modified: Tue, 07 Feb 2023 07:03:46 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BAAE 0
0 66ms
65ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDHFwaf_5NF31L1QldxPNapt-g9xt1VWCLm_OdJBdNgrRqrGnivJYREavtUPPBIwQ5CBtSvxNp0xMg6tlErNoVJ4jLEEb073luJkTF14nyjX50MaC-vmjUUTLuUiXPbe73yo97PU7pJmCtEOj8_5oFbtPihy_jeqJy72qE-GCoGP0PtXtE_AiIBzFdhG2uRFiUwPQgy7dbIQkHGmEQzLyEb-xUggpYmpTtSBi3uW1L4cpdHwIz-GjLbO28wLH7k_2-USAgQuW0DlHqJZp1YJIpLlUX_CbGZXYtVcoWByHYR6wfbY8DuJCGQyKjN8TYHM-I66TIR-eMrDjZDS6glSqQbDJFExraojE6tULou2RH2HRClDiUazqfIfjt5ONyUW8FX2YWf6jl6apNpMS2nJpqutblLOsEBt-_7n9o-JPnZQsKV3Le9iE9Wpo2MiHUoFvI9ei8TxXrF-oFUs8YF-jMaH1RF9bVbW9f66Xqyn_5h_1o7ocoA8nJ9H1NOipR9mhHsSLrjV5fnF6GX9y1QlHiz4cRGnHE6MtjNwS_Exga5yDcaptbcAUKzH0NgvKTNlwyfadq9PBskAvIeC31CdovIsGJssbZWocJ4AYaA1he6rSGIsvP5gI4P1t2LQlODVni_U12Jl22fL5-vB5f58z5uy9fX9CrR-0AZOL4HuT7x-OIrmNig4mcxja41wBKEQD3kbFid52DvWGh9IMs4UEZuEuRQrmXtVrZAzp0QTMemIWxJAjZsxChAFWXTbcXwAnvixTJYwmBOEpR_aeiTWC9s45rVhvPinLftlEZCVvUrRCG9DMTnWh8tEPNJLNXs8zBHCUEMxDB3kTJRBiiOg_M48R2Dk7V9MwpexUL9YtVL7BGPahtn6KLNf2MnCpxXk39kqWTRhLXtwL0ExRbUZtokKLnIYN7Yq0OYDRpGS2touqI0h7TWE7Lpzp4bkxER1n3oxVqTIdzOaCqOPID5B49PVHl-tj7iBkGMvwvEFhXZN74URtSaJA4CV9DyVoZ-RpQOVnS7YFIpMEyMsTyQsiwtvTHSb29jRdn-RcGa3065-pJgA7B7tBtngeliMUZG551qhxdP6UxntBF5uJXohgOX4gkL2N17xxh_94OrczYBuvUc62wmCqoQhPlqG6ppXJZZiQvVSOymzgEJ6GBq5XR1qs3kg1iYIXaEuYegTPt4WN6-54oHIFzQrKVFWlLYlbn8C-HRhDRvCMi8CKntUkinCeBDTuFug6oLhelglJCEtQSRNoJPgvLbp9wCwC7&sai=AMfl-YQhAkJ5l4cnIXjxmdZJfE3vZ3eHD87yktOEMQiJ6KZ9ATWESGp3cyPElkl8kEc-on0GVqSR8WEEl0L9iugMrM9Vy47f_z6cWsTKXNzVKZzvNr17mgNpRui1e8sBvwMAHmuzcVk4lrjaej0HqTzolVAQ-RjAnq9w_ES9AYr6EMmuT31WBxB8TSzu5Vz0mEXWx661bKXkz1_r&sig=Cg0ArKJSzGz01dUl7VUMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1104&cbvp=1&cstd=1101&cisv=r20230322.33365&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 24 Mar 2023 09:38:51 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2779 43 B
215 B 105ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=1ac97e93-c9cd-dcda-a5e7-06c9907ef04d&tv=%7Bc:7LOPhA,pingTime:-2,time:551,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:2408,beZ:2409,mfA:2411,cmA:2412,inA:2412,inZ:2417,prA:2417,prZ:2434,si:2443,poA:2445,poZ:2468,cmZ:2468,mfZ:2468,loA:2665,loZ:2670,ltA:2959,ltZ:2959%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:552,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B546~0%5D,as:%5B546~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192*.1333404-69076800%7C1921%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:192*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:svg.us,siq:36,sinceFw:514,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 03C5 13 KB
5 KB 25ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C48F 783 B
535 B 32ms
30ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8e0b6a9f92b6dc168197e8b2fb61fe95484901f9348ca923714a669ab989bfd5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6a8p3aZpNQJSdhUBvOq8qg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-6a8p3aZpNQJSdhUBvOq8qg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:51 GMT
expires: Fri, 24 Mar 2023 09:38:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BAAE 43 B
215 B 105ms
103ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=98d03fd7-6b5d-bd01-3e63-487ce7b9676a&tv=%7Bc:7LOPhX,pingTime:-2,time:503,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:2338,beZ:2339,mfA:2342,cmA:2344,inA:2344,inZ:2348,prA:2349,prZ:2359,si:2365,poA:2366,poZ:2391,cmZ:2391,mfZ:2391,loA:2553,loZ:2557,ltA:2841,ltZ:2841%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:503,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B495~0%5D,as:%5B495~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1a1%7C1a2*.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:1a2*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:svg.us,siq:27,sinceFw:475,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1 200
OK dvbs_src_internal117.js Show response
cdn.doubleverify.com/ Frame E0C0 57 KB
19 KB 35ms
35ms Script
application/javascript 2a02:26f0:480:9::210:ee0e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=15911784&cmp=203336&plc=7224807&sid=18330&dvregion=0&unit=970x250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee0e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Fri, 24 Mar 2023 09:38:51 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Server: Microsoft-IIS/10.0
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18840

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 69FE 0
103 B 43ms
40ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKDHwUub993Agos7UWxHjzA&google_cver=1&google_push=Aer7DvK3aChzVFgFgC38K-tx-veIRZcIQN3Frux8lHavdloBg4xXIZ6KYxDFEZlMShtbRfvNlbdHpGQcUNXwYllF7umWyHFRyrSHDw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvKWzOA7vAPBGrEtzh3WSjzLEkMMYGXXhH7QugzyGEySCEAKWrnp7LrZzzUM3hqg854nJq5DeLk7kyN154iz...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKWzOA7vAPBGrEtzh3WSjzLEkMMYGXXhH7QugzyGEySCEAKWrnp7LrZzzUM3hqg854nJq5DeLk7kyN154izOJcN-107...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKWzOA7vAPBGrEtzh3WSjzLEkMMYGXXhH7QugzyGEySCEAKWrnp7LrZzzUM3hqg854nJq5DeLk7kyN154izOJcN-107YniFEA

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:51 GMT
Server: MT3 668 4401257 master hkg-pixel-x19 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKWzOA7vAPBGrEtzh3WSjzLEkMMYGXXhH7QugzyGEySCEAKWrnp7LrZzzUM3hqg854nJq5DeLk7kyN154izOJcN-107YniFEA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Mar 2023 09:38:50 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 69FE 0
191 B 129ms
35ms Image
text/plain 98.98.134.243
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEExSorf6Q4t-PBiOBXg0U2k&google_cver=1&google_push=Aer7DvLvJJghxztNjWqgOgs-tnt33XJORedA4iy40I2-brdFQ-rW5bA-ZQGuOLSPzHQL9OtyffpNgzLOEXqaf1r3JFtJQi7M4y532g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.243 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:50 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAyDDerd7e_nZqGZJF-13ZU&google_cver=1&google_push=Aer7DvIDWsu8q8ZwfT8Vwk-hSmgCRvzOOwunIhIJN-9jwuWC4g8AJEui3ZdbZLem3m1Xjky4uAY-7kuKNT_...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvIDWsu8q8ZwfT8Vwk-hSmgCRvzOOwunIhIJN-9jwuWC4g8AJEui3ZdbZLem3m1Xjky4uAY-7kuKNT_hxEpwGSdKx_IILdMGIg&google_hm=TjDaOKJuTvqAGTZN13...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvIDWsu8q8ZwfT8Vwk-hSmgCRvzOOwunIhIJN-9jwuWC4g8AJEui3ZdbZLem3m1Xjky4uAY-7kuKNT_hxEpwGSdKx_IILdMGIg&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvIDWsu8q8ZwfT8Vwk-hSmgCRvzOOwunIhIJN-9jwuWC4g8AJEui3ZdbZLem3m1Xjky4uAY-7kuKNT_hxEpwGSdKx_IILdMGIg&google_hm=TjDaOKJuTvqAGTZN13OoA4Q
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aer7DvLL7JeNtYhc0kcHCk0bbDqFHfmcCwjA0mjTmOwJnX8LbvdWf1E6z-e1XY1_HFJqypUDrtdl_sDHBOypCxtWrZagmnX...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvLL7JeNtYhc0kcHCk0bbDqFHfmcCwjA0mjTmOwJnX8LbvdWf1E6z-e1XY1_HFJqypUDrtdl_sDHBOypCxtWrZagmnXtZ7wYyg

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvLL7JeNtYhc0kcHCk0bbDqFHfmcCwjA0mjTmOwJnX8LbvdWf1E6z-e1XY1_HFJqypUDrtdl_sDHBOypCxtWrZagmnXtZ7wYyg

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvLL7JeNtYhc0kcHCk0bbDqFHfmcCwjA0mjTmOwJnX8LbvdWf1E6z-e1XY1_HFJqypUDrtdl_sDHBOypCxtWrZagmnXtZ7wYyg
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEM1cHveXxA8KI_epcTmL5Vk&google_cver=1&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuYYg...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEM1cHveXxA8KI_epcTmL5Vk&google_cver=1&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaB...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg4MDQwOTQyMDEzNzY3Nzg3OQ&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuY...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg4MDQwOTQyMDEzNzY3Nzg3OQ&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuYYgZtPyW8K8OsefiFecPwM5Eg

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg4MDQwOTQyMDEzNzY3Nzg3OQ&google_push=Aer7DvIXr_bT1r-JvV7WMhFZx39tm0ynDQ3jkuswxexwwVcprZJ1lEuO2j3es-R631yzTXQ9QaBsuYYgZtPyW8K8OsefiFecPwM5Eg
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJNCZkLrY5O3L3LVLvOpQwTNrvzTh5CorCQyRcBTtj7AmC6b4GNXsovKdVZ4jAUUN91AL1-Df1SCg2pK3LTXb2aAdZbeMZ2sA

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJNCZkLrY5O3L3LVLvOpQwTNrvzTh5CorCQyRcBTtj7AmC6b4GNXsovKdVZ4jAUUN91AL1-Df1SCg2pK3LTXb2aAdZbeMZ2sA
date: Fri, 24 Mar 2023 09:38:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 69FE 0
12 B 28ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jq3AuSnDJuOmvmy5l-0kCHOXVmD6YbakogE1usfHEoKDvbVL5btx7xXif-gCYcQ6pNkZ44

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F3FC 113 KB
38 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F3FC 236 KB
63 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/7366385085728666768/160x600/ Frame F3FC 76 KB
14 KB 22ms
21ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c4e34094b30ef332a41fff59757045fa00d7cee7d33de1bb3105e572a310741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 21:49:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215358
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14764
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 09:43:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Mar 2024 21:49:33 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 77B8 13 KB
5 KB 19ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B089 783 B
533 B 30ms
29ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

21bbaa8008a3c469b361b3e8c90a911b4d04e3b13e0abd0f736c8f0d72491d83

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WVEulcrmpBNVZ-gEPgUbFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-WVEulcrmpBNVZ-gEPgUbFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:51 GMT
expires: Fri, 24 Mar 2023 09:38:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 396A 29 KB
10 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/803527930041460798/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/803527930041460798/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56020
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 179E 14 KB
11 KB 65ms
65ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0795a57e66286e3dd53474ee199d61efed837c0d6f27e042d4e1722088d75afa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11076
x-xss-protection: 0

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame A567 29 KB
10 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479788987402403556/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479788987402403556/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56020
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 18:05:11 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame B0B8
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1351698/69475176/skeleton.js?adsafe_url=https%3A%2F%2Fwww.kesatu.co&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

18ms
18ms

Script
application/javascript

2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H2
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 03:51:51 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5809621
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: qE_59NYcSNs5I6soyNIC3QZZY740j_rBhHOTUEtTmk-zDIUyxWWJWg==

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: nginx
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame F24E 91 KB
23 KB 19ms
19ms Script
application/javascript 2600:9000:223f:ae00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15876155
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: UkR1vcTCDdinFjKghNp25DGUsIpMhNE_Rm0UBW9js0saa1iWrEc_dQ==

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame C456 0
103 B 43ms
41ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKDHwUub993Agos7UWxHjzA&google_cver=1&google_push=Aer7DvIgaXy7D2xlK6lO2q9VX_aqroh6DflqdQGfgmA2y8i73KvBVVVEzCoXfvZqWcSTCaPwUDRJ07kg0QhxMStIh-AAHTmNSohqcA
Requested by: Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 i.match
a.tribalfusion.com/ Frame C456 43 B
397 B 202ms
199ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvLKRmcjUdgsK4cJusnjPJjRpbHaVPfe0pGweCSneAa_QUBUjALkaITJE6z00Jia0y1h5V3ZypjkfjhPSbpPSBpILpNvul9FOg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvLKRmcjUdgsK4cJusnjPJjRpbHaVPfe0pGweCSneAa_QUBUjALkaITJE6z00Jia0y1h5V3ZypjkfjhPSbpPSBpILpNvul9FOg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7acdf190edb33732-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C456
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvLMwXiRBDbMeSMFiEf0rXlGyrMb-fmW1C-26btCExemF3_xMt8wPhMeuTdfVfbx2s48nm4OlemEkMpOXP...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLMwXiRBDbMeSMFiEf0rXlGyrMb-fmW1C-26btCExemF3_xMt8wPhMeuTdfVfbx2s48nm4OlemEkMpOXPoJrS...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLMwXiRBDbMeSMFiEf0rXlGyrMb-fmW1C-26btCExemF3_xMt8wPhMeuTdfVfbx2s48nm4OlemEkMpOXPoJrSu6X5wLpEO_

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLMwXiRBDbMeSMFiEf0rXlGyrMb-fmW1C-26btCExemF3_xMt8wPhMeuTdfVfbx2s48nm4OlemEkMpOXPoJrSu6X5wLpEO_
Date: Fri, 24 Mar 2023 09:38:51 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C456
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvIIgBqyBhTZVjCXCWNHQODzOqiRUSzPHsqms0svy8GVLjX1pz6UqkzzLAZw1XtBgpQi97imSI0udAx1m45VB9MrCxwtsUs1

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvIIgBqyBhTZVjCXCWNHQODzOqiRUSzPHsqms0svy8GVLjX1pz6UqkzzLAZw1XtBgpQi97imSI0udAx1m45VB9MrCxwtsUs1
date: Fri, 24 Mar 2023 09:38:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C456
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEKK9_U06XKWEO4r-g9VDB4&google_cver=1&google_push=Aer7DvIt0XGQ4iHpKvARywJFKJIVdKPEGlPyEUQAI-LJpunRcIGVRblYbYdiJDaUCjRwA0OxLXR...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GNEYtUy0yUUQ5&google_push=Aer7DvIt0XGQ4iHpKvARywJFKJIVdKPEGlPyEUQAI-LJpunRcIGVRblYbYdiJDaUCjRwA0OxLXRaSePSbIo8KlpayV8r31Gt2DGgmg

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GNEYtUy0yUUQ5&google_push=Aer7DvIt0XGQ4iHpKvARywJFKJIVdKPEGlPyEUQAI-LJpunRcIGVRblYbYdiJDaUCjRwA0OxLXRaSePSbIo8KlpayV8r31Gt2DGgmg

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GNEYtUy0yUUQ5&google_push=Aer7DvIt0XGQ4iHpKvARywJFKJIVdKPEGlPyEUQAI-LJpunRcIGVRblYbYdiJDaUCjRwA0OxLXRaSePSbIo8KlpayV8r31Gt2DGgmg
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C456
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEF8enHwCbWovvFSZuwumflU&google_cver=1&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVFY6Az_4...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF8enHwCbWovvFSZuwumflU&google_cver=1&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVF...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t52vU1v2TLG1jWQSfJV-HQ&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHV...

170 B
188 B

32ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t52vU1v2TLG1jWQSfJV-HQ&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVFY6Az_4MTleFcUg

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t52vU1v2TLG1jWQSfJV-HQ&google_push=Aer7DvJ54P8sXF7p2-4ZoUdwl976hYlD-JNa92-F-xIMShzKeG5fszBgbcbmDRjvU7ZUuV0cxqr9QL4M0XtqsHVFY6Az_4MTleFcUg
access-control-allow-origin: *
date: Fri, 24 Mar 2023 09:38:52 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C456
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEH_rhF0r8Vwzt-QC7kDtfqw&google_cver=1&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7p...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7pI...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6Np...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7pIqsg

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLU-cEAD78OPME5CJj03S-FmzYBi-guS8rnaT8COMm24tgfD6NpMe0Nb8pAeeynKC7-yCuvzm5Wxx9rtLBabK_w1vrq7pIqsg
date: Fri, 24 Mar 2023 09:38:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C456 0
12 B 28ms
27ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JoVCGlAycw7Acw5zqZDl_SZ5-nUCyYSGagiNCpIg8RdTwQPwv8ewKEFcCXlwujJTJQMutA

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2179 42 B
64 B 59ms
59ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuqPiD3pQp8AytvzmPmw4BSKm48ILmgN5ugaDW_lyvXR39soIbM2N9F8Pg3eQlEspktVKozxxm7XfaxDDBXc-3LlQtPvbJuf1vROxZyAB8RKUFsPse7cXrQ3lOs-yMp2xNSa_CovQ&sai=AMfl-YQFmRyDLZEWaQGQ8MbW7SGBaNVJC6sW6ACd8yoo-1ONeuKke5kBg4y6wHSqWJfaB8sVR-5ss0_EBR7UalLden_mMwzxYg-tKwI&sig=Cg0ArKJSzNAO0OHKol4qEAE&cid=CAQSKQDUE5ymCw-Xx1MVr68eWBO-5Wc1aaWWBYzHLnXpkrBLeTDHMB70OlvsGAE&id=lidar2&mcvt=1537&p=0,0,250,970&mtos=1537,1537,1537,1537,1537&tos=1537,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2658235593&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650727961&rpt=2141&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D81F 42 B
64 B 61ms
60ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss8xFLTaDnUbtDng2HejbVlvHTvcrE6p9i-T2hCtFDwinCzmKpY4e0XMy7Vrl0nXzyiTgufDUL3P96kbQYr2GrdmmatucpDMUsXFO-i_NHiov6lKB0EiKrKSvgjw-DmKd7l8rCTRA&sai=AMfl-YS4CSowGIm7HLAEguDCZvyvICTSEC_3bhepoPmxaJd2JFfAC98dil-PX5XlUJTyOaq0XP9a2qH5re1Pfc83Mu5owH8dW-i6pxc&sig=Cg0ArKJSzNIzB8ZbswCREAE&cid=CAQSKQDUE5ym_sFl0baMPrCPIQOED5HS4oSnkvjSMJn91ui1S74uLPP6-lY-GAE&id=lidar2&mcvt=1436&p=0,0,90,728&mtos=1436,1436,1436,1436,1436&tos=1436,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3718468712&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650728181&rpt=2079&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 034C 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 503561
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 38D0 13 KB
5 KB 19ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4E9F 783 B
535 B 30ms
29ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b3f6706798da09c4a6c6fdc621ff166ef6a9687af5920f9f4f166b36f2682413

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sUcPIFbWJf28WFj3hrgXow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-sUcPIFbWJf28WFj3hrgXow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:51 GMT
expires: Fri, 24 Mar 2023 09:38:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FA46 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss7tS2qJ0UGGA9M_6qKfh2F-Ua9N0U1dQtRb9E1r9VyRCn5pj7XGlzlerH8dk02XYCu69ogExGVo_a6I3A586F-qgu6Jr5zNGOiPmeWgHirSZio903oYv_0OyiQs0x5albTjzgaQg&sai=AMfl-YRkqb6XB0JRMuGLtZ51FEGpdEwEAoW_NSlpEKsPRjHhSTw24qmqoCiSAJOPhC8AheIjSwAXOoxyrRi95Qsx4Nl3pwIhJyx_gA0&sig=Cg0ArKJSzHCp5ChYNiObEAE&cid=CAQSKQDUE5ym1bJly_Dzeg-gJ-95AoSuuBU2AQpxpCMhRemp_9Mt5R6jvN8tGAE&id=lidar2&mcvt=1339&p=0,259,40,300&mtos=1339,1339,1339,1339,1339&tos=1339,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2345376669&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650728110&rpt=2374&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 179E 17 KB
6 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOPuI,pingTime:-3,time:1408,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1408,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B363~0%5D,as:%5B363~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi7q+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:0,renddet:na,siq:1072%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 104ms
103ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOPuJ,pingTime:-6,time:1409,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1409,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B364~0%5D,as:%5B364~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi7q+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:0,renddet:na,siq:1072%7D&tpiLookup=ao:www.kesatu.co*%2Caa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 28FD 13 KB
5 KB 20ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 64B5 783 B
535 B 29ms
28ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f1d9ac27e964ca5bc7b8b69466ddcfaa7690ef0a1768b44a61a97aa39643a86c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9T8QK5QEPA-EMbBGshnFrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-9T8QK5QEPA-EMbBGshnFrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:51 GMT
expires: Fri, 24 Mar 2023 09:38:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 79BD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
29ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:52 GMT
expires: Fri, 24 Mar 2023 09:38:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:52 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E40C 42 B
64 B 55ms
54ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvIyR62n8WXHCvgLUtU2pFrm4SM_N2F6kCNKlMcRVjdrpWCGHoqAWfvtjKPdDiNCSJTEC2Iey4xvuQD3Fg4-Cm6PhvW05_q--4HFhz3FF9jamGdaFKsvpMlpmwg_LHyfZDSAdlndQ&sai=AMfl-YTcVxcord1mrriw6f2z3cVh1PZY3ydZb7HoVdhoOgG3hj1zA0JBwYuX5J6dKf5mXetwdlX_F6N0oNfq&sig=Cg0ArKJSzJ2b9knB-veiEAE&cid=CAQSGwDUE5ymUUhuONGyoGAduAU4xD5wFPgDl7j2cxgB&id=lidar2&mcvt=1319&p=-70,0,430,180&mtos=0,0,1319,1319,1319&tos=0,0,1319,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=0.72&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650728614&rpt=1757&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AD24 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstBM3kttlbSUP5wJDFcyPFhkO8xul3D9CsTIXGnnK8Zfyks-bMmR0zviunj-36RAcJgivglXx0nWvIthv_6k0VOm2ruuYQ4k1VtrXY87mywmdKFsG1TdCLQJaNqyNTtEgLQhs0ULg&sai=AMfl-YTwsL79y9xbJmWb1e5vRbE_rkwR4QVh29cLjb9hA9PMWKA3_MqR_qcNfiUHX32g5J29wX1D6JxOZw8M&sig=Cg0ArKJSzH-hzj7VwCJPEAE&cid=CAQSGwDUE5ymUUhuONGyoGAduAU4xD5wFPgDl7j2cxgB&id=lidar2&mcvt=1320&p=-70,0,430,180&mtos=0,0,1320,1320,1320&tos=0,0,1320,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=0.72&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650728617&rpt=1774&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E054 22 KB
8 KB 24ms
20ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 503562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7A8F 22 KB
8 KB 23ms
20ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 503562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ECFC
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIgY9osYNJA4nAgCqqh0JUtNhr9SH3fH6moW42f2rg...

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIgY9osYNJA4nAgCqqh0JUtNhr9SH3fH6moW42f2rgiov0L-fBpjSEKnkhNlZk67G68dCcLAYwa_YOyAOr2cYBNff8JlP_Ym0g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:51 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-09a32cc2c473a3db5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aer7DvIgY9osYNJA4nAgCqqh0JUtNhr9SH3fH6moW42f2rgiov0L-fBpjSEKnkhNlZk67G68dCcLAYwa_YOyAOr2cYBNff8JlP_Ym0g
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame ECFC 43 B
615 B 186ms
184ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aer7DvLDQJXZVhalsTzxr3pfAILIhv0xHxtvShVYT7wlXGNmO1AXpl_51HqEONbArEfc1ZopCcxamaOxSlk1ch4A5lf5WBfGtqDcsQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvLDQJXZVhalsTzxr3pfAILIhv0xHxtvShVYT7wlXGNmO1AXpl_51HqEONbArEfc1ZopCcxamaOxSlk1ch4A5lf5WBfGtqDcsQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7acdf1930f0a91fc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ECFC
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvLK-FObagXgl5CdH_861tVz69mfouEephmywNiSwwBLt5dj24y83KQjaCEBtYc7zx70KhYXEahkXt8tSU...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLK-FObagXgl5CdH_861tVz69mfouEephmywNiSwwBLt5dj24y83KQjaCEBtYc7zx70KhYXEahkXt8tSU_P8r...

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLK-FObagXgl5CdH_861tVz69mfouEephmywNiSwwBLt5dj24y83KQjaCEBtYc7zx70KhYXEahkXt8tSU_P8ryjzP-Db93MfjM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvLK-FObagXgl5CdH_861tVz69mfouEephmywNiSwwBLt5dj24y83KQjaCEBtYc7zx70KhYXEahkXt8tSU_P8ryjzP-Db93MfjM
Date: Fri, 24 Mar 2023 09:38:52 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ECFC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDv9JrCLTN9zoqXivAsMNE&google_cver=1&google_push=Aer7DvJwSkQyeM4Pa63tsxgtguwi0nXPuRSGrv7xNE4QTjQjG7cr4rpm6PNxrLYlNwIVRvNOTkEoUdzpot_lxIYx...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJwSkQyeM4Pa63tsxgtguwi0nXPuRSGrv7xNE4QTjQjG7cr4rpm6PNxrLYlNwIVRvNOTkEoUdzpot_lxIYxHu68obqy3a371gM

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJwSkQyeM4Pa63tsxgtguwi0nXPuRSGrv7xNE4QTjQjG7cr4rpm6PNxrLYlNwIVRvNOTkEoUdzpot_lxIYxHu68obqy3a371gM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:52 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VZutF7tnR_K0MT4OOyE08w2&google_push=Aer7DvJwSkQyeM4Pa63tsxgtguwi0nXPuRSGrv7xNE4QTjQjG7cr4rpm6PNxrLYlNwIVRvNOTkEoUdzpot_lxIYxHu68obqy3a371gM
x-host: tde-deliveryengine-production-86c874c4d8-xsn9p
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ECFC
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEEm_bq0clmmtbXe1h8wXQ0Q&google_cver=1&google_push=Aer7DvKE8RTWWfz7vbs7KcpL0zam09eJOP2WVCjESnymqoX5dZbgLmHMJ1d9_3a_NXowDmJKpqobr9IK4U53ZwbrWnJpSOi...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvKE8RTWWfz7vbs7KcpL0zam09eJOP2WVCjESnymqoX5dZbgLmHMJ1d9_3a_NXowDmJKpqobr9IK4U53ZwbrWnJpSOiOrN87ew

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvKE8RTWWfz7vbs7KcpL0zam09eJOP2WVCjESnymqoX5dZbgLmHMJ1d9_3a_NXowDmJKpqobr9IK4U53ZwbrWnJpSOiOrN87ew

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvKE8RTWWfz7vbs7KcpL0zam09eJOP2WVCjESnymqoX5dZbgLmHMJ1d9_3a_NXowDmJKpqobr9IK4U53ZwbrWnJpSOiOrN87ew
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame ECFC 0
12 B 28ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KNjCLAOF4xxqTAWkWmFLrpoCsId8_aPXtQ-1Tpbm4k9uzw6DHtjwRsOus

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame E0C0 656 B
677 B 245ms
28ms Script
text/javascript 34.149.12.213
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_267402122376&jsTagObjCallback=__tagObject_callback_267402122376&num=6&ctx=15911784&cmp=203336&plc=7224807&sid=18330&advid=&adsrv=&unit=970x250&isdvvid=&uid=267402122376&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.50&dvpx_strhd=0.50&brid=3&brver=111&bridua=3&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=13&noc=4&fcifrms=19&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D%3C6D2EF%5D4%40TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D%3C6D2EF%5D4%40Tar9EEADTbpTauTau22c2%60e43e6ecg6_dc6ceahg%60ehhaec6_%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=8.90&callbackName=__verify_callback_267402122376
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 86be7661939719094bff644e5ff06a51edfea08529f3f396b51f479d6185a0c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:52 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Expires: 03/23/2023 09:38:52

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 808C 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 503562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame D8DB
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESELslJBbvCqwnOy29LUS8uRk&google_cver=1&google_push=Aa02lx_ROAce-USJo20zU0vDQvxUsTlrIx_0Mx9dJe58QW_sweLVDanHWoZmY2YZPcCQCn2Xy7-wtROkAG5quvtGbw-erceZwHIJ6Q
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODM1NzQ0MzE3ODAzODg5NjkwNQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELslJBbvCqwnOy29LUS8uRk&google_cver=1

43 B
398 B

76ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELslJBbvCqwnOy29LUS8uRk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELslJBbvCqwnOy29LUS8uRk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D8DB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aa02lx-Xgx3Hd1OnSQ6XDnuRxFGvOzvcBQqFyeyQnalf-bF...

170 B
188 B

32ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aa02lx-Xgx3Hd1OnSQ6XDnuRxFGvOzvcBQqFyeyQnalf-bFoLRYg41gVFGFW-llSkhKXycz5Nq3j_wdrTSlwSzFTIe0o9ECSVVs8NQ

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:51 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-09a32cc2c473a3db5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cWtrN1p5WlUxUEZEU081&google_gid=CAESEAK9CmM5-RcB_zxqfvs88ug&google_cver=1&google_push=Aa02lx-Xgx3Hd1OnSQ6XDnuRxFGvOzvcBQqFyeyQnalf-bFoLRYg41gVFGFW-llSkhKXycz5Nq3j_wdrTSlwSzFTIe0o9ECSVVs8NQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame D8DB 70 B
264 B 47ms
41ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE9yAMIv1Tx4WXXMxuPHd-I&google_cver=1&google_push=Aa02lx-fFa4icnm1UWVfhgA2hbbz9n1XBb12GGjXlqtjqCBx2B9Ye1_0vn86YRym8Ycbdvua01Liqt3wQuqQM8ZqG19A63TkcCpX
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame D8DB 0
173 B 78ms
26ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOQjjd8ITdaTncotouhE0CM&google_cver=1&google_push=Aa02lx9PKQbZ6beVoNtVV1KZiij7jwCxqUGKL6-JdkAHlQX104t4fccwgqZDlhaJb05LzW0R2g1Ha-shrt0uqDT8OZcOaxAAmZMCog
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D8DB
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aa02lx93wfEwZaYoeLYJtdv7C2aQfP8a0J6uNa_0hljCT_XOh4dbOperqMip04sogGlI3uXbkDH-ij_ggDbVWDwz9u75...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx93wfEwZaYoeLYJtdv7C2aQfP8a0J6uNa_0hljCT_XOh4dbOperqMip04sogGlI3uXbkDH-ij_ggDbVWDwz9u756IyII--VEA&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx93wfEwZaYoeLYJtdv7C2aQfP8a0J6uNa_0hljCT_XOh4dbOperqMip04sogGlI3uXbkDH-ij_ggDbVWDwz9u756IyII--VEA&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx93wfEwZaYoeLYJtdv7C2aQfP8a0J6uNa_0hljCT_XOh4dbOperqMip04sogGlI3uXbkDH-ij_ggDbVWDwz9u756IyII--VEA&google_hm=bAJi1WUdQGK9jKR9-PZqAA==
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D8DB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx8W8hNnYiTTGhqujN06HsV0ZgxBa0UE1yBm4Q0Ot2pG2YxFqHljWiWXgt-HuxgEmnpAuu_rsxpBO3E6ZzhpxdLKmyFUk6IPTw

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=oD9R6wLkQoCoO_hPDmppLA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx8W8hNnYiTTGhqujN06HsV0ZgxBa0UE1yBm4Q0Ot2pG2YxFqHljWiWXgt-HuxgEmnpAuu_rsxpBO3E6ZzhpxdLKmyFUk6IPTw
date: Fri, 24 Mar 2023 09:38:52 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D8DB
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEOD49LY57B9VelVgLclUJd0&google_cver=1&google_push=Aa02lx_Gjyod23gQ-4_TabVR72usrv289y1UVRUKlgPzzW91XbCME6nUEJjh9aZ1735orLA70fjmVixqNPbf...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_Gjyod23gQ-4_TabVR72usrv289y1UVRUKlgPzzW91XbCME6nUEJjh9aZ1735orLA70fjmVixqNPbfiEcaHiEWbgl6SvCYjQ

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_Gjyod23gQ-4_TabVR72usrv289y1UVRUKlgPzzW91XbCME6nUEJjh9aZ1735orLA70fjmVixqNPbfiEcaHiEWbgl6SvCYjQ

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_Gjyod23gQ-4_TabVR72usrv289y1UVRUKlgPzzW91XbCME6nUEJjh9aZ1735orLA70fjmVixqNPbfiEcaHiEWbgl6SvCYjQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D8DB 0
12 B 31ms
27ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L655gOu0fV5iKd2xCZ9Keq5lU5QtNanzjRqtlHklH8QEI7GpGfDdIMQO6hCN8M16NNdVOG

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C653 22 KB
8 KB 20ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 503562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF90
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aa02lx8BkSJDvNJkhWoDzalXW241P19BXI-UT9dA2xlyVc5V7RqZIT-YdI5Cd-tcbwyft8nOE7Q-Ws-wk5HyeoZ3...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aa02lx8BkSJDvNJkhWoDzalXW241P19BXI-UT9dA2xlyVc5V7RqZIT-YdI5Cd-tcbwyft8nOE7Q-Ws-wk5HyeoZ3MuF5ImmK...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aa02lx8BkSJDvNJkhWoDzalXW241P19BXI-UT9dA2xlyVc5V7RqZIT-YdI5Cd-tcbwyft8nOE7Q-Ws-wk5HyeoZ3MuF5ImmK24MIzwA

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:52 GMT
Server: MT3 668 4401257 master hkg-pixel-x12 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aa02lx8BkSJDvNJkhWoDzalXW241P19BXI-UT9dA2xlyVc5V7RqZIT-YdI5Cd-tcbwyft8nOE7Q-Ws-wk5HyeoZ3MuF5ImmK24MIzwA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame AF90 43 B
582 B 180ms
174ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEDfJDE0h36XJwiNAfSgYleE&google_cver=1&google_push=Aa02lx_bU6qcRnaT74cwWDkntqyTZUHMbrZSyxNel3YO-sKTQvp9ChS4lYsAGcMVb1wh7TP3jxl0a66piMT8O7g8M42QBT1WLRv5Suk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_bU6qcRnaT74cwWDkntqyTZUHMbrZSyxNel3YO-sKTQvp9ChS4lYsAGcMVb1wh7TP3jxl0a66piMT8O7g8M42QBT1WLRv5Suk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7acdf1937f5d91fc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame AF90 70 B
264 B 50ms
42ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE9yAMIv1Tx4WXXMxuPHd-I&google_cver=1&google_push=Aa02lx_ra7KZp-rFbzjzlhP4-PMOfPRea0M_lpkl0tjBAHIX7BP7S_og5qsOHFiMxCN90wzKcAbjil0MS5MUpW3FDscW1W_sr6GnOj4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF90
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN6a_gmCWcBOl2esnfJt1LU&google_cver=1&google_push=Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc2...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc21LudBIh5Xrk&google_hm=bAJi1WUdQGK9jKR9-PZq...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc21LudBIh5Xrk&google_hm=bAJi1WUdQGK9jKR9-PZqAA==

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc21LudBIh5Xrk&google_hm=bAJi1WUdQGK9jKR9-PZqAA==
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF90
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAb8Q9KwLrbMjKGi3LXg0rs&google_cver=1&google_push=Aa02lx97DmHrjwPWvcnsgnAcQ_-6fesG-V8lhO3567RvxOGDEI3jVFkeKg6v2W4Uf6WwABaABfkOGFWtcfkpg-1qfUj0bBr...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx97DmHrjwPWvcnsgnAcQ_-6fesG-V8lhO3567RvxOGDEI3jVFkeKg6v2W4Uf6WwABaABfkOGFWtcfkpg-1qfUj0bBrZ67-XHV4&google_hm=eS1qRXY4OTUxRTJwRV9...

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx97DmHrjwPWvcnsgnAcQ_-6fesG-V8lhO3567RvxOGDEI3jVFkeKg6v2W4Uf6WwABaABfkOGFWtcfkpg-1qfUj0bBrZ67-XHV4&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 24 Mar 2023 09:38:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx97DmHrjwPWvcnsgnAcQ_-6fesG-V8lhO3567RvxOGDEI3jVFkeKg6v2W4Uf6WwABaABfkOGFWtcfkpg-1qfUj0bBrZ67-XHV4&google_hm=eS1qRXY4OTUxRTJwRV9XT3l3eXNhNHdtSnJJdHI5WmwucH5B
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame AF90 43 B
134 B 34ms
27ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEHGVJmssy5XMCvT-Xn0I73c&google_cver=1&google_push=Aa02lx90gH3OlJ0wZLupqdmjU4gl-RWwtMi9ug3aILzRbmeXMuSzEk7RSDeJ-JKv8EWYNZSep3IoygQRGzQ87wNbvRYaWaDRSZ6Qng
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: r851nelhrv7481ln6fcl1ulvom2tt1js

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF90
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEOD49LY57B9VelVgLclUJd0&google_cver=1&google_push=Aa02lx8eTitcctzHouBwGMLYd6prF9K3QgZ0aXegH6gyrm9FJ_BolwkEEhP4sCkUzTavIOOIPPnxJLfYaZaW...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8eTitcctzHouBwGMLYd6prF9K3QgZ0aXegH6gyrm9FJ_BolwkEEhP4sCkUzTavIOOIPPnxJLfYaZaWNTFteYk5wDf0H4KHnw4

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8eTitcctzHouBwGMLYd6prF9K3QgZ0aXegH6gyrm9FJ_BolwkEEhP4sCkUzTavIOOIPPnxJLfYaZaWNTFteYk5wDf0H4KHnw4

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8eTitcctzHouBwGMLYd6prF9K3QgZ0aXegH6gyrm9FJ_BolwkEEhP4sCkUzTavIOOIPPnxJLfYaZaWNTFteYk5wDf0H4KHnw4
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AF90 0
12 B 31ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lr7nCTLUr9kGP9CwLf9LLzrWMV7fYYHutX5zFO600M21mBj5ZOSaaMMzFNvijd978Qi7QR

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FF98 22 KB
8 KB 23ms
20ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 503562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 6550 0
103 B 46ms
41ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKDHwUub993Agos7UWxHjzA&google_cver=1&google_push=Aer7DvLwYYuT0XGr8YD15FCSIZOpc1cHaAzQq6m-F2tCf35xysSaP8itfa2fYt5_0xdBwjK-ghqVKq3J6qCqvzwuHsoVLc1pjBKqqw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6550
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvJC-5Aj0qyKXstmTJ-24mQZhH-6apMKUmjJZNsjt-kFy5tRwMj3qPdv1FllMWX4zFAUGzOe1Rly0VBztoE5...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvJC-5Aj0qyKXstmTJ-24mQZhH-6apMKUmjJZNsjt-kFy5tRwMj3qPdv1FllMWX4zFAUGzOe1Rly0VBztoE5HuTW_Ed3...

170 B
188 B

28ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvJC-5Aj0qyKXstmTJ-24mQZhH-6apMKUmjJZNsjt-kFy5tRwMj3qPdv1FllMWX4zFAUGzOe1Rly0VBztoE5HuTW_Ed340Hxsw

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:52 GMT
Server: MT3 668 4401257 master hkg-pixel-x26 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvJC-5Aj0qyKXstmTJ-24mQZhH-6apMKUmjJZNsjt-kFy5tRwMj3qPdv1FllMWX4zFAUGzOe1Rly0VBztoE5HuTW_Ed340Hxsw
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Mar 2023 09:38:51 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6550
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAyDDerd7e_nZqGZJF-13ZU&google_cver=1&google_push=Aer7DvLotCdm8fKBXgHAlGY1m9ZxNTRoh7XYFbSejSVkG1LRSuAyQPcY0BHTusC5vBwsiMV0TV4XAD3RLzP...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLotCdm8fKBXgHAlGY1m9ZxNTRoh7XYFbSejSVkG1LRSuAyQPcY0BHTusC5vBwsiMV0TV4XAD3RLzPa4LXd_Ni8G0n6s8a-&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLotCdm8fKBXgHAlGY1m9ZxNTRoh7XYFbSejSVkG1LRSuAyQPcY0BHTusC5vBwsiMV0TV4XAD3RLzPa4LXd_Ni8G0n6s8a-&google_hm=TjDaOKJuTvqAGTZN13OoA4Q

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvLotCdm8fKBXgHAlGY1m9ZxNTRoh7XYFbSejSVkG1LRSuAyQPcY0BHTusC5vBwsiMV0TV4XAD3RLzPa4LXd_Ni8G0n6s8a-&google_hm=TjDaOKJuTvqAGTZN13OoA4Q
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6550
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEC2lIsmqwdl9x-3Wgvc3MXM&google_cver=1&google_push=Aer7DvJJSSuPP7LzajnknDxFUPiIyiLn1dEU8ZjOtnFgEMjGjap6_FdJAXz5U-AoyGIqsKbfpOCjY13C-MH_yW...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvJJSSuPP7LzajnknDxFUPiIyiLn1dEU8ZjOtnFgEMjGjap6_FdJAXz5U-AoyGIqsKbfpOCjY13C-MH_yWHP1G...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvJJSSuPP7LzajnknDxFUPiIyiLn1dEU8ZjOtnFgEMjGjap6_FdJAXz5U-AoyGIqsKbfpOCjY13C-MH_yWHP1G_9VEMNCIQzfw

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxNDA0NDk0OTc3OTMxNDgzMg%3D%3D&google_push=Aer7DvJJSSuPP7LzajnknDxFUPiIyiLn1dEU8ZjOtnFgEMjGjap6_FdJAXz5U-AoyGIqsKbfpOCjY13C-MH_yWHP1G_9VEMNCIQzfw
Date: Fri, 24 Mar 2023 09:38:52 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 dds
rtb.openx.net/sync/ Frame 6550 43 B
134 B 32ms
28ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEHGVJmssy5XMCvT-Xn0I73c&google_cver=1&google_push=Aer7DvIwfVYyQSZ8tTL3mPaZKq-WGpLnB5C1sS7IUAscd8UwAhE86gVM0FgMFlGC9HI22bfR2sl1FJC4vLtxPJRRY_eiN5RtFOw6
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:51 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 7qgcdac87lhe7vqui2t9dliv67cd7dmq

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6550
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEKK9_U06XKWEO4r-g9VDB4&google_cver=1&google_push=Aer7DvI02aJlN-W1xlw-UFchmRPekInEQwlG0fi6x10vWnGYBVPrueXozfHUSYSh0K3MUo7OvVO...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GRzYtMjMtOEUzRg==&google_push=Aer7DvI02aJlN-W1xlw-UFchmRPekInEQwlG0fi6x10vWnGYBVPrueXozfHUSYSh0K3MUo7OvVOE5jFQ20bd-JhQFuu7xZDMpTbGZw

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GRzYtMjMtOEUzRg==&google_push=Aer7DvI02aJlN-W1xlw-UFchmRPekInEQwlG0fi6x10vWnGYBVPrueXozfHUSYSh0K3MUo7OvVOE5jFQ20bd-JhQFuu7xZDMpTbGZw

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZNQ09GRzYtMjMtOEUzRg==&google_push=Aer7DvI02aJlN-W1xlw-UFchmRPekInEQwlG0fi6x10vWnGYBVPrueXozfHUSYSh0K3MUo7OvVOE5jFQ20bd-JhQFuu7xZDMpTbGZw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
Expires: 0

GET
H2

200

report
sync.teads.tv/um/ Frame 6550
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkpqbh1BhEj4NPzRZX36SY&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvIyWz0N4rviTtvtNd5vIhFVQN2A2jtRXKcThg6JQcPnhnY0BvDAesu5YmwhBLa-uLbIVR6MrqV3S1p_Wpm3LcqzwHKbukTZF6U
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

53ms
53ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046726&pi=t.ma~as.2983625799&w=120&fwrn=16&format=120x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727808&bpp=1&bdt=348&idt=540&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8038977611362&frm=24&ife=3&pv=1&ga_vid=1496073742.1679650728&ga_sid=1679650728&ga_hid=1155798730&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3242248743&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44777877%2C31073358%2C31072977%2C31071264&oid=2&pvsid=2472897046058530&tmod=1264400961&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.aedzi5soaezk&fsb=1&dtd=546
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

expires: Fri, 24 Mar 2023 09:38:52 GMT
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6550 0
12 B 29ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JQ_Ph6JumDZMuTxlZLNECd-n7HeRoh_kI0S3HWaEp6xmpevfyGmeXNoo4xRFSoD5Jg2QfZuw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FA46 0
0 59ms
57ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuyfRCcBx51or2dNmB8D82NlQqp0k0-wh8oQeNS_BdhcYjC5WN9UEoF-TTbwrLXZrWY1-wBm6c_YdivAmFC40Q3d4gd2tuD-lbuEtgHYSsYZwLxdzBKgtbgmcTRfjaPLDIu1AAGaJQNj0NN0Qqp9A40x9T5opny6Q5J1wIcFnhYFRjjofT8MuAg-dhYZGPMerCfLrSt4m4WJewYdHoSDlJ2zPmJLt2JbTi3-xeM6UHGq1dgrfBlrbCpKSBHpd2QDZ1zBdCA4HXRzNoMRJ4IWko9UlNOXBuL2Y6iSYfeGCM2etXB4ELvqWjIRU13hLThqWdwCPx1CNaPLOzt-9yzjIi0uacrdDmzJWO4rWsjMmsPtz3BJ_ba-9KlqkQRElmj8QLZF_Ryv3nMqHnnQfq4689PlSNRpDHkFCFs6lhJS0dv_s6Qu6WHNuqztmCBrqgpxWv-xPfP_ndxdaKZJDteOBLP4jjAWMsIFJeS1Itd6HWUBiMTyL8Im6WBN8-CLMesHly6K8tvMrtflve4_nTawoPDXd46Rw0wd-hB15MM9SWFNZr0HV6we_x-kEIbcz-2DpRCTGZHwwIIfmHrU6TdG173_AcD-dPTPxTXEimKV2Rv7ubFPe1sl9WND8gBt0QLuV2e12vzkqQX6dTBWsjELCbndigVlPjpAY7Fm-r-0sFx5k3FzB1acSFFAGg5hqP6W9VQyqza-jPu1VqjBRVx20oPRDbCqyOCGDMUImrGTsmTQnJC0azbXh1BEkSFmg5vcgYdDfqAnQhEFkx0xKqQ-K8Oh8mGN64tMn1Q1eokavokOFRkfzdhIUudafnhjDLfoEApY8-LTp59IAuXSAyilYO8JpDpZf1lhCVn95Q-xk0wruRbCcfNNLQoFx--A-9HX5BZqMQoOS-oeYU1TBnjdMl1yy8yhp4TxC-IjNOfqlQa33IDLJvvvc2n2r3uh3iUdDTnNfrdieCVAOYXSrLxI_DEciDoKpZ73rra3-hEvVqVuMCeXgS9L7gQ3ulwt0D_8LHEidPVzXYduh3A-sMKCc95Drfw1_6i782rU_2PkFENzEHPgo562W8Zs4y6Miu_gQgFMgqso7EiL3ffkJXMI1yCGDhZyKf5Q8rVz8bZnYBtGzlDFCUao203gnbPAcJvOXoaBiMQ6f-0ZXMdPpkp3rdeFP8b5sADMs3dxrzeED-dsZI2LqzcaVngd0PIvpmRj6YLgTSE3ESKA4FY1NoJOYByATVOYjVczRD3IdEGrv74MmXd76DY00DQZPUB5OIjMUUO&sai=AMfl-YSnkQn9bx9QsGryVIvm603H75QV87V1hb6Mh3xn6CRR-4csZTWEYG9F-l8im9ypJCl9nEzYLhDgRdAc6jjIdJOH88HC6-264bATIHwGXtTdCR_XnWavlh5VZaIpBQfpcOZRPT7dVoS-0_6dJW6gWzj_sBsNDe-qJYqTL0XUi7AFk6_E6BzHUAxWqehuS7Lr_oygVg2voagT&sig=Cg0ArKJSzJtgN9knr6GtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2539&vt=11&dtpt=1581&dett=3&cstd=954&cisv=r20230322.03325&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 16 KB
16 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/bg.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9a23d88f403f067b61c3a941232a8870aa65dfba59f1fb9a25b13f955945a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16798
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 24 KB
24 KB 26ms
23ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/bubblespritesheettiny.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54ecfa572990e94acedaa3f98412b668277d09a314d645d0e4be182f3ae5a47c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24762
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 1 KB
1 KB 24ms
21ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/cta.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

429ddaa6caa654d32c92aa143ffa993ea429a69306b79cdf2a9cdf627d98577c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1080
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 hl_01.png
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 2 KB
2 KB 22ms
20ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/hl_01.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c992e625e6ad22d8ef0e4a6fbfe8c58567d0b84fdd24c976a2eaec51f23d185e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2445
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 hl_02.png
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 5 KB
5 KB 27ms
25ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/hl_02.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f653957a283b5264cf0177e78a1f913799cf97dc434b2bfc0640342266c6f5cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4883
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 label.png
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 2 KB
2 KB 28ms
26ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/label.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab0cc89ae31165e9476ff5136147b08ea2fb9546e2a0e6fe4c40672405bf064b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1995
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/15885202368631760502/ Frame 60D3 3 KB
3 KB 26ms
24ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15885202368631760502/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b5f54fa30def8f397c41c410dc05fbf229346c5cbbfc4e8366d25740d03de48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15885202368631760502/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 12:16:40 GMT
x-content-type-options: nosniff
age: 422532
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2927
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:17:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Mar 2024 12:16:40 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D934 0
0 57ms
56ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst567lh-jZF_E5EvbBs3FD-J6IAISm926NBaJ-pQ7dIHvJ3s8eq7xgHC2H-tzpdCjP7dlxI-GN718oGI6hIvw3MXncip-STm1dEnd1WzULNi-eAtL9PXMw78tGR--kvWOHaGHFOCyXGyTO2eps7lOVkentS409ePNBx8nZBpZQG79V2FmuGwu2fmMHhJS5hY5iaUiLP0qqRMIKMqgec8K1e8ZOGh0af8wNfvaeDCl_0Cy3dCzhRVAgdymLfk41SMHGlFkg3YJHnxOQumMSD8hVAZh_qvVruxgzf4feGCVa8MNOMNsmZvK6LALKBYtR8AGiJJssZ9R_5K3gr76xr1Ek96ee1VSQZxNsIlUcd65rdMnGUxZmetekL8cQPb-qCZk-whGODtddkl-M_qXyEYqz03X3Ogu7FB24fzgvyASRPUoZ5l-Zcx4piDyHExpLn93aAsyUGNQmu0wIeuDdpHLSS0o048-E02dya4B6mD9TJMOyWrE4KLARoF8Baa-uo0hJ0MwNJvIbv3kdguj9AU5SaFN0qq4ozxz6z5-bYBszmyM9aJTL1VyqIcs_ZrH7_PFmgCUEyx3A2Wcf2Y5EWhyM02Z_IjsYoCFBP44fEm2Bq1M3WIDNQ4_SeVteafDxTYQ3TS6lntODIRNAzj3wCECTexK1G-vSTPS-hj_Z2NuAGn9c0knnEXaL7_h1w9q9Ov8smwUF5TBLEGi0_HSsCCOIUXalB1jF8vdaR3sZCTEZJ_60DUYDnvVXzd-IbPi9n2VilSnZMROwHFAT92FfHK-j1pquhk_EQomkv0oEIP2HD_TUiLdCp1fJYs21cVknL4RC3m3N7MIkaaJSHkxO-ZIp9o27wx2L5yTQV4adEXtoLLnExRJFICnRtOejDby_Fp8wREZs8JfTr5WR76oTaK47N1lAQrT7nWr3JgBg-cQq3TyBqOs1SIdir0Z_2YUIN8MPqIDBZTSfad0fKayTCq7PP-mkeJNsL72IY7lwLPg1hu58-9-0DdWObY2oZ8JwVdMTBZRIlwk7BPTT0sl3J0NDaC_O6E1Hm3Dk0R9uX99RRQcbKU0WM-qKqCKsasTh3Hw24A8nZHPd5mauI8kZ8OLg8d2ZpOeCxjg9Mox-2bewaAQxjxnuktzpKEPX15tyWKT2ienGXunoOLjXGtqaJQgmvlkbWkcPqfYSHthrme6PG1MWQ0ielM6eC_DF7Fn9VQo_NV6w7MZ-jc_Z7CzN4I-0yKHQSEhy-GuwF1TtLZg&sai=AMfl-YQpZpQlF1TH9J6O0nKQ24l8bQWH6mTGP80xyYRZ4fD-eju1cXoB8EuZnEn0Fl4L2XVkcR1ZL6KJKI9wsr2xp2ljGwxNtxKPhQiNr9hq48-JFDkQMDIr-KGQw6YD42e7-uEdKK-Y3DTAh1GN1XbHyJICNA5_UaJDBlf69LN8EFTWJZD_IbZ1TT8Ia5PBs3yiozpvvDNAPo4A&sig=Cg0ArKJSzDrGVywsbAQ6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2055&vt=11&dtpt=1507&dett=3&cstd=546&cisv=r20230322.18736&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 110ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOPxm,pingTime:-2,time:1572,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:1552,bdZ:1600,beA:2194,beZ:2195,mfA:3234,cmA:3236,inA:3236,inZ:3241,prA:3241,prZ:3260,si:3265,poA:3266,poZ:3283,cmZ:3283,mfZ:3283,loA:3603,loZ:3605,ltA:3766,ltZ:3766,mdA:2196,mdZ:2236%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1572,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B527~0%5D,as:%5B527~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:1072,sinceFw:499,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B0B8 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSd4PtDFg-kwhvlC9wDKq73Z3JyZdqWnFo40NzWDnCGuQVON55WPtldBbjubclqm_EKTzlS376tbPHQ5stnFeRmnIaDtTjW1HGLXkthvTCFoLklG89sT89Bmxnbm8s4L-Lm3tBPQ&sai=AMfl-YR_RaLM3sjhfL4XQFQHsu25lxqd-rVQu7WIcpkPdJAjNalf72Mpc6AUbCX9do-fxbytFjEj9bnS_OmqX4fkZlytbYMKEzK4C6o&sig=Cg0ArKJSzHflBIwnDzWKEAE&cid=CAQSKQDUE5ymnagZUZn9FDqQ1IhK41ohmAwT3lHhLGdbN2ZixOUkUtbhhcdPGAE&id=lidar2&mcvt=1158&p=0,0,600,160&mtos=1158,1158,1158,1158,1158&tos=1158,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1570749283&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650728362&rpt=2629&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BAAE 43 B
215 B 104ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=98d03fd7-6b5d-bd01-3e63-487ce7b9676a&tv=%7Bc:7LOPzG,pingTime:-10,time:1602,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679650732271%7C%7C461750509d99bad072a38f340e56d056%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7C51c1d9b9baf4e40b8130b11b57b8358c%7C%7C8353f3421d51f07a2b8c6422d49f6869%7C%7Cad96c217c540699fb15a6f753672344d%7C%7Cfb2c47c66d70dc17f59c6d7cd83943eb%7C%7C0dd2df2b26e6f1ed39cccc2528d2cf3a%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=100&slotname=3597869317&adk=1751641075&adf=3173046723&pi=t.ma~as.3597869317&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727769&bpp=2&bdt=291&idt=557&shv=r20230322&mjsv=m202303200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8107698232765&frm=24&ife=3&pv=1&ga_vid=1997612131.1679650728&ga_sid=1679650728&ga_hid=213304324&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1640673469&scr_x=-12245933&scr_y=-12245933&eid=44777876%2C44759876%2C44759927%2C44759837%2C31071755%2C31073262%2C31073271%2C44787455%2C31071264&oid=2&pvsid=2106088535107919&tmod=702908790&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.e5rvhv8bfako&fsb=1&dtd=562
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FA46 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=b451a4c2-b371-a991-1dcb-74f5825978db&tv=%7Bc:7LOPAc,pingTime:-10,time:2004,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679650732304%7C%7Cde8eca27ba766bfb7af8e6475b576340%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7Cd33a9b85e789c344d583bbcfef834a70%7C%7C62121fcb2e333abc7d7c84733afc4ba0%7C%7C08547e9753138a5e20785f1dc7057040%7C%7Ce305128252a4bb3d23c9feed630f3298%7C%7C2f9b40464d38bad9c3821b2b1211c525%7C%7C1663701684,im:%7Bpci:%7Btdr:1763%7D%7D%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&format=300x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727693&bpp=1&bdt=247&idt=411&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1961097550752&rume=1&frm=24&ife=3&pv=1&ga_vid=381394354.1679650728&ga_sid=1679650728&ga_hid=1705104071&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1638650951&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C44777877%2C31073262%2C31073335%2C44786559%2C31071264%2C31061691%2C31061693&oid=2&pvsid=2349057996052770&tmod=1707720922&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3t0tqin4w8mi&fsb=1&dtd=416
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 27ms
26ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XHS8W3S0QP&gtm=45je33m0&_p=696086722&cid=1326326062.1679650727&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1679650727&sct=1&seg=0&dl=https%3A%2F%2Fwww.kesatu.co%2F&dt=Kesatu&en=promedia&ep.editor=Not%20Available&ep.editor_id=Not%20Available&ep.penulis=Not%20Available&ep.penulis_id=Not%20Available&ep.publish_date=Not%20Available&ep.source=Not%20Available&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XHS8W3S0QP&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 26ms
26ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-L9VSZP7GRD&gtm=45je33m0&_p=696086722&cid=1326326062.1679650727&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1679650727&sct=1&seg=0&dl=https%3A%2F%2Fwww.kesatu.co%2F&dt=Kesatu&en=kesatu&ep.editor=Not%20Available&ep.editor_id=Not%20Available&ep.penulis=Not%20Available&ep.penulis_id=Not%20Available&ep.publish_date=Not%20Available&ep.source=Not%20Available&ep.article_views=1&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L9VSZP7GRD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kesatu.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C48F 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=135737501720967&rc=
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/7366385085728666768/160x600/images/ Frame F3FC 137 KB
137 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/images/index_atlas_NP_1.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046727&pi=t.ma~as.6224032654&w=160&fwrn=16&format=160x600&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727832&bpp=2&bdt=377&idt=525&shv=r20230322&mjsv=m202303160101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=332749602947&frm=24&ife=3&pv=1&ga_vid=1149933380.1679650728&ga_sid=1679650728&ga_hid=921566453&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=4266015935&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C44777876%2C44786632%2C31072978%2C31071264%2C31071269&oid=2&pvsid=3305614213782006&tmod=229949435&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.5468eeuacj93&fsb=1&dtd=529

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deaa99b4c97db2882a4a4be0455e95191f1fdb750c34e215b1bc450cf55bb465

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7366385085728666768/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 21:49:33 GMT
x-content-type-options: nosniff
age: 215359
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140291
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 09:43:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Mar 2024 21:49:33 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B0B8 0
0 56ms
56ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDV77rGwyFg7zXuWUCn1EGdqa5xmZBuWt5L7n4OA7TFuPn73iYCuKRW_q0hWhufDDWQ4fqPIxb80zDH1JWk6_ME0dmf-KKjZD4SA6z18mZG62efrnqq8C1DSQZV6M1GwGxvyU7HKLa6CaqrgD_Jb1I0CNLEeZCfEfiS7Q0PhVYcms_M7ZUZTLAmBbheJyRsyc4pXmPO74IO8RWDpPll1EczeZdf2YsMWuc-knXaEymCWtUzLfPO1ml33FS8TgDx_A3DMwE_rGYF-3AhLkFsqesk1JDHqFe4o5cmca957hQcjsQVI16Jx4ZtdZ4FBL1O2TGZJVE6IqqRpuFDheCtiKnbI16cQJYLOIT6mOexMjs4HgJB4vVTfigbb1Y4QzpxIoXwD96lOTW6omsM3BIF6O0qh-SFq5e0P4fkU-n92Zg8IsXPGFbsdugGjO-d1LAoi_1d-V0k-L3ttfkIJHZ43W-OMZYQ-VDtb96ZG0_WCves-p9CJ99Yf4SPmsoWtMd7YzDsDItbplrKzHIo4dq7PMF75vSidh-QwU5GlMjKCPd_R0gmmjVbEEHDsVSFK79FmTJYU7CjZowEN0gJROLA7Fm-RH0cSs5sU3FzgQJ4Z7OYkg4c5kqOHFSa4D1ehQTzzQI9JomefaCWdaAGQU3Vv7t_7BBrsSxPXzWB29VrW3RMdE0t_jneM71EPh9uZsnMGr3gUQnQs3HnWFTXimoukeF3biTYiTGPIXSyngGgRyCwlK6ftEfBmiwwqSnBOFhYtDmXn93YyGws1ElmnPagLcdmHYWCITQd1kb0xUxWYHmJeIP-FMQV70UegGGJ2X7XGxkEtMsNUbRxHMJ1Yf5mB9NrsACI4GQ5DxxUQSLMfhXEO4rId7EjkU1lXMZregWx2ifZHNVWjt9Io1xgT0rT1yl6EYiYBXJyA-YvSCx9aLRb8DOfUsK9fWTxBunoNnrUVJhyG4aWXejRW7k7mHtcgK9vf0aCocKF2vUevXSKTbStEIUUoCQKmjzE9p0MI0R9NVYiXP_f-w6bd1cljCTlvwDTb8eQbRj941xRhmOvRrk5HzUtJSL96T16udf4ANUqw5FPNm_YTad2uXt8DEUsyjO4ke9nRvRhvA9o4yVfFta1d9MkgBYvo0em805G5OoAQjUapb8yc300KATFCR0dT50FFo_EUSGD8OSwzjU_kym_FVt87oMhdrYdVeKkReatmQ&sai=AMfl-YTR62RBqSJWZNGfnuQRCUQgUzQtlO0VH_SzP2CX8R6EvumpZ-jZ-ep9MKC6XY7Tc017_kQLoybuqbiQxSYxKPXllJK7R3dsId1K4OVnrz1Yrg6p21g3rWU49df02QVXKFwjpgrdNsiwd7WPxpZW3pPxr2V36uO3jEuYzUl6SSc-I4PMPmJtvyPqoXYwvuAVbxBvMLwTpjoX&sig=Cg0ArKJSzCLWkLxr6r6fEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2413&vt=11&dtpt=1324&dett=3&cstd=1084&cisv=r20230322.23365&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2779 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=1ac97e93-c9cd-dcda-a5e7-06c9907ef04d&tv=%7Bc:7LOPAZ,pingTime:-10,time:1754,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679650732353%7C%7C94b2ae096c890a78670c85626d7a611e%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7C46841c39ab0d554045e618cbc3dbf997%7C%7C8f3f79d1c8b8cda78e795be69412ab42%7C%7C4ed0f7f862203979810a2d1bc2b8c228%7C%7C57d03e0d1445f89baeed82939b13e5da%7C%7C9fc78a82ff0d0a461de424dff2e32107%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=3173046724&pi=t.ma~as.9060566096&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fwww.kesatu.co%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679650727750&bpp=2&bdt=277&idt=436&shv=r20230322&mjsv=m202303220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=753749785312&frm=24&ife=3&pv=1&ga_vid=1932068318.1679650728&ga_sid=1679650728&ga_hid=1405421900&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1638648813&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44777876%2C44759837%2C44759876%2C31073105%2C31073358%2C44786631%2C31071264&oid=2&pvsid=1182820626309950&tmod=29292195&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.da1h8f3azqx2&fsb=1&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2779 0
0 57ms
57ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstyUrQweXOS1FQqIP1KvYpG5DPkDQwH1JZgmm988kIJndLhpRgPNSnkpd4GDH3eVI-y8Qm5rUze1EAz4FSK4gHDlVKCZyHphTx_y-dvr7w8fuhLjXRjbi6WyOd3uWkCKBefw0o7TBrNiTbr7Ct1wxRGHRjGHwMopb3zg9Jx8blNki89xEDZqX7mgPdKkjSkvCz_arBkmXRHPudKJtbud5gdEExhOqaHgxHbTwPYdsbetRTzRZj4TAZaLF1d3qJtd3b50uNpkU9vw4hzmPrqxTJS10jJ4BCoyk4MPkUFJvAL-vH_sRWkYDROXbEfzj2Z86h7TzK0s6lSA4HLm5n4-l7adE7fTkzKDDCbfzLX7RzNUCS4DFJ0Li3cr_72k8REyg0sVVOWv4RtgvLVMn7wpoTllGPbpROntILOx5N-yhWDXeeMiwWam7UEXkl9phyIeazwDgZEfjEXQnhrxoeM-VUWwzlwSLi7A4mV71gQ9UfkSJvKgqqAZ8sowndkmeMqQxE9PF2PD5eexBwubIFkn4r1bAmljl5GNB7ZLZnfJVa4748na-bbR7FL6wlv3N74AecmWLUFycVBiTRPXibRQKoq31jvMFzXR60Zc0xcrFjqI-K1kuCdNoc3Oi3-oaRSzgCR8SV5b5hLH3KMjsU6mBNg3_lFop-wPknYBLXX7MqOZkeR709mQ8Mjrn0idgBXmcIQTzAXE6BlJ1MHFxZM1sGRu6EsdzjMxCsOdDSnemmDD9We5Jz6hu6mo814usLJoudClFpkr31jjodTIvinE4chAPLSabi0e8lPAbWerAgJWKENKqozSjJj6kpWN7O5Mf2HVbd0NVcYxlSXu_tPOR6-FBLd4na9BNb7Bo1-fVLLjEssEeMZA7br84c5tsDnyyQlSgyIsVu-CTMNuqoqWQoUS8uLDSYiUXmpPUjBQLpu1UA7e8kr4FEVeRTz6IyaBdvZBQXyeZJqaeTyKIWtMKAVKlxIc2sUfuaQAeeaWGzGVnDEQzdfKuUCWWW3HaUEysJQMC5H1eIfDF9tTVxmnryk2aWfchZ5EkpGUMcUhy8Sgsb05tewoMsTeJl_S7QEsQwQWswosWKKMI4SVboyOidJvN9AaSRZ6dwDF7oIUnPYptOSxugzSlrcz4l2SRbpWB9Bds8W3lpvFxTkEyeWP2lJ7ZdakHU7MoyMybWSlaU1Pei7ufkfZfdLMnbbcsE6m9QI_uz2m8MM7aeFhKYNCIGF_T-Er5oI7b58nrXd6TYwo0n_J6JMjWTo2Sf7pH6DPXrL2A&sai=AMfl-YT1DuXcsmsPumeoJH9-lh7rxqvFFXE10Zhbw9t0XwEszBEdlL9b5zyR8554DPn2yL2DxSPzptxTVLE3eur22L7IhJ1ZGzg_lWajVquIOCcFdcuNczkv4_uv-sZWW986Al-YMqVnwOF8bsuo0UOM-NAMd_M-iDv5IkuTrlJ60C9RDaH8HAAseOjYLJvgZOf6MWtpxJV9KGP1&sig=Cg0ArKJSzLV5MJwDjAQ_EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2351&vt=11&dtpt=1305&dett=3&cstd=1042&cisv=r20230322.12034&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B089 0
0 53ms
53ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=1012824931882618&rc=
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D934 42 B
64 B 61ms
60ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuQGuoGMPX4rV3SNFZwcsnFBnbvy5lnW4gOoFdsxkqikj9O3pbSPjgLc3fO1ZID3I8hLyUUXb0ETMwthBkxgTpJTxjtE8Lxcyfk_JabiY2TLOPfy8JTVaXetNRG-ESt0CpTkIKAZg&sai=AMfl-YTwI-FREE_ArR5VODfv6dvGsj1l9jGazZ8PCZcTqAA2xZyxO7rJwu18t-F_lgU5DqP4oEIVPiEKfUukKvTr_Xr-RmB-zl4Db8M&sig=Cg0ArKJSzPEDK1U54V8OEAE&cid=CAQSKQDUE5ymRcuvD5jFg3-U1xFrRWPsojFj9PVodXHDQTXKuEuz60XBzTi_GAE&id=lidar2&mcvt=1133&p=0,0,600,120&mtos=1133,1133,1133,1133,1133&tos=1133,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3046421175&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650728355&rpt=2775&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BAAE 0
0 57ms
56ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDHFwaf_5NF31L1QldxPNapt-g9xt1VWCLm_OdJBdNgrRqrGnivJYREavtUPPBIwQ5CBtSvxNp0xMg6tlErNoVJ4jLEEb073luJkTF14nyjX50MaC-vmjUUTLuUiXPbe73yo97PU7pJmCtEOj8_5oFbtPihy_jeqJy72qE-GCoGP0PtXtE_AiIBzFdhG2uRFiUwPQgy7dbIQkHGmEQzLyEb-xUggpYmpTtSBi3uW1L4cpdHwIz-GjLbO28wLH7k_2-USAgQuW0DlHqJZp1YJIpLlUX_CbGZXYtVcoWByHYR6wfbY8DuJCGQyKjN8TYHM-I66TIR-eMrDjZDS6glSqQbDJFExraojE6tULou2RH2HRClDiUazqfIfjt5ONyUW8FX2YWf6jl6apNpMS2nJpqutblLOsEBt-_7n9o-JPnZQsKV3Le9iE9Wpo2MiHUoFvI9ei8TxXrF-oFUs8YF-jMaH1RF9bVbW9f66Xqyn_5h_1o7ocoA8nJ9H1NOipR9mhHsSLrjV5fnF6GX9y1QlHiz4cRGnHE6MtjNwS_Exga5yDcaptbcAUKzH0NgvKTNlwyfadq9PBskAvIeC31CdovIsGJssbZWocJ4AYaA1he6rSGIsvP5gI4P1t2LQlODVni_U12Jl22fL5-vB5f58z5uy9fX9CrR-0AZOL4HuT7x-OIrmNig4mcxja41wBKEQD3kbFid52DvWGh9IMs4UEZuEuRQrmXtVrZAzp0QTMemIWxJAjZsxChAFWXTbcXwAnvixTJYwmBOEpR_aeiTWC9s45rVhvPinLftlEZCVvUrRCG9DMTnWh8tEPNJLNXs8zBHCUEMxDB3kTJRBiiOg_M48R2Dk7V9MwpexUL9YtVL7BGPahtn6KLNf2MnCpxXk39kqWTRhLXtwL0ExRbUZtokKLnIYN7Yq0OYDRpGS2touqI0h7TWE7Lpzp4bkxER1n3oxVqTIdzOaCqOPID5B49PVHl-tj7iBkGMvwvEFhXZN74URtSaJA4CV9DyVoZ-RpQOVnS7YFIpMEyMsTyQsiwtvTHSb29jRdn-RcGa3065-pJgA7B7tBtngeliMUZG551qhxdP6UxntBF5uJXohgOX4gkL2N17xxh_94OrczYBuvUc62wmCqoQhPlqG6ppXJZZiQvVSOymzgEJ6GBq5XR1qs3kg1iYIXaEuYegTPt4WN6-54oHIFzQrKVFWlLYlbn8C-HRhDRvCMi8CKntUkinCeBDTuFug6oLhelglJCEtQSRNoJPgvLbp9wCwC7&sai=AMfl-YQhAkJ5l4cnIXjxmdZJfE3vZ3eHD87yktOEMQiJ6KZ9ATWESGp3cyPElkl8kEc-on0GVqSR8WEEl0L9iugMrM9Vy47f_z6cWsTKXNzVKZzvNr17mgNpRui1e8sBvwMAHmuzcVk4lrjaej0HqTzolVAQ-RjAnq9w_ES9AYr6EMmuT31WBxB8TSzu5Vz0mEXWx661bKXkz1_r&sig=Cg0ArKJSzGz01dUl7VUMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2360&vt=11&dtpt=1256&dett=3&cstd=1101&cisv=r20230322.33365&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.kesatu.co
URL: https://www.kesatu.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B39B 13 KB
5 KB 20ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 31F8 783 B
535 B 29ms
28ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0b6655c72afc623a9d8fbd9fab55be2eab3a25f7ba68674d74ba75e95d7513ed

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Kd-89q028vag3bQE-4zApA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-Kd-89q028vag3bQE-4zApA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:52 GMT
expires: Fri, 24 Mar 2023 09:38:52 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 034C 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4E9F 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=4112785457605545&rc=
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AC1B 14 KB
11 KB 67ms
67ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7a7caeab92c66a56f8715685ea3ba987ccf3c0df8ebc99605346dc1d1ee7e1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11199
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C261 14 KB
11 KB 68ms
67ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d02d17794bb46a05736221749f8547f23c053e9b3c32f63c3d92bd32a0bb879d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11151
x-xss-protection: 0

POST
H/1.1 204
No Content bsevent.gif
rtbc-eu3.doubleverify.com/ Frame E0C0 0
234 B 62ms
20ms Ping
text/plain 34.149.12.213
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-eu3.doubleverify.com/bsevent.gif?flvr=0&impid=13e018072ea44d8c803897d8749b9565&vfdur=246&cbust=1679650732462720
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:52 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 03/23/2023 09:38:52

GET
H2 200 globalpassback_970x250.gif
cdn.besafe.global/ Frame E0C0 37 KB
37 KB 85ms
22ms Image
image/gif 2600:9000:2240:a200:8:455e:4a00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.besafe.global/globalpassback_970x250.gif
Requested by: Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:a200:8:455e:4a00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 496ed7d3eb868f74065c9c4f435b0d4afee4a9f37bc4934e7fbccffeff98d3cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 13:08:50 GMT
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 20:03:13 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 73803
etag: "9bb76ce5aa5d929a4f69f37b75f469f1"
x-amz-meta-sha256: 496ed7d3eb868f74065c9c4f435b0d4afee4a9f37bc4934e7fbccffeff98d3cf
content-type: image/gif
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 37581
x-amz-cf-id: eruLsoW6nUSr8cAJXsAdZ-tC8rILnYh2eqVJEA81uqmdkpC10_zC2w==
x-amz-meta-s3b-last-modified: 20220630T185152Z

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 1B87 6 KB
2 KB 20ms
19ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:34:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:49:35 GMT

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 1B87 2 KB
1 KB 25ms
23ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/cta_jetzt_buchen.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9f7ca92ac484587069e344faf7ecd9f82c53739d5008d5adcfafa7e705d9ba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:24:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 998
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 10:03:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:39:14 GMT

GET
H3 200 300x600_head_3.svg
s0.2mdn.net/creatives/assets/4780815/ Frame 1B87 7 KB
2 KB 24ms
22ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4780815/300x600_head_3.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1976ceaa3b49d5f7b6f20c1b67c9e3e537975ec1b00e20bc93450cee2d4a42cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2243
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 12:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:42:16 GMT

GET
H3 200 300x600_head_2.svg
s0.2mdn.net/creatives/assets/4780815/ Frame 1B87 22 KB
5 KB 23ms
21ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4780815/300x600_head_2.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d314ec3e0e81ea8b640b3b3f867e5eab4100cdf95ba1a6a06f584c079be27f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5223
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 12:59:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:42:16 GMT

GET
H3 200 300x600_head_1.svg
s0.2mdn.net/creatives/assets/4780815/ Frame 1B87 6 KB
2 KB 27ms
25ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4780815/300x600_head_1.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91bf712ac9d33df887d0d8a52a3d530a3084c62f3dc3f31106ff5bce9403fb7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1871
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 12:59:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:42:16 GMT

GET
H3 200 300x600_gradiant.svg
s0.2mdn.net/creatives/assets/4372121/ Frame 1B87 849 B
501 B 26ms
25ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4372121/300x600_gradiant.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

525f8d5d51c56e46c53bef4cc9951c7edb5e7ef9c2cd8dd92e4dbf4f43badd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:32:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 391
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 466
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 07:33:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:47:21 GMT

GET
H3 200 300x600_radiant.svg
s0.2mdn.net/creatives/assets/4372121/ Frame 1B87 4 KB
890 B 26ms
25ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4372121/300x600_radiant.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc92b5217945d9bdfab85fae10323da2bd6ca7700676e9a0bfe913e8f2fc36d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:32:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 855
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 07:33:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:47:39 GMT

GET
H3 200 300x600_kv_3.jpg
s0.2mdn.net/creatives/assets/4780815/ Frame 1B87 119 KB
119 KB 27ms
26ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4780815/300x600_kv_3.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d150dc5d191310b098201644270389f0d6ba052fa1a4fdb5c722c4006295e90a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:27:16 GMT
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121367
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 12:59:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:42:16 GMT

GET
H3 200 300x600_kv_2.jpg
s0.2mdn.net/creatives/assets/4780815/ Frame 1B87 78 KB
78 KB 28ms
26ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4780815/300x600_kv_2.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45307094a7f2c83f8a910acd1010f5684a2da608ce330a3697a3df654da97470

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:27:16 GMT
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80032
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 12:59:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:42:16 GMT

GET
H3 200 300x600_kv_1.jpg
s0.2mdn.net/creatives/assets/4780815/ Frame 1B87 71 KB
71 KB 27ms
25ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4780815/300x600_kv_1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9482bbd280c459e89e68a99ac50594ee4331a6c35d6f25b64513b840eeb6818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18152685472987497224/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:27:16 GMT
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73058
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 12:59:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 09:42:16 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 03C5 36 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 64B5 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=4439608642517411&rc=
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame E054 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A8F 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 808C 36 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 77B8 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame C653 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame FF98 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4606 15 KB
11 KB 67ms
66ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

678916200d52ae723869e4a72480288263ce1995ba28750d3151abddbd2aca13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11223
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9454 1 KB
649 B 19ms
18ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84772
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 10:06:00 GMT
etag: 48472445140208031
expires: Fri, 24 Mar 2023 10:06:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4E52 15 KB
11 KB 67ms
67ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b7ffcd06803d873ba5781bd7d67012660baea655d54265cc2b51d70b7b4d402

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11253
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AC1B 17 KB
6 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C261 17 KB
6 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
DATA 200
OK truncated
/ Frame E0C0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 20c33ee04124a5737fb788a23c696f8f416d1a5e698f0d546a57bfddf0740022

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 38D0 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame 4106 1 KB
1 KB 61ms
60ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1846fb88554d3180cffa9c58ccc65f3cc9f0590b92c594761ff3823cde5eaa55

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4RBsSbmOKaKAb%2BOT0AG%2Fwf5Wuj2%2BSIszm%2FPtjh9POf%2BOriNimSEUmez20Tjs6NGdnIeX5JXc%2BwbY1irABSGH%2FrSKqhH7g%2F00jBWLwwrdV%2FtoSd6Cl84d01wiOHoLhxEOaYKkxw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7acdf1979eda37d7-FRA
x-backend-server: aa-reachservice-group-europe-west1-cf1k
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 65ms
41ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7acdf1974e6937d7-FRA
content-length: 24
content-type: text/plain
date: Fri, 24 Mar 2023 09:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbQuRrQob7injbnR7g%2BQzYA%2FJdRNyrpg6wiVmt%2BfZa%2BLJ6VUB9PZlybfN2riH5DTcImT7Z12xo2RgImLNRiD7DpqV1nSqYEUC0DsFCWbHFYyqjbffcvK98fpxnsZzsV6l5yBLio%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-cf1k

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AB5A 15 KB
11 KB 68ms
67ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36e269daaa233a8fc7de945a0c3c1a6218809d5269e2eb45a37c9fe3988a584e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11304
x-xss-protection: 0

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame FA46 62 KB
23 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

855dfbae42eb6ae7faaa629932dad117408a1dbc5d5639295cbddbe201fd7503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:12:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1611
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23701
x-xss-protection: 0
server: cafe
etag: 7854693023074191513
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 24 Mar 2023 10:12:01 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 105ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOPFY,pingTime:-10,time:2106,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679650732271%7C%7C461750509d99bad072a38f340e56d056%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7C51c1d9b9baf4e40b8130b11b57b8358c%7C%7C8353f3421d51f07a2b8c6422d49f6869%7C%7Cad96c217c540699fb15a6f753672344d%7C%7Cfb2c47c66d70dc17f59c6d7cd83943eb%7C%7C0dd2df2b26e6f1ed39cccc2528d2cf3a%7C%7C1663701684,im:%7Bpci:%7Btdr:714%7D,imprf:%7Bttecl:2512,ecd:367,tsecr:431%7D%7D,sca:%7Bspg:98d03fd7-6b5d-bd01-3e63-487ce7b9676a%7D%7D
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 28FD 36 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4606 17 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4E52 17 KB
6 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 31F8 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=2284349887114769&rc=
Requested by: Host: www.kesatu.co
URL: https://www.kesatu.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AB5A 17 KB
6 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9454 35 B
465 B 71ms
19ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECs6bzlYmVA-1rbdh-jeCOU&google_cver=1&google_push=Aer7DvJRSjQu5WIOtZEaKmdzga9nNEbvIWaLkouJ7weRsv8PcjggY5sT9Kj_dxgXTNfmFBgtz_NxBEwBRR41SDGmSmwLdiMGipQ

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJWWaAzbUumCl_WaTzEH5KM&google_cver=1&google_push=Aer7DvKm6WsFPXl6V9X3UcYNZcnZoo8uMTcRquy-1_Wcq8AknLB3zZ9DdMzaKqiX6uPnmqswyoKu5-bn40afXuYG...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKm6WsFPXl6V9X3UcYNZcnZoo8uMTcRquy-1_Wcq8AknLB3zZ9DdMzaKqiX6uPnmqswyoKu5-bn40afXuYGVsyP3NPzaOM

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKm6WsFPXl6V9X3UcYNZcnZoo8uMTcRquy-1_Wcq8AknLB3zZ9DdMzaKqiX6uPnmqswyoKu5-bn40afXuYGVsyP3NPzaOM

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 24 Mar 2023 09:38:53 GMT
Server: MT3 668 4401257 master hkg-pixel-x24 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=8VJkHW-qQACSDWuhgnXEig&google_push=Aer7DvKm6WsFPXl6V9X3UcYNZcnZoo8uMTcRquy-1_Wcq8AknLB3zZ9DdMzaKqiX6uPnmqswyoKu5-bn40afXuYGVsyP3NPzaOM
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 24 Mar 2023 09:38:52 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkIxdnFRQUFDWjNUeFFCYQ==&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_cver=1&google_push=Aer7DvJfXtaPNWCI0ALmYJ-T_UF3gKLexP...

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkIxdnFRQUFDWjNUeFFCYQ==&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_cver=1&google_push=Aer7DvJfXtaPNWCI0ALmYJ-T_UF3gKLexPx-UorzK4_VrUcmgQxLaeOZ0xzB-b7sOo_KS9pr_0a5p9PZPcl0mCEA50kF4cJ6-0Y

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220047-HHN
pragma: no-cache
date: Fri, 24 Mar 2023 09:38:52 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1679650733.946972,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkIxdnFRQUFDWjNUeFFCYQ==&google_gid=CAESEPF7aaDUW2wwDgvLTqf4wlA&google_cver=1&google_push=Aer7DvJfXtaPNWCI0ALmYJ-T_UF3gKLexPx-UorzK4_VrUcmgQxLaeOZ0xzB-b7sOo_KS9pr_0a5p9PZPcl0mCEA50kF4cJ6-0Y
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aer7DvIcy440L-JLY1WAZVhnpxayOwljsSRZD...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aer7DvIcy440L-JLY1WAZVhnpxayOwljsSRZDGPQLq8_OItOJPw58s_yR5_Gp-ROr3I9iZN4CL7KtrY5s6yeA5yOtHhmrXTsTg

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:53 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESED_NHEXoYRD2xNh7e5EB4Yo&google_hm=ZB1vqY6fF6Ka1E8m03Ft1AAAFGgAAAAB&google_nid=index&google_push=Aer7DvIcy440L-JLY1WAZVhnpxayOwljsSRZDGPQLq8_OItOJPw58s_yR5_Gp-ROr3I9iZN4CL7KtrY5s6yeA5yOtHhmrXTsTg
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJ...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc&redir=https%3A%2F%2Fcm.g.double...
https://sync.targeting.unrulymedia.com/csync/RX-7deeafd8-813b-4aa6-bd91-42d24a98d521-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAer7DvJ3BzHXoFYiDYQahT-de...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc&google_hm=A33ur9iBO0qmvZFC0kqY1SE

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc&google_hm=A33ur9iBO0qmvZFC0kqY1SE

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aer7DvJ3BzHXoFYiDYQahT-deX-vzDp8Q92CgAJfFYvEi1X3J4CANgnb_XpKsiwVnXwZ8TK1xgoYEiOhepFObUKnT94j1oPzYcc&google_hm=A33ur9iBO0qmvZFC0kqY1SE
date: Fri, 24 Mar 2023 09:38:53 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX7deeafd8813b4aa6bd9142d24a98d521003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEH_rhF0r8Vwzt-QC7kDtfqw&google_cver=1&google_push=Aer7DvLpQa9c7AKDZNjMlHyg37kIhc2to-Y7Zh7vkr8FnBCCT8Tggf8006TrLRNiYpE45zhTHIPKnEDv6DVKW0zQbDXykq2kDII
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLpQa9c7AKDZNjMlHyg37kIhc2to-Y7Zh7vkr8FnBCCT8Tggf80...

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLpQa9c7AKDZNjMlHyg37kIhc2to-Y7Zh7vkr8FnBCCT8Tggf8006TrLRNiYpE45zhTHIPKnEDv6DVKW0zQbDXykq2kDII

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzUxMDc2ODc1NTAxNTIwMTY1MzczNw%3D%3D&google_push=Aer7DvLpQa9c7AKDZNjMlHyg37kIhc2to-Y7Zh7vkr8FnBCCT8Tggf8006TrLRNiYpE45zhTHIPKnEDv6DVKW0zQbDXykq2kDII
date: Fri, 24 Mar 2023 09:38:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame 9454
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEOD49LY57B9VelVgLclUJd0&google_cver=1&google_push=Aer7DvLjUGcggxamcZt40DgEQ-7-s_wcXLXH3DzJtNhQ2oOqlrl6K3mfgwb-iLM7Jbsb5GZR9TafEt7vhv4...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvLjUGcggxamcZt40DgEQ-7-s_wcXLXH3DzJtNhQ2oOqlrl6K3mfgwb-iLM7Jbsb5GZR9TafEt7vhv4QTUhQEQ2dWk7WuTK_
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

19ms
19ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9454 0
12 B 28ms
27ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JqDKP5LO_PZoVBvvi_ZxYJbGQRn9JXDyRIqSQKtOclOSODyXvKhfUR5ZGEm8b6JjvsrxAXRw

Requested by

Host: aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
URL: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 74ms
74ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023032101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60759cd5541a8ed1fb36b5d9c7c9816bc8eb86da956171a6d85d5551d7d26f3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11119
x-xss-protection: 0

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 469F 3 KB
3 KB 43ms
41ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a03c0567e6f775a5af1bd8a040f51a5ab158897effae219fe52579ad9146b16

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1k6fpk73kj5v8ksta3h514zn1rb9wf3r7vvmpe3726yvqbjs411r24vxmwx8fan88kym4hs7ty1q5m9nfapqnm662b5630z9144hyq8cr0a1x8p7hg27kjwpktk5nxm75y6rbxkpx7gej9eqqgb5a63g9vyn8c9pp2355k00g8f2dw9fs9ajk9cs45desmqqgc0bj0j9cvbzs2ddx8cvfqepp70sfm46xrexgnkf7smdnraczzjj9q5xbqx1prea9df57tgxkxp9p0xvbr8q2wmmxy7va35n1v7pw024p40s2zrcr7z74kpzf66mdgs336zgwcpb5yy8aa37cc6axtrx5qh7538p5r110tsxr5r938nav4744he4qa7yg46j3qxr7eyr1ysrgja0rwjbqtd8ejpnqwaqhcvvdyqzhtsz9442fa088222gsbhkthpmsef7bkc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%26client%3Dca-pub-8400307307701650%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7acdf198ff902bdc-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:52 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3612 13 KB
5 KB 21ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 07A4 783 B
534 B 29ms
28ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e8a3cada7bfe4b7a40e97b3893f5acc30daf5ee8f56b4a65aa391e2cfb2c4b5e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ayfPRSbX3h4c5ERyIeVtJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-ayfPRSbX3h4c5ERyIeVtJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:53 GMT
expires: Fri, 24 Mar 2023 09:38:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8D46 13 KB
5 KB 27ms
22ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F237 783 B
535 B 32ms
28ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4e8b5a3e2ad9f9b29e5b8cb514f4f7d0ae61997b94258cd986e60384a8b2a3eb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Lo_2ZO8LiF6SKgrbXMjRtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-Lo_2ZO8LiF6SKgrbXMjRtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:53 GMT
expires: Fri, 24 Mar 2023 09:38:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame B39B 36 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.35/one-ad/ Frame 469F 94 KB
12 KB 37ms
36ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.35/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 926a4ca073c39c40cabffbf1b0371803f245f084cdb9177fc7b3f9d81c0e394d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1677666448
age: 774321
cf-polished: origSize=96968
x-guploader-uploadid: ADPycduxnnyMRJTFaD4Dg7Hd8aRn6xTYu1PRy7TXWWh0GjCBxwAMZMkehaNAf-UCycuwqnGLPQWuj1EZCp5aL6ZRZOMYGSoR-sy7
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 01 Mar 2023 10:28:06 GMT
server: cloudflare
etag: W/"6110dc3a24c902508647a582294bcc25"
vary: Accept-Encoding
x-goog-generation: 1677666486645030
content-type: text/css
x-goog-hash: crc32c=6qzuyQ==, md5=YRDcOiTJAlCGR6WCKUvMJQ==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bmVl%2BSZfpGKOBNIGLrC0Ij1L%2FgoDhFiYFluEET90Y5Wdx%2B0ZsR1u0waj2qUPMV4lqCjElcxrTov92m15f03m7xKcsQMTPP7AqDnpObfz51C05T2pPhKsahWp%2Fc%2Fgau5ofgs1Ot8UZQw%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 96968
cf-ray: 7acdf199f8db2bdc-FRA
expires: Fri, 24 Mar 2023 10:38:53 GMT

GET
H2 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame 469F 2 KB
3 KB 49ms
29ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 976224
cf-polished: origFmt=png, origSize=9357
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2330
cf-bgj: imgq:85,h2pri
last-modified: Thu, 08 Apr 2021 14:26:03 GMT
server: cloudflare
etag: "8cc161b392f5744da5319a4da549b763"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OF1j8ElnPsGwp5oleK8VU4L3Diwrp9qKQzcb6zOl%2FdRN3sVXDcx9R%2Bfc%2BAZdeLvmsb5MJKcYsp0ZC%2BfeWsrYYq6xGDuxTGZbUKtoj4PAD0y9agFNj7H5%2BV8BR2MZnMTihksjqt512NyFZ3lA"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7acdf19a1f2f9b7d-FRA
expires: Sat, 25 Mar 2023 09:38:53 GMT

GET
H3 200 B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
assets.ad4m.at/product_image/ Frame 469F 339 KB
340 KB 29ms
28ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42e8de9192dee3b3ee8a7529c5883dac20b868000168362d9f287125c95e18a8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2512122
cf-polished: origFmt=png, origSize=563367
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 347098
cf-bgj: imgq:85,h2pri
last-modified: Fri, 09 Apr 2021 07:22:09 GMT
server: cloudflare
etag: "ff5ac113643d20bec15acfffe32cb75e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCiOKTz58DPh9S0XVkzbMK3Nn92y1uaDJDjE7%2F7nEqJjuKoO7qmCOdvH7b%2F2tBnP1uJep9qUS9ihuyKMlok6QCE4Sj3HupqM%2BQD%2B2cshz%2Fhe3PPHwoqjLRuEMHs4OtD9wcmvaxd03XMEO5gr"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7acdf19aa9ce2bdc-FRA
expires: Sat, 25 Mar 2023 09:38:53 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 469F 43 B
702 B 158ms
72ms Image
image/gif 104.74.228.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidJMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eYoneid__suite_Netmix_Reach121_BESTPERFORMER&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M&c=300&d=50&e=&g=a699dee261f9b83c8e0b5a9d6dea42ed%2F765390213108520129&i=29981&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1679650732768&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k4znv3zy7cp4qnxqd8frzayeghgr7v8crkwh8xw1nsk0sm139c3gbcma5163szs88snnd9x7tcrsqy8fqs4m1dcvjh9gp3hdzx06njeqb5pysn3b575542vwyjhxqm9z9pet0q9hmz3mh34bzafrbq2e039820y8n7xbdkyhdsxfpvb6hcvbtft1pa1c8bt9mxvdqytgsdrb9ywyh90p870m3qf53s5svwavcm2m1nnnkpswdgekmnbfhmqyrqcgn79x5ar0bqr53z4h36qae68%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCTaFzqG8dZMjMIvWoiQbmhangCJDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTg0MDAzMDczMDc3MDE2NTDIAQmpAmETGLF9KbI-qAMBqgS_AU_Q1kI_a_ITwPVCB2udEz48HgxbxAAAnS-3G8YTBow5z7KiAtjLhqpfDRvwUaacvPKfyZ5seU62sHXeeNMUUPhaWbs50o3AKGDdlk-L-y63lk1_r31-3Sc9RVJca8L4qBChklLChTL-xoCMBHiL8nJtaRCCZ_AdU4ZLH2-vJGT7zk2yU74sHMF6hH8XvHAOQixb7D379ypK96MNB9o6FPj9NEfpkiXOIhva6rsmSrUyazldCD3HlYQmsyBmimHogAaalv6x-5b39cgBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3yef0DD48opNwySfOeYHDJVekSHw%2526client%253Dca-pub-8400307307701650%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.74.228.51 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-228-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 24 Mar 2023 09:38:53 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 24 Mar 2023 09:38:53 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6E1C 13 KB
5 KB 21ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6C4A 783 B
535 B 29ms
28ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bf03ea29acf0fb29f1e4bd2ed2376b49ff6277fcab56101348dec89ce647b47a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A1tS2pi2_uDFCZdGJb5FRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-A1tS2pi2_uDFCZdGJb5FRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:53 GMT
expires: Fri, 24 Mar 2023 09:38:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9D97 13 KB
5 KB 20ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4F0D 783 B
535 B 45ms
43ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2119c260f5cee59b47c698cce4b2e1d1efec703b2220c7c3e706a98b742cce4f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tM6Bhg5xkamJ0J3TDdw2jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-tM6Bhg5xkamJ0J3TDdw2jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:53 GMT
expires: Fri, 24 Mar 2023 09:38:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 2725565572.jpg
assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2023/02/16/ 60 KB
60 KB 21ms
20ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2023/02/16/2725565572.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4fa1d10768285f2511128db43d6987ff3489e5f153d0240087b0d7fd6d449a31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 22:09:18 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2806175
etag: "4746c030bf1bc3e01e4c8b7399ceffff26084f21"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 61248
x-amz-cf-id: r3ZFkHj8EYSSN0XVr2IPHxtkiqxE9z4g0nJx4Wwwf92FeUaAQKUpUA==
expires: Mon, 19 Feb 2024 22:09:18 GMT

GET
H2 200 818094105.jpg
assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2022/12/20/ 54 KB
55 KB 26ms
25ms Image
image/webp 18.66.147.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ayobandung.com/crop/0x0:0x0/740x444/webp/photo/2022/12/20/818094105.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-6.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: cbf9a09bcd7d12cff052816f5d4367f431634dc1aa767911e1c708a4c38749a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:33:23 GMT
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 2509530
etag: "b0ff2e729aa17c477cde3c394deb49b6fd05755f"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/webp
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=31536000
content-length: 55576
x-amz-cf-id: LfI8JzjUkhSNowg2avPCdMlpMvquMX_TeoilgnLXwC0K5pzW3obXVw==
expires: Fri, 23 Feb 2024 08:33:23 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame FA46 0
234 B 235ms
96ms Ping
image/gif 2a00:1450:4017:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lfmcog91&chm=1&ctx=2&gqid=qG8dZJzTB6yh9u8PqsypsA8&qqid=CKSC_sei9P0CFQd1GQodYTgOsw&met.4=fb.fl~lb.1td~cmrload.2ht~ol.3gi~bdt.-ig~bpp.-bk~idt.-6~dtd.-1~dt.-bl&met.3=733.1tg~748.1tx~749.1ty~742.1tg_n~736.1um_1~735.1w5_1~739.27f~734.2vv_2~374.2zz~735.32u_1~738.3gi~113.3vc_6~112.3vb_8&met.1=1.lfmcocdq~6.1~7.1~8.1~9.1~10.1~12.2~13.9u~14.9v~15.bu~16.27e~17.27e~18.27f~19.3gh~20.3gi~21.3gi~22.1ur~23.1ur&met.7=CAUQCBgBMOMCOIIjaAJw4gJ44E-AAbRNiAG9rgGwAQG4AQM~CBwQBhgBILYDKLYDMOsDODZotgNw6gN41gKAASqIASqwAQG4AQM~CBwQBhgBILYDKLYDMOsDODVotwNw6wN4rAKwAQG4AQM~CBwQChgBILYDKLYDMIoFONMBaLMEcPYEeLfdAYABi9sBiAGp7gSwAQG4AQM~CB4QChgBILYDKLYDMMgEOJIBaLQEcMcEeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBILYDKLYDMMcEOJEBaLMEcMYEeN9FgAGzQ4gB9aIBsAEBuAED~CBsQBhgBILYDKLYDMP0EOMYB~CE0QChgBILYDKLYDMKcFOPABaLQEcJEFeLCFA4ABhIMDiAGZ8QmwAQG4AQM~CCgQBRgBILUEKLUEMI0FOFhovwRw_gR4igSAAd4BiAHwBLABAbgBAw~CBwQARgBIMIHKMIHMPgHODVowwdw9wd4rAKwAQG4AQM~CBwQARgBIMYHKMYHMPwHODZoyAdw-wd4rAKwAQG4AQM~CCgQChgBIMsHKMsHMJIIOEdozAdwjQh4g6wCgAHXqQKIAYj3BbABAbgBAw~CBsQCiCWCzj2AQ~CCkQChgBIJcLKJcLMPYLOF5AmAtInwtQnwtYzAtgsQtozQtw4wt4nKoCgAHwpwKIAavOBrABAbgBAw~CBwQChgBIJkLKJkLMK0LOBRomQtwrAt4vyKAAZMgiAGjVrABAbgBAw~CAkQChgBIJ0LKJ0LMLMLOBZooAtwswt4kFiAAeRViAHZ4gGwAQG4AQM~CBsQCiCxETiHAg~CCcQChgBIKsSKKsSML8SOBRorBJwvhJ4k3mAAed2iAGKxQKwAQG4AQM~CBwQBRgBIK4SKK4SMMUSOBdoshJwxBJ4lgeAAeoEiAGWCbABAbgBAw~CB8QBRgBINcSKNcSMJ0TOEZQ2RJYgBNg2hJogBNwkxN4-7wBgAHPugGIAe_dCLABAbgBAw~CCIQBBgBINkSKNkSMO8TOJYBQNsSSPYSUPYSWKMTYIcTaKwTcO4TeKwCsAEBuAED~CBsQBiCDEzj_Ag~CBsQBiCJEzj4Ag~CBsQBiD-FDiCAQ~CCcQBRgBILYcKLYcMMscOBVotxxwyhx490OAActBiAHqsgGwAQG4AQM~CCAQBBgBIJ0dKJ0dMNwdOD5onh1w2x141gKAASqIASqwAQG4AQM~CCIQBBgBIIcfKIcfMMMfOD1oiR9wwx94rAKwAQG4AQM~CBsQBiDpIDhq~CCgQChgBIMgjKMgjMN8jOBdoyCNw2yN4wbsBgAGVuQGIAeDxA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4017:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EF4D 13 KB
5 KB 20ms
18ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1D97 783 B
533 B 32ms
30ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b18c459f46362ceba3c1f0848d33081a4fc6b27422e0eaa80ff77bf70298cfa3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rnvyl2BHFkroOPDyingfqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-rnvyl2BHFkroOPDyingfqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:53 GMT
expires: Fri, 24 Mar 2023 09:38:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2779 43 B
215 B 120ms
120ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=1ac97e93-c9cd-dcda-a5e7-06c9907ef04d&tv=%7Bc:7LOPTv,time:2902,type:e,im:%7Bpci:%7Btdr:1749%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:2902,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2896~0%5D,as:%5B1148~0.0,1748~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:305,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162.1351698-69475176%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192*.1333404-69076800%7C1921%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:192*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:36,sis:1370%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: nginx
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5682 13 KB
5 KB 29ms
27ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 06:49:40 GMT
expires: Sat, 23 Mar 2024 06:49:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0899 783 B
534 B 35ms
34ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

35c97d0423fe763e16e4b41a769b3e02a29521377ed55781a96a5776e02e4a3b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-V9S_hQBigzuqavmIERwDuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.kesatu.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-V9S_hQBigzuqavmIERwDuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 09:38:53 GMT
expires: Fri, 24 Mar 2023 09:38:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BAAE 43 B
215 B 124ms
108ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=98d03fd7-6b5d-bd01-3e63-487ce7b9676a&tv=%7Bc:7LOPUt,time:2891,type:e,im:%7Bpci:%7Btdr:1710%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:2891,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.320.100,am:sp,cc:0.0.320.100,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2883~0%5D,as:%5B1161~0.0,1722~320.100%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:290,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162.1351698-69475176%7C1621%7C171%7C1721%7C1722%7C181%7C1821%7C1822%7C1823%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1a1%7C1a2*.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i1%7C1j1,idMap:1a2*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:27,sis:1319%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0B8 0
28 B 56ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2200041717465&version=m202301230201&ct=76&x=1&cor=1650744365359390200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D934 0
28 B 54ms
53ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1477045905366&version=m202301230201&ct=76&x=1&cor=17678322049815730000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 07A4 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=3305614213782006&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FA46 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=b451a4c2-b371-a991-1dcb-74f5825978db&tv=%7Bc:7LOPWR,pingTime:1,time:3409,type:p,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:33%7D,%7Br:r,w:300,h:600,t:243%7D,%7Bpiv:86,vs:i,r:,t:2179%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1230,o:2179,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B2171~0,1~75%5D,as:%5B235~0.0,1937~300.600%5D%7D%7D,%7Bsl:i,t:2179,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:86,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1229~75%5D,as:%5B1229~300.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:287,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152*.1333404-69076802%7C1521%7C161%7C162.1351698-69475176%7C1621%7C171%7C1721%7C181%7C1821%7C1822%7C1823%7C191%7C192.1333404-69076800%7C1921%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1c1%7C1c211%7C1c212%7C1d1%7C1d21%7C1d22%7C1e1%7C1f%7C1g%7C1h1%7C1h2%7C1i1%7C1j1,idMap:152*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:35,sis:1221%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F237 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=2472897046058530&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 77B8 0
12 B 19ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZL2bng
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:53 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6C4A 0
0 53ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=2106088535107919&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAAE 0
28 B 53ms
53ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2058348752447&version=m202301230201&ct=76&x=1&cor=3446042989077842400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA46 0
28 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6559340461057&version=m202301230201&ct=76&x=1&cor=4360082974317013500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2779 0
28 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9901657008405&version=m202301230201&ct=76&x=1&cor=10710016312983839000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 03C5 0
12 B 19ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?SLGD9Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4F0D 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=2349057996052770&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 3612 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1D97 0
0 52ms
52ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=1182820626309950&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E0C0 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuc2r5Y7BBIKtN4JG3u_eBzB81EYCTot5Omi3BaDQCKr9vOjckbCXEG9Xxnmf9I9vj2Q2m4iN2C34Y-GXs-fXvWicsfdIWNCBRTg1GlQ3Zoo-4RsyJDRSAunNBA&sai=AMfl-YSZvcFrPqFjHy8MGI2i8lkYrl_YYyeC4aXsdKw6GCnqnwOKG32WPFKMtklzRNjRhjJNqtqGVBayCr-Pw_jSFfVWod6zVagYcsS4IVpmxpyc3AM3ezOX5Ux_Q9kG&sig=Cg0ArKJSzJsRW9sci_6EEAE&cid=CAQSPADUE5ymr8pFk6Yz_-wUKKqERjjL2u3IXxRakoJiTiLbtZVhhwClMhz15ZruqM7T2qk-DXaiuBPqZwmBZRgB&id=lidar2&mcvt=1376&p=138,315,392,1285&mtos=0,1376,1376,1376,1376&tos=0,1376,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=2029924326&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679650729517&rpt=3168&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0C0 0
28 B 52ms
52ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8602216624694&version=m202301230201&ct=77&x=1&cor=17528183328642312000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 8D46 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 28FD 0
12 B 18ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?CzL1Pg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E1C 36 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 38D0 0
12 B 18ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?nnYsew
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 104ms
103ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOQ7L,pingTime:1,time:3829,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D,%7Bpiv:100,vs:i,r:,t:2699%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1130,o:2699,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1654~0,1~100%5D,as:%5B1655~160.600%5D%7D%7D,%7Bsl:i,t:2699,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1129~100%5D,as:%5B1129~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:401,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:1072,sis:1870%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 106ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOQ7L,pingTime:1,time:3829,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D,%7Bpiv:100,vs:i,r:,t:2699%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1130,o:2699,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1654~0,1~100%5D,as:%5B1655~160.600%5D%7D%7D,%7Bsl:i,t:2699,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1129~100%5D,as:%5B1129~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:401,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:1072,sis:1870%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOQ7M,pingTime:1,time:3830,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D,%7Bpiv:100,vs:i,r:,t:2699%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1131,o:2699,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1654~0,1~100%5D,as:%5B1655~160.600%5D%7D%7D,%7Bsl:i,t:2699,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1130~100%5D,as:%5B1130~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:401,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:1072,sis:1870,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
server: nginx
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D97 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame EF4D 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0899 0
0 52ms
51ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023032101&jk=2123521736962133&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 034C 0
28 B 55ms
55ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFbg6qW8dZOKsBuKt9u8P8-i84AEAAAAAOAHgBAI&bg=!i4iliNzNAAbO2UOH7tk7ADkAdvg8WnbPNSEqGGezJhInVHmEnufR0UQ8PZfYPA7MK1a-CwDNj7Ef5VJzjNPos7MFWSZP96fB9HkCAAAGI1IAAAACaAEHmQMUqmu8ZjZqOWMwvet95Ai4TIerujy0CGoZh8cUpC2wb9QbNY3mDSshODUyDh1GItRSAEizwV52CJIClyjMjVEdgg7QN59DrjyJcpEOYwwnBreaZ7MpEUJkOBFibnjsIFTt6wwQ7H5XPqS3bVxzUO1In_Mtd9ufA-LiqEObZFKAs4bG0ofGusHOpJqRhp_N051PdZra_HgZd9vBvsYT7WQmOjhEn5J7e_iqsIB0R5JdMDRqcDkHg_f7KVGO96DaS6PhV42GDEYEaX8MWY0S3adi-Hwg7R4vpZ4iFcRgGZVCf-4hkNvAWHy1n9to1qg_Cja-dbLDwG5He6atXhOgHN9D7VBtA-QswdKIOYO3RCpE252m6uVeeDnK33aYlEn5cLagoNBZBza47Qk6KXVGYrUOA0nxOEqEkd2lGXYbE9ijsQ9iZC9TQNiyqk5lMeDCLHYDgXjn3SadSfCPCyZx3ZrESRvjHOTmr4cEpJ5E4iHqHOz5drZgeGdOLao7Z5KW2xAYDrL_xdtpIvJdytnpCq3ujHuEmMSynE1r3n0PDEeRdGS9zX8BLw5BcnLWuo7yK3PyXzNaFATIJmPZWkkKVWxgB5kharUrEmOEi2ixdvRKZlM_ckU8siLwFJVSSVsOL-y2mdTVU9lAeA04VwpD-AKhySZmmR3COsAES5iSOftZNOqVpyO0ccc_o8iOQPgBJ4ODLiqy81-DP87Ya8Utmw71y1Bp1Et0tk326_yXtk98h6FWrHoWU-U-RDmjaHjAxyeU1GtHbQoNGKuTZFqyLL3tSanBXpaIam7O85g3uFWjaVZWzYTF30d3PoNANdDeW2UQJPZaj69xTj0wdDsdXb0ciuZPgFCALO3-tRXJONtNz3igRfhHu2VjCXCGt0Q7JEDYwraoi8NI0imnOP3LYn_ANG9hn7eXj1GNAeOwF6TLDUzgNDVkaWdO6S4PHa2FzmqH3P_6iFBmLqRrJkwRT_QA88iHmSeOx63_hXUco6yxdj87zyPttEYNbfnERLbLQNdTwP8UeTILAHX01ZQ4pg-BKqH-_Ls

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A8F 0
28 B 55ms
55ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDvc5qW8dZPrNIa2l9u8PgeadwAsAAAAAOAHgBAI&bg=!ubqluu7NAAbO2UOH7tk7ADkAdvg8WjT-mK4bER1nIgYaQk6mMg6jPWAa9zy16gUMextGlhf4bOFutctl8F7U0MPfyybcW2SKDBYCAAAF5FIAAAAEaAEHCgBwgvbr2gjcZYPn7u9ESGd8ennw0K1tkLgJXK8jgBkaLmfpkBSm4pJ4K456tFwCrcsoSY4Q0CcFtvlzpV0nTivdG79BdO691SfY9bD9aoVDKQMo34YvDMsIdIaQu6lhglEboUqBqBdI5X_ksSmhvEqU9ZkDCLVUZrc_caQvZBDC9RE678oRARpAAiZAeD4FHyLkog7KJnotFqVLo0zktdBV4MFXG6j9Z-0jUKbrBi67q-7GaKcHN-6DEH0lrpbFWqFsZBkvhIgZCFGP7hwLhwJIf79lBTFD1VYvMBP1urW_mNQ-nHuE--80oqYGDqGK4MXSvrft03KKiYcsWhohLDva-2aLO3oPFvVnCc8ksqDkuWP8CDB7y4chIPNOlD3VzXEYpF8oZ_fG6SG4oCEssaeDJcJmk6OCma_PE7PSAKCw7gr10d3FjOziNHuED5e_PCMef0BsMZDcMKmGO8VVTT2DGW33bY0mvxFhoAIF4qKhus1bt-dw5nTVrKosqjx9GY9CE6LjaicJNkpiVbHfPx652Vit69Ni1UoQIIOF0aAZeG6SpvGTgKJzojuCo_xQ8K6DKy8dDH_kFKX1iqaL0KvuL5ufuwVOb5CpVyoXy6yW4sirUgfqz7wam6GUhulDdf8_5fx85z5kF9-YcfF3pulrW59Ln9Rzf4hpwxMeUiqk05RKIr9L7_Je6z4mMZrRfEjsUEAGlZG32NS7z_GBsWDtsR6mtgL0osvVc63oJLtJADH8YkTJdkM-RMjyLLVAWCYvYFksxveH1XPMdGp1rFYXi1AIerF41Nb_Wtjc1M7-JXtOdeq6y2sfKFQLbTy3XBSzbv8bpDhmhHO2sM7SMkm2UPTi2kAfX5rDWLXSnD0dAZGaR8aephAqv9lukcE7b4Xz6D5IwKrxfOYDaOufvV95tqtX4wJbBwSl6nApb8lv-egmLjdzKo9hD7PNWk2F_ROCZkgboIpEMgRwhz64pRbfHeLfA-fTNQvT1DkXySHc9y_horwkaeAC9FOx7LTC9IOxhZ4fTBSgEpWIRJXHiDXMNNOPhKF8_gkDGCg92bO9cm0DG1xwW5898LpHK6hvAFH3BIhDpOelWcMXx99bHhiOOcOWK_3BUog-nBPoErNtL8HQzLRvEQJ6LMLP3HdsEmqTFtv1FRDmchrF1wCoNGowBBOwn3N2epOE0E53

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C653 0
28 B 55ms
55ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHsKHqW8dZOiOG7rgx_AP3YS8qAEAAAAAOAHgBAI&bg=!KCulK3_NAAbO2UOH7tk7ADkAdvg8WvHktIL-vVikPm7Yt69VjNdJAh1oJCUlPWi7kI0NOmyNpHC40L8OpJob_Mhxnb3CBEZIrl4CAAAFylIAAAAEaAEHCgAlaiMdtpeiBJfAwGB5ce3pWAxGH-TOf_ZGRiIhg6m5xNjO7QPIa5kDHdAOnQAqQh-UaWjsBgFVUlqbQg4yukYSHyoiSb5pFUHArc52NAzWHUykqYkjg1vX2SECmaPW5f2d5G7Ike7Da6uzKauC9xMZS87obbCFBsO3X1iqo0mSB7Y_rDQ49shMWeHLPDtaxEZLbuPPnf5nwCYxJGT6fk7bnpm9FSdgtB60Qteh3RfNK59K9r9iFNsVejznhQAs5xfPvqkvH8UZMujVdjefmzZmoe_aydUUBJdcIXOeiMmJi8LTBdlolronJfyOAHpqruP5Wl1djxm89q-GAugMxKXEb_h0LWwsFrBuh59i-aFhBPmnU-KIfx1KzMaKMp_WdQ5oNIr0g3nAbI73U_eMmFhLXKulIw4InCz5wdZkrHt98u5Js4XMCIdtgZ1MpiEyXX7PAR9-WKrhFFNWixX6YQYcDVMApY-ezyc5NPrGFcdJLPnFJo06Oe0bTZxoIjWoBhXfVTJaCLBipZ4AqGUHbIiUYmigguWbvY-1SvP0otz1etshy1nqu_iHDZ50UmsQc3ket_rUlYGAfyFIAqT7IrDc0dPGCIyNVTqX8vr5oaVTWMq2yrAk6l07YZAzutjS7H25BHdHgk3yGIztZD8Lz3o3nhch8Le4ASyr7ueL-KgFVQb4u8eD-LFSU3Rynl_b-vT7WaVM2MjqPo8Fq80In-ZWn2HdyV5J0jALC6XlgnMJnl2IzAScFzRszWsAurjcqzXnE46_-aBCosHstGYgIwWhaYWQeni35x5N7xPHE_xyTSFYAZIMzqDgxRBV4Gkvwua-6QqWe7S7hzuonutvP6DbDsqZSs-Gkarc253QBSr_VPDATV7KRLbnNi0Y2_UQFKEIFH8dNSRyhQ38KG5d-o1RP-w8tUoVBJ5PvZPsNv9vH5y1ZPdP_c6ks9ZoEyVDFhzeE86n-CLv-a58n6bc0y1LU1FDOb0J9Q44qemAyDsoIsl2SdF3lwqwZagKEQ0P7jkV5U6ffJeW2iUJBRNQRy7KjArqmTsXgUAPOYU5UbyOpbKZhvszHGw79hSrIAmxYO1wRWfuZqTHAeaQLvZ735MKqMQ-2KKK

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FF98 0
28 B 55ms
54ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5_T9qW8dZMKcI7G99u8Pj_-MaAAAAAA4AeAEAg&bg=!srGlseXNAAbO2UOH7tk7ADkAdvg8WuMlXMqOBdf_jSP_xWVl3pMnhZ21zM_Mix9JMJDjXI24DqsTekMgT0jztSTMKjyBWMjiOwQCAAAFvlIAAAADaAEHmQMMf8BNMqey0j04Ka5b8wxgw4JgnQAUAYJsjXaPyCBvdOfWMlcZMa8RJIZMlWX_1cT3cdWFfz2ORlLBPK3DVqsW0dYhWBtQWcSUKL2QdzMtViwr_KUyPMefIIdJ03CMQcT5nAFSIGMlKXCO8L-5-C1pVTMJO1dECJsaoqOhQXOK055uIu1M0X3UZWZGnK8Ivk_MyNv24fit3EpdwR3DcwXo8_TKculctVzl9e3sxS7QxC26_Ga1YRfugU3b2CgYql5nFzCvGc7Fnd903UIJnGfbWibB58l3LLnCDCavWqy49BIhOFZlc4MxbPAUrV3ZmxCD2V5TBBoqLPmQodN-H9qJBPx352O6OdMiqSuMlIoRpzlOnRG2LgifR1-lKyMx2CHHrZZbaer7dQNCIUXeLqx4rKHZPyxqa2Yrl6CbUrOKh--5DoXxDwI7vrKiwYIowimd5vw88fXcnrQMD6R5BrzZ4p2YWNCGv91ohIV6pkq2AQqCuJX0DVP_NJy6eKot8_2N9NOAiYXARMOR11PxG8jswK4Htqn61H9jDxSXni8KC8iPOUsPvjPrYdrXAbPfoZaVVFA7nXWi7_-29an0FFza9g-FJPiLOAySep3gR-CzvRO5xnirbzVNfSdT6RvaWNhH3mbsdMlomi_JvsPOl-3B8al0Xxc0a_QGeF7AO8h0ysvbqARqlrKq0uLsMWB2seKxTe7ZYlMWkTWeQeorGCkNVYMf1dcfGoIkaDXiuyNFb3n_1CdbXdb6L3VjbM8KaT-ouT7Z0cr9YexerFrZStpJtUbfP31_tyLfGOh4zEmkWJ1kwqyG9dIXncvUKs0h7gIt_xzX2nYfGKT28pnj5pDFcU_ZSSUV3QpUpESIOieuRDupQ1i7JRweCb722vjrS9Xmj7qMxTSQlJLdMldTG8id6GdXHGUO7ulA4TZF1x8Qdym-VlFD_2xailkkF_sq8f5RBlPah6RzdSNzGBFWOjQvfsXlERTMktuNM97ZbcIF3g_T10NRwDhHy5JVWTt_aCoglo2LprRNWyp6moWR

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E054 0
28 B 57ms
56ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bwt87qm8dZNrlGpnZgQf5mr2ACAAAAAA4AeAEAg&bg=!vr2lvenNAAbO2UOH7tk7ADkAdvg8WpA8g9jvjzPMAY99nHX8WIeJ4zh53mcaIHLG3-EaFMfkHm8FUOeE81UTFnsAHrwZLoeqV7QCAAAGV1IAAAACaAEHmQLmbbfvQS0lLL_yWgytRNNtv1e-tZvpI_wJ96XRJ0Wl9m6fvM3Y-IZKt3GhhugPeIJYPcvkpt9LpIl6kiIwg_Rq2u6JJ-U4TU8A80NLXcA16ejbFtg90SoyU8FksTTPHbf7MZ3_c8ghocmJq8OFZsDDJB1ZBMARn-RdtsUS_YO-0rtVsHBXzVlojvplRy9KlE_qnud-jlMSJ3p77PfZ6dunTHFomClKY9bbu4Sh_v6IkR4UZVLCd8gVYG-fCXK7MCKBn_uCwel4kKOiM9CDgjCzHyktV-eTJIiKetR64TOqNy-gw_BlB-8Ws-vY7XGIc9Ls-0h6pemTnJ2gYhqHmTSHnKQToEF6WXgEWRmGgGxQ9BVVzCAcTeV3xcY6Lvu_itVWpAomyGhqJdYN4N2sGvoxS8qHYVCcpIAQ9QkKrG4G9sbIIl_R9a3vg7gsDJHu8u3aKkL--4ydL0dSFqaOVWetGd8CFmQcf_TqI1VpCHCYPNfA0xp-TrAlMZNr3R_Jid8W_4tC4mykyUQvt9JvQhG3ihXZehv-Q6MQjjtdgv5rzEESE96VU5SRMn3cBdViqv2-EowXEXkGnZwRjGaegGvtBmNXFrQXrfj3AnAMuuOD4ZTj52937Odf4431zbT65KrjbRek2vbleleaTgxAHhZZ6mFgRm6SvcX-wJ7WrZiBTEucWBuSjOzF7cbSWBUOuuElL2kDRkg55vFUVPHLvSwrv5kkMCgkryqoAY-hxS7U7Px1NjVkSMhEzE_bzYUECgv8xF1TU2oAo8Y8y76wo9KpRTjXtwDVwqYtI_gJD8KIj7JqqO-N9f0DQ6nrulv0rwVXTlbpTT6jBrEj_c4eWvDMZeZx1viX_e63wLtYkDnDUpDkgDa4GNcjTo0rnGEpeDOLLrBbYeV92pW7b8mi6xdJjUfq21i3pRkrra1bLR1vAh5dYNQQbhAf5QDp8depG8W27wgykWnWciFbLlMKQUC5MNRtD4uX0A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B39B 0
12 B 19ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ME3GTw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 5682 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t4_aWeuLa_BO9IGQ3R3HcB0TaFNoER_W7PQrl5RFgV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 15:19:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14115
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 15:19:47 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 808C 0
28 B 56ms
55ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJAE2qW8dZNbmGMLw7gOm0riYDwAAAAA4AeAEAg&bg=!BQalBlLNAAbO2UOH7tk7ADkAdvg8WmnC-0zhthhB8DqdhVRy-deSseuBNkyBznKELA-UWDpmhY6stXBhnlBBKZ5XKPPR6b2_KQYCAAAGl1IAAAADaAEHmQMJzs1PDHYy5vNBtLRKQM1MkLq78VYXBeHIXUviLvV66gydnGX4cGkWyvwjexQDzlAgH1kdqDQ1kSO9HlwBcd3IP0I_7dZ2tApcq5cT2Ju48XtpLJESmw4hvCxn0pPO0-tAkkWDKs_z62thVq6eRyqzNa9EFwOFjvy3R5lm1X83Mz7ddIMYkIq2GDFHP2fPUxQ5wxDnKG1y_tJVs61L6zwvPK5FEzamRiSY5O5MUZ9pv69XneY4a1y4Fa3B_h72iitpbk3bp22UzvWwMPT6Ejkq2IXNfTqn4vFqRFCBjCNEZdAW2YKVNSWwR60xLvMjgeZ7INJ0ulRNUci5UOjHrKl_QXjjPGOFNK6FkeQGqUVn2mjtqkoTamdR4sAAMv9BaeIRdcvx7A6697Q6rSRznc6L7uL58Fs2qeEEsxMbUV2Pj5Pbuo-47ppscYpnXW81kM1gGQfn3MfnecJmb3qOPFtQywJlhH3XBOqK2C50ECibVlYZVPK4tIVERz8T3vcABtkVnNkhuhRTGQSVFdN8cpa-9-xeHZZi9x9V-ZR94MsEnvOTQ4YRgw2Rjnk72f7nu_I-QXZpFuQA8j_zXgguuEulIQAc7ZMWjo8IL9iSXGLBSL31J_fvdn65HXY5G7CAYB2RKf8KcIB-vGhfPJG3a8BKiZvqJ4SiVtyMOTI9aq9ja7CY-fMHjFHeF05GbkUx2UR4CjDnU4ds1IhNSV6eB9vCDGFo4vXqogLrpFkSb3ooMYQnP6WYEBU1MFZ73cK0ErK76NNZfH-KOsHWEHdRLzqySzjVhmIJy_QabcnWyFa1j7gKvkLxdzVhavt0_FqnKKsgdYBBDNzuSRv8GCsgLda-m9nnYhI4Jtx9plvvlBh4rZVAg6eA04yayqTZk9TkT0CHGLunpzjREXRISTRfnVkATT1RPbrHB0bkYRAchQGtz9eUHlxhRIaAyl7z_7cyeKx2n81r4lxTSSnI_qzZ2Dvdp_ybZeAQC3ArdAayALBauusrH3uu4Ah9LG558mm1yfGCmSAFxQq3z_Va

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3612 0
12 B 28ms
27ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?WoG4vA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6E1C 0
12 B 19ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?oNVskg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8D46 0
12 B 19ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?DbFn2g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EF4D 0
12 B 19ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vvyumw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9D97 0
12 B 18ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?rSEZhg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3144 0
0 55ms
54ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=1012824931882618&bg=!1Nel14PNAAbO2UOH7tk7ADkAdvg8WpdSAdxAmV5S1p2GQinS83W9yBhJK6uRk8xwI6ez7nLAqBKHm1yasZ2iBcKAuzbzHye8IjkCAAAF1lIAAAADaAEHCgCcWbERJoqNuxWozHPzp-hRJGgkzZ6prFava6g71TpkOTzxWiSgnYX3SrtUW5ESsVIdA5FgSGZiSOraXrO3kH5matyr-1m_EI22y8DfZghXmgqcuOg8jemeXxchs2FDnEYaL8XZBRTzq6MHkOuWo_KlrZK22bg__fkzyT9eiOJeLL3W4ooJpCJvmkzshSLA88SnDB72COt_EFPOwtsOmQLlsFK5KP_Sd3BVoODeTOb8E9uHSJGcNugBeyd-nw8_WYlsl4zfmSUcZkTIbwGiFui_GxY2-W6rSx4RyLFyu-zpXQMv-ZCQnHApR2Ya2w5ubJaY90rXgBvK3HU6PybmUUTjJAu2GqxLzPpYQNPVHrmIQuPwCIec8XcsGsGHXuj3S6lvS85dcbltEZR-Zu5YNzvdlyNjXQvDgfgtEovVWAodTVixCdl8Xb-SpMoBCXTEqQq2h3pki9kqfLyh3GqxAO39TRo4gWwdrWeq6kjWvJtSyKsamE6zbZG5bxQRep5wo0xgy72TGAdd2nPzVENJURqwvZ8zDifKRnf6BWa5C83bsbv6uFLzjiTiwNGrGcyZsihxtvQ0xUp7ifs6ZakbYI1ZiuurQ91u0tOqZ43wd3KWlnIRqYSM0qnicnJuxGpaFalZWbKeJ5F7hcou1rnDn8GOQCLjCPfKeLTA0GraNC8AuNWVRSaM8PEnvLO01Bp5KUmykaFOMJAhw_U0EFqiRsK4rrwp4syyzvWuEX9b4VoFp134QfVj6cSwKt6l53f9MVPp07Wzw-gEFIV0satKCMMRYzKndQeZUGIb8rnK8t7o-nvcf3wXXROrf_N5vFDLcFHPOp2MUQmRQ7J6exP_rnUqoJXFepXgRpH1iYQTyejUClOvH1jOtZNu7v0BjLyCFOh9NPfBR-wAOP0TcqbuoBxqi4fpMVur4tFFyil8qffXqnVbwNeUGfFP5_46E9NOOzmzktyZy1nbn2wBvMNxIGYoykj5auoWndFOMJS7qW8VAmDE1P6PGABiZyXVKUGEdZpuA8t6eLJXJCRZ-3Bdhn1OZAl4efkAhZOjTQXPYbApNvWazc69i5sGOfoelmU7BYYe7JVxDaphokjAWX4N9raTXj0ZTkSs4NUzwSjM2Mg8z-G6WX_ezH3shVRJCiVWSrOne3BeLGvxVzWfcvBfv27IAW1o8JeQB47zLS6Atj6y5mWUbdno
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D2BE 0
0 55ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=135737501720967&bg=!MTKlMmbNAAbO2UOH7tk7ADkAdvg8Wu4r2Oiim5oDaiXLZlXE00TuZwm5F-avhLXxfWSinnl7sKczf89LpZBC2JXB1IC-K6zigQcCAAAGYlIAAAACaAEHCgBHBXuggtLE9dvUTXJSt6xHoRZXisxm-iboty9TZ3XXCiu8QiaH-is0-pnc_iDyK4rgTiDBvr8QH_jWn1iTBSbXIhkSWFI-vpuZAuTab3SMv2_Rl8Zb5Orx2hz6R1eqPy5T8i1_krZIbeSzTqBfGVrZcYh-MoYZNHi_56cj-_Q4JMaJCYhQTvnyvzQfDulqJLnIdu-kO8zoXTw9jjO9W4BpEBNk9d8iNA56mWZX39RngFZXIHlmYrtOi42SxIeBe1vHBYnHa_zpVvygiF8ENG0YbL9p4Q_rYDGPFrMo1drtt1CAwfT-51-jkWNFPbsaBLjy1p_TxjoGxKEz9-CaWPwRwmEtUmfGjdVOpb0t_HRBsUJRzoOvIigvIGf1L83hj7YNQynzB63FW20-oRSY8bbMRKHznLxakd6A6XeIT2q9khdhReB9-86mN4TPi6Ug-cXbQ-0IK3ggmXong3YD80Ez-zKtjyZJyamroPUSTK9jhfBADMHR0eDg_Mga8OwaK68qwyQMzgGDFgHd_b9TDmhFAjlqAIgcu2e7u8VeLQLDBklZhRdQKId2gsXYu3vuWlSJh6sl7LVtfNP5V53VBK_MrQJ3FQ4l3XUypk45PZQZIB--OPhb2tHeN-oOYtfJauXo_FVzjCFI8xDj_-5sGJVHtzLBfVYbpqma6UiYvAfZn5kkkx_K9y75Ai3OQIHbE31AUZfnScu7azP1mpwXHApPx1jJVDL0mP3vxa6HOjxGOv_livK_HrJh6s8IKnbyLKE7h3XiExu63Yru9g4UJboLbDnTEKnXY9na44oi7C_vCpSdcQR60I5578hMtY1gAXFmsBB3dM5Gnve3zOKbr3nTWEDJkCs0eKWLddZO7R6dpqMJhdeDUhl-14hpEP9hJe65PK_VuZHEkDAAfdS00cqQXVBJRayj6O5Nty1uHCawZZL07NY096fXG0q_JLE8tWBVMwyLag5tO-LNmOUG-NiijWOAy16MFrtPUz0K3epZ7kOygzs1EFdAh0Qn1mcZHctpCsKH2e5bQt5_EgwgykaWybHJw_PTHs4LUgzNODflIjeFM82kH_jXSF8NP9rLzg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5682 0
12 B 18ms
18ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?v5_Bfg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 09:38:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2E2C 0
0 56ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=4439608642517411&bg=!TE-lTxvNAAbO2UOH7tk7ADkAdvg8WriOPcPJ9-xtXynPTS7N4lPQ2aDwGqFAOqKLArVq6auggt4CjQnscKqLehAwDntnADytxRICAAAFg1IAAAACaAEHmQLrxx7tPRdGetrq4TDbPSBvSn1YAvD3QVw1TzYNEpk-vBtfzDPZtFHvMz7QHgRpsLBrkZiSsXRQZlihN8IYqnPOhjBAKpaEhyJYJZrc6Bb59TEVZwo5wrCPy22XbApgWNQxeA70acJGSzjBDJIBxHLgWJGQQAvBN5HXlEKmmHST-rYLMLDLpx167bW4PUOhEYAH_tpoDON1FtHU2Sx9h7udzms1xCJRUrWMDYPn4j7VvpZbVCGbh-oCoe760cmdffBgSq-owCEjRclA2vxMb6dT_QjZbol9FstGV4WLN18Et6u6Ax8hQxnd2CTzsQuhhpx4fj5SktHL213dJUnqTu4mqehC0Noyk5A-3iZU9gXsdfdXcFqSvQ29wPXIMOA0HbAq0MvGE3p5L2K3fiCpx3M7hU12_3FI19BFiQCQtoCVyQmvbExICTOL2Sz4An9cwepdCRu-BBB47JzgD-IBSO58y-Iqeg7GJAENY6dUPRZGJm9vdqK32aKC1sHGkfGnCMwML9fkIYcf2AXn4XvvsLNHKlZXFYekUCzthIDeUReYJwCoqYNIiEdOUZhSZnbexd-Yb_usxYar7rkksUuDv8loqBlR0Dec3LaVXWAFnVFttGPpnYBr946UIpxw6wCuF74gTfKGF2Q2H7m56O4tlzbOYqTAAKlQMGuBYCQFz2YPX1UkTAMdN_VbqLudBk4LQs4RwDDHzocGVG8BCfI3coiCzX4JaERQniy8rC9UrGCfv_iMfrUkpGjglf6kb2Oyu-LwZoY6yebYWYjCphr4PzPWjin2HoK_Hj7r4NMgRq97296GStBzVfKXWNpWio9s0lNDtOKe9PcLnGg8Qu-ndT0YEBlTfygZWdo4rWy16nKWovDaw9WqXnwhuyp9Vt8fCgntznYaazumIHDC8orK0CKxckiBEkuBPpaGqBhASV79lZj95xkMSJpHQXcAW629LziSwVeV2Ro4gWJ0HBJX8K0cMKcsPfrcElfUv03-
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame ECF9 0
0 56ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=4112785457605545&bg=!rK-lr_vNAAbO2UOH7tk7ADkAdvg8Wh4eaTddrPcQPRgh1TMICg2vTApPZjq5rUngsOQZp5oyg4pz_xx_8N8akhxGAZKx26mg8fACAAAF41IAAAADaAEHmQLr8twsBD-HPbjJsnt1XVuu6q7Papp26WUfLN49NVc1a2_Twb3mcTLc4LqbSxrhZIpaTmVQacUMrAZHZtpoGcUEmVE029AAzr5pHeRdF-mquTx2CbO9r3Zx87KQ-JC2rzOeg6cXzIQwwmTHJPmg-mVb6kU7m7mc8K_9v4_6CH55Q2PPBFeAp5WDLuQUsiQVo6WFEqYEfAflg5qZ6SrBq-aaGP-esJPQCcFtxQqqY2A5qL5Oine76Xuivt1azPlMJfHMHnv7k7J8f7YgnhX8nqZ-gO9Ke6wio6FXjvfJ7_vmkaTvpkB91Taq-RjVpe3BwwkqWno1mJ9oMnfPPschFp_5Yj9wW0enridCQ7b2bM6be-tOE-lHjUWkXuSlEl4vmLB7knyhP6uk6KBeFKhEgrOwzl2tvzNlJcxd5XMTTr9CLInZNuvPgp45h6dc-xa8k1HxUSYqUAACtIXKSXRJWrdIIdn-ldPrh1CB3Mk4qKgeri4JjsHni0ZiWwYB2A5PoypEBICsbRglRup2rpFE4R35LHHvS-AAuGTOFaZo2CioCF7-cXT_6_ldymZzhTTV7aIP4o0orG0lwnHp-7TqseYyrtsCpwJpkPwUA2al5xKadVMTcpHaK_GRNbXyeR7BMvktai0Mooogf2XbSX0rHtpIYk8yfpQPhVkKva-Wc-4Ydg3ePjwCyscO8zkXQsn4P9EkhQX05WQZXwFKx9wkRWaX0ksiFgCuj_lL2IDk2gWFInXQCsUszHvUJGNnJfaT8L5cE9RJDjuEAxCveYcxmd-krpB-2MF_k4x5a6vEBWQjLjCVbcGeq31n2zOk4azxWTCuwfDSmvrZDLbyyOfyq5_0xuQyxKRytRL4A-xaw9CtT0f49tBPq1LF8_X27KR-Iq6ZnPtmScjYrI94Jt1xndEuHGJaClJJtNhbhOGqz8RJDi-WFWrdPnuWaBMv0CkOEbqzOg8TC-J6o7yZyTko6C0YF3mRVxzr0zyt6oLv
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 179E 0
0 55ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=2284349887114769&bg=!KCulK3_NAAbO2UOH7tk7ADkAdvg8Wg1plSbL0jFnOB2jPR-Rx7lxh-CYWa7IVINg5XDXxbubsWtlbWn17ShgdIg_Iy4imXGnCDQCAAAE5FIAAAACaAEHmQLg8qi4cWTOqUiiOWBpaOIdiBbIuQEAD2Kc3Fm8ApaIhOShzF5V-5NbswSJvKyZVLiKw3_vsixpV-VLFA6aRFiOqpJL9L4Sof_97yauehbDB4AL76OOJF3XPlutstl9EQQm8LuE1yO7phUciNfatpjlN0kwn2tBZL9o32bamH5jOkRMAZH1LdcYVcgPPJkeJp0Oj6edxm3i3YOF5yxpW-OabtlEIXIwwO1Ap_SYDvOib-XnW6sXihJy1Yana09YNk-higO12QSForTSyPkN20UmFcxam7GVLI7iimSBjYVFcLqakrYL6tTUL_vxKJgmzTH6itTx7mMgk1GRTDKYgn1UUIwNhw0u8wRLFTgDuAGWhVbxFfkQrPkXza1AzOh99ZEzBn1My55KIGIc7keWNtJQwiU001eLk_MBCUl8TGfNjURjp0qYzkT4zoR-LoNYaCvWLmHJGcXZ5sMwAn9w13ZcWmWLk_wdbKloAPepKOKVqKWV-MR_QdY9OOdX0_LHjNDa6brvxvy1QGmhi328dcAG05ZD9y1Uw6HAYWFQ9AvlIjbmHZYCvsENV6s_VpZiV_JveDQ7iCYrUPHpUshpvfRe3rer0Q0uzmCUQqXjSdTIsfeNgpOd8h--u24bYm-qQN9h5gKo0l8Qof4MHd8dDr0UlLhQaS7xCtn8Cmm6C6UbEpbiTSGh2iYt1T--_cfWkAmevS-wAf0mLlysBv5UDr6fyh1pAMmyuohBVOQWu5QWBjGjzO8RL04FiOtWMqUTjJGl11TZS7dWLGDoZea82Nrs1nY9JvxGEwXuGPda_3guOCEhXbIlUDP0thkbmHLn2f1A7Q161LIJBYIcg5lgLBZ4yPRU0ojAiKTOFVND6EqDVVPOUBFCcBmCAj1Nb4d9it5d0qg-fGINzpkJH_P4mBpJfph099YkhNJcH0SyWX6shw6fsUocdX1eMoXtG_GoxFXjnQP0_HhUylV8ixX4EXaLiQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC1B 0
0 55ms
54ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=3305614213782006&bg=!XV6lXgrNAAbO2UOH7tk7ADkAdvg8WgRQf4pF8RI-m2r98BQf6AXUF4pY7CZ7Mn8J-Qv2cSbUvDiQUnxdQz5Ra1XOqZHw7fruEPsCAAAB9lIAAAACaAEHmQL6BKweKU1cSWhQoIFHb96OW_-i9sTVusbOw4OG9_yiLp4BW0dk0g-XRTv5BcaYgXoLkpa5sC3xGteIjPX_u_6zSc-by3VWimc5Ju_cHF9BADDNo86bUi4UO6FRS-MiYg-YG1DN1r5kxHXFQWrJ0tqQP_3osJdAdNfm7PQ27ZhXn2lNuPrNVWicQoK_niZhMmGIHHyhL-xBj4RbJGYjD2-r_y0lzam9ZmdTDGb6pPTZetJ0W90qBD_D1mcof11tENu0_0EMbx7jaEXl98yH7WwbI3SIHFBE2O5xfxwZT9qm9uHD4opRnUq2auPJrB0IaoHbTr5hB4R1zKXt_GM_QdWBCdyPwgdQJGmDeE8bFBvi7BwFqdpu9vIr016xLZ_HVV8iebEBSUsWWRUBJyGdFNavuai7kESyL9DL3G8Wr7MGpwoeNnULHo7zDY6GWxn5iJDEkbdnNhilq4iitAChP-IPQHfGFc4nTTYyKreqOg4L8GzWpS3YrWSZpfEhTghNoXFnClj7HNy-6N3fnI1SS4lgagg4NcMoRCOtUSaQpObkyaTZj9J0Xbsw0B6Wt0mGtXyAqS2mplpLwQRjNeo9vnqLFbI5n3LycgQ17YQQ8cZW3zEi0iaSIeXUZFlQ_RxoUjxjfIouvMz86WJuOr16IigSvAZpU8uAkHHbRMldGcaZgJxhMW_HX-kb2G3Ut9dWwZU-5_To1aT1BbLwl6SJngKpHFSM7Aj8HVhXUiuhEMv3p01fok8AyfhrnLENdlAgAADL05yaT85GEWNBlehvfFX6T4SEa3xsSkpvpx9A7s3Fi8RHVTa3BkDCUQGPUBDPuYRl3CckKEwV5ueGNUWVSqEKiZHTbRjJJTb0mu2E0airGwbI_bzRlori7_0FQaj5XCM7CIJ0BgTMbBwLfS5L_TY8C_KyoZJ0ZwfUXXsfTfJtBWomk8MMTVZOIT9SHhu-4BLVreIXL0X3T9hceZNCseG5-EeOe0nvg0dHsUQE_PyE5exXGz0tzlHGuuh4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4606 0
0 55ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=2106088535107919&bg=!WFulWw_NAAbO2UOH7tk7ADkAdvg8WvLPwcZTAZdSC1hp1NtEbc-jDwGXxdNvfgt_PsUPBwBZ4PA9jAcec3FbE3n1bygeaQYGaccCAAAB4FIAAAADaAEHmQLj5rOE6bZZXg3VfcR-aQ3Yt5JkZ3miJf1NjUK0AWFZFkiljyEJ6Y7NtjA1-FXgHCv0l-WGfJw4-GELseXMk-zqTv1aEiOhcBlF8NQdH3yym03jZ6VYgAYRQ5Rnz6zPAFA_nBFuPIxbcGTKYmHPelGmEMOCqSGV6YV4T3qQDOsq7PZWc9HFkwSYKPTns6U54mETOocaEsS0yx9VbtYn09oZ9oMu16gTJeJ5eRCRkXIvKff_7dNzJCG_dOG50b79H7FG8sg3NtHM1UWUM9lymUZek90nlmxNob8ufzZqyOkUrdLjBJ7sZIf8OwVQeHBi5Kg7n5kzqMW_d8di08iqUM0ORfrXdFVH9JEArifaADbo7TWGZmqM7-qKb9XBdJA8g6akhdnjoihEykGMSKq9N0KYzhvlqsehiHGlQG84uUFcbxPuoFaXLZOQXX3hOaYzuZKBhfmn3tEFAi3bzcmJtvWSLFdKlpOCf0Q8arRDRxgueunnt--aa45Qtb2WN8Mu_tuDKxqDbwbRfSKg2QvJky0F3F2vWcZRdzlBAI9Ry_PHPiuhzrV0EYNONo5ZLj5KPOInfWDMN7e627S9AdrSdpqww4q7AG_oHbmj4m1rTB0Wg7vekkNKUu1me1E3R_42FZs0_W02tAM21Ck2rKeNWwQeox1CBXNKyw969hew0cZnQLWByXWGJz90RdC6yMl5a97nLeonXIJTzH40D0vmS_wutMaV5ubhGz_2Ahwag8_OayLfi0CrYGFRQQP8Qiv6_MLFW1WWd6wCqD1LGnYqzvZI1IDGDmFrheTU4QO2irY0M3KS-Nk2ek_YS3UdCIA5B0vkPRoiCbMVOGm5UyykA3p8CK2ezZcclWXDmIYjbWRCUbSy1SclT3ylbN3CN5pgz2B74mA20aoono64yvWOlDmbHnTRB_jyOVs5Ba8d3iELtmqVRTHUqEfjvHQsBITB3Z7QyMtSANEWcKZrstwCVCfXDGN47w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C261 0
0 56ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=2472897046058530&bg=!BAelB1PNAAbO2UOH7tk7ADkAdvg8Wqubu0D7r3MtOboCuCI8yjKWI4t5eYO2xQd4pe9d0o4qZHR4GB7gWADXMVZu6OifByMkJyQCAAACIlIAAAACaAEHmQLyA8ViQzFEMEB1JdQQ2OfR5ctL2DsAk6unvkHX7SXJjEfrPlQ7746JWKqPts6aAZ2DAMT-lxIHTxTClTd2UwgSFtIo02OePZz1dwPCzu15IGvk69lBr4EcQm-n76cdGZgGH8s6FXvZPGtOGcaGgL6jUC77fBj1WRTMWK_bJHIfcVC-G72nGNrt3MFJwE0UNKNBTazupUH0PRcgLbeb0lZYBpmxYjxRWBJwzffKpFpJv85HndipU5lAW7QB4Vxf7l2iqU3NbRjtmefzzsyx16oE2qMjQ5pRzPJbC3w1C85Pron9TS4aYNUotVhYoPX8xbCw92tFtB0eB_3cxXSDrlXQJzJ24kH4xIVF9Wt2xVUpj1TYix4PXrr3UpBwav4Zk-xzPfgs15UUfEPBucoaUcZUb67ubc3TO0INjptU5O2EBCRdcsFF2Q1T7-1RltjaNm-XUOMl40JnSZENEo6XlRz1Uzno9P56IQwiY1bAp4tB-kYY0pjxoFAdmcBHsanAEmT69ER3Tadmk8H-bAzLtMqTohwk3wnEvFwxGDKoHy2bdG1kn_j_nfVED9rg2FPwhNFmhU8NUOqPN7wFjPm224lPyVVAbvjj3YQPMg08C9g8wK5_N3BYHDCEJgp8ySF6eyEHd-h_Hhvptn9vvcQo31gClyj7qmhbP17CosD3SDMPJWCNFHFbv1XivCduzT0Iyynxw4MUlfErFDBRchpancaSV53IgJ0T0NHuhlzvQCU18dJ0x9S5RFe-MGPZUzXdtRIN_LxHRoiWcKDmdK3mc0ivLgxo9O5JiNn3STNg553dShkGHnHm3VEJMno0DQdMBLrNKCJ-VACYMUrNTTEdnHLbeFtBDfl4DEwF2yMJQBB8ESFTiUrn65VGWCoGkNWymKI7fwHu1lUs80a6uhlQhBFEI7r_bZwRR9DqJWWv46NcpcdPq4pdgVmk7EkqkFNVohWVzYWxiHRj_l3DT_P258kvD3rHHP8vX_w4eM7swGRCj5QbVw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AB5A 0
0 56ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=1182820626309950&bg=!srGlseXNAAbO2UOH7tk7ADkAdvg8WpTNljCClTJNDIRFyvKL0fanvAsEWWs9jJ-aZBKwvvUci8lpYmdsOzov2FS-MMI7VhKhvOoCAAABtVIAAAACaAEHmQLiFWnrYROHkSXdA5W6RUG0AbZABMDPErSpdIyWnU8MnxF9YGKOs9daW27d6O4lKm5tk5JFbRa-uDdJfhMYPGPBbtwOezwe03uhpiCm0K6TA9-M-c70xijuTwm_y31lITWL3AAOTeCQ6pFZVN1Tmo2bONVwK-LoxdOex7gDZdYcRbBBGNbqdgaxoeZSogAFTFoXVlt2SWDJ1Ui7OZDyIyB9nNWW8YRgKZ4gdt9H_TeUqlVmvJT9XYTafSDpetINFaqpvGmQVL1MZwrpeq6D-10IlauvNFVbcWzdcQ9fh2Ftdcizbfh9vfAZ3jEkVNwDyrnzM8OiIV7cOuu6bngMHlvCw275fMYmXpY_MjO9vVyFJieWxOtppWnXmjCDCtw-F7bdC9qTp_as64jwzohO0Dwfq7Mar9AhCIxlO3ZWJBgxKvvpnUFdklFuJswpBi40IamfyX8XKodYL8P9xeAkzcTO38Agxl0gvbTJdLe7TZHRnBaSmZjesG8x8bFcCCCqW3laQsxUcmd5ReYTIASftHGpXiH_zrEfJtOMprKqRFQMnglBjsasq6p756lUklxoTnsoOBhrnNW48dz0Nu9sr_fP5ZWJkIPhTuXE3p9z_u4xXZILckTfofuhXvQqZnsf90C3uDO_Mb9rheOQM4ZBPRPkzUAZ4wMbfEWpTCdiT_yt43lPxpsNbI4IAP4k-1IEMBNaVH7lY57WIB-p0e4-cSGnsZuLjBX1P_CgfAN0GWuzL1TCf0Cy06aUh5ERJjYH9m9lRWEZnCJPU0JLObYr85xFBDDG5xtCnAnmLLq95ua0CN6y9JmF70GV8n-OGBUkm8ZyQEmA1TcMpmU97PryLHjcsSAtgUoLwdMaekERsVJqslp4JGurt6eTudusvd9uZLDqwp7EWY6yYrU-SALMjlvnvAXbIxXrlxxSOn-RwWhQqYAigUTnOonfCVlT55WH5n9AIxSOddGcRTnH_WNxAyaSPjXv
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4E52 0
0 55ms
54ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=2349057996052770&bg=!fn2lfSnNAAbO2UOH7tk7ADkAdvg8WpgUV-t9zv9u6EqOTm7tGh5lAGcVRVhiXBKlHnziQZsp4U8rXlNDmSQKBfab40Z3IdQJCcoCAAAB-1IAAAADaAEHmQLhFVGFMp99Ax-HRXbRFz6Qgz6tgRQzhUFkYH9VxtgoJBzIaq2Su311_aJS89qlJzISYALzFQUq2d5LoIB_IRznFPqJOEeQupEhXU3x609JVcVXiOxRimM11fECV4qMOVx9uxCIr6mHltU7YwhwenVJYTvlF9Vel69UF7qtZVf-BqXZhlvJS4pOwXOhzAaYeHKVjTOxsmSR7JR8l3FLqcZajCMgO1ebD3Y7KrMzSjsfYCwk2DXQyN2IvZQGdsbSsa_BE0DD2yMoPPNU_XymoVE9nUtRSobR9ChBxNo5SQLdaFOP4X-ot2Px0CpatYsze9tJtQoLatNNDIyAAUGzIC72Eug1_qFEvxfN2seNM8z9lNVxb0GLlGokNa0f25_BhNNB0vyufwRt0BZ68nxv1QtxUb06Mj8cTRa4Y8gMlRDGyshIcSqIDT50HeEhyBjyw8bVrUZQcoHbqJahCjrQk2NXbMKKbD6PvWAH1zZrQjbne5REPRn2Mv_hgnNdGV-eIJQi9FznhgsI6NX-PlgrG7E1gsJnCNxFK1uF_LFiz9nyZfsK9u2N8Ov-kT1n1Xoo53Ls6M1YnJImBgyeBviyYyeCGH76o5wAF5Q6UAUQ9rbk-EYfmYamayk2FzIdYbq8iJp-te_hRBJ4LQJp1-jkpOZ8jLefmuMwXw4Sun477rDVwN1NP-EirshYi3DBQklrksK0pqmNVR3bkOWPioxQtbY6QyWSYSdNEiMtwxMgowLyRnJYLPaqlmaTmhepV_pswM1yV8wp9j4ZjsJAHHHEtylv1voeMnDnCjm6ZpTdb0v4YGadl2nxu3RMLFMA2B2Pf54EefNsq12diamWcekEZU3qtzbjEjylicpRfKykQdtBFGkWlPZM75xRi7PqJy4uVimueEwBIlupctD6Gb3wZ8iqW5FgSzcTpPU1e_zAyC0n-h-aKarJKYRZPF_eDe_Uss6BeQDjjmWZHG4-XbjQ4tDWRNA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 55ms
55ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023032101&jk=2123521736962133&bg=!d3SldCDNAAbO2UOH7tk7ADkAdvg8WtcW5p8IiSc1wPgNg07BO3AdTeyC2zQk4Gwa71sA_regNi5sClgqgvXp2ntcaLQDWPpac4MCAAABr1IAAAACaAEHCgCY-VeyIYEJp_4_ytSAUYi9eSxpfl0EE7ZrDm5cMFe5V9MxkRFnHF7gzU-mCfvLHN-O-qxtbTjARBDRAffmeAILl6FSLmBs6P3Kuu7jbABE2490L3_8UrlY-NKfEXLJ2tViZlbwiWxGO1c-3QX126i7PLh629ia7czqiv4xD0pvGm3RsDEr2IZEdpXxNHQkoa6vdbUl_fg_XMGZAqxTMa3sFPITh8S8JwTHZalhLEtWHqQp0F-JfO96Xs_TgT9CNERmVH8FnnfAURHdGLFaB4qhaB4oOhCrV5LJSy6VmuHxpd0ut36juAk3USAxIwfYseLWihMGmCgcmrU5opM1GIqMDE0hDq7ZeI0nRYnpTge6TaHDnUvvQRGJX2BVijuwHlLDsVvS68mYUi6QQaN2tYQrYoVzwTWG6lzq8DyWhLoS5uywobUTllQf2Md_3xeg-4MXjhW6PonS4VNDbaLjgBkEoMRwY7o046bs584YXRD-X_Zdvx2UOduqOajUAbASjZh6HrIaMrA30GlYZSTf4tOXaOa_XlYsgvR1ig4qiNFcF2lGQKBkXP-2JQdE2P45gAWioXomuzM9bk_yAabM06fbH1uFtRKy1Zz7zgIUhojGXgkctFU5KGKMxtkYswO4MI_DbN5KHif6161sKCXI0vQ2-dQNg_dsxdDqDvcUlCtSlIigN7vf0PfRiZhkiBThPJ9Hi31nILKLN0PuR98UUpTIvvc6wqkn9jpjLnoBEA5FDovOkIYBLXsEGRmxMTN4OGwmeWE9fTshhiPVluW3cu7sNlvjHda4xjbrueh6WWKlnAAHRqev2IaRAxzRkTTHVzXpJdtb7mpaYso4M12_o8iDLewpZUrtUAbEIyl_XqW-m-fmerG8wGsaJFcm7LkUEx_p4Sv2DCQo9xon6-myuc_3v0GZMxPufnRZfszXYMncRBBGg27fnO4nNMH3GaSuhphk_Nr6tz4cuCehQLHMtU3xS7Y-CEZU4S32X--yXZfaPyKOEbIqY-NAqcJhLcTnsWLACsi26cG41Br_alla_TSPJvA2JtFDD1zrb401EwGK2mJu_9iKdn42eGtXbClp-09a77plYcUwfJz3zX8U3iMqYvjBz6urqYY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.kesatu.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FA46 43 B
215 B 106ms
105ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1333404&asId=b451a4c2-b371-a991-1dcb-74f5825978db&tv=%7Bc:7LOQVG,pingTime:5,time:7180,type:p,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:33%7D,%7Br:r,w:300,h:600,t:243%7D,%7Bpiv:86,vs:i,r:,t:2179%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:5001,o:2179,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B2171~0,1~75%5D,as:%5B235~0.0,1937~300.600%5D%7D%7D,%7Bsl:i,t:2179,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:86,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~75%5D,as:%5B5000~300.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:639,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C151%7C152*.1333404-69076802%7C1521%7C161%7C162.1351698-69475176%7C1621%7C171%7C1721%7C181%7C1821%7C1822%7C1823%7C191%7C192.1333404-69076800%7C1921%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1b1%7C1b21%7C1c1%7C1c211%7C1c212%7C1d1%7C1d21%7C1d22%7C1e1%7C1f%7C1g%7C1h1%7C1h2%7C1i1%7C1j1,idMap:152*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:35,sis:1221%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:57 GMT
server: nginx
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 110ms
110ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOR8c,pingTime:5,time:7700,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D,%7Bpiv:100,vs:i,r:,t:2699%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:2699,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1654~0,1~100%5D,as:%5B1655~160.600%5D%7D%7D,%7Bsl:i,t:2699,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~100%5D,as:%5B5000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:254,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:1072,sis:1870%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:58 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B0B8 43 B
215 B 105ms
104ms Image
image/gif 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1351698&asId=46ac5c52-f507-ba6e-b51c-64a3900e2b9a&tv=%7Bc:7LOR8d,pingTime:5,time:7701,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:1071%7D,%7Bpiv:100,vs:i,r:,t:2699%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5002,o:2699,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1071,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1654~0,1~100%5D,as:%5B1655~160.600%5D%7D%7D,%7Bsl:i,t:2699,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:254,fm:tzpFi3i+11%7C12%7C13%7C141%7C1421%7C1422%7C143%7C144%7C151%7C152.1333404-69076802%7C1521%7C1522%7C1523%7C1524%7C161%7C162*.1351698-69475176%7C1621%7C1622%7C1623%7C171%7C1721%7C1722%7C1723%7C181%7C1821%7C1822%7C1823%7C183%7C184%7C191%7C192.1333404-69076800%7C1921%7C1922%7C1923%7C1924%7C1a1%7C1a2.1333404-69809932%7C1a21%7C1a22%7C1a23%7C1a24%7C1b1%7C1b21%7C1b22%7C1c1%7C1c2111%7C1c212%7C1d1%7C1d21%7C1d22%7C1d23%7C1e11%7C1f1%7C1g1%7C1h1%7C1h2%7C1i11%7C1i12%7C1j1,idMap:162*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:1072,sis:1870%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:96f7:223a:d21e:6e1a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Mar 2023 09:38:58 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJtFZaKF2qsbd67MZCn7Dts&google_cver=1&google_push=Aer7DvIPXIgiEf4JTUZ9EJP3zMsn7wj-V3rzBQqeI3hM9oKR5SCWzi1kGCaQdY7M48Amoy5sUyT-le_gGd6GOuCufce-fO2Pj-xs06Vv

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

82 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.kesatu.co/	1970-01-20 10:35:37	Name: _gid Value: GA1.2.125206697.1679650727
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_gtag_UA_207405423_45 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-91 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-90 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-81 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-80 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-89 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-83 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-63 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-86 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-85 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-64 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-65 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-78 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-62 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-84 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-207405423-87 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-213951293-83 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-208513372-4 Value: 1
.kesatu.co/	1970-01-20 10:34:10	Name: _gat_UA-208513372-5 Value: 1
.kesatu.co/	1970-01-20 20:10:10	Name: _ga Value: GA1.1.1326326062.1679650727
.kesatu.co/	1970-01-20 20:10:10	Name: _ga_XHS8W3S0QP Value: GS1.1.1679650727.1.0.1679650727.60.0.0
.kesatu.co/	1970-01-20 20:10:10	Name: _ga_L9VSZP7GRD Value: GS1.1.1679650727.1.0.1679650727.60.0.0
.kesatu.co/	1970-01-20 19:55:46	Name: __gpi Value: UID=00000bcb337316e1:T=1679650727:RT=1679650727:S=ALNI_MZcdR4WLg44oNF_WdFYAzwEt1ve2w
.doubleclick.net/	1970-01-20 19:55:46	Name: IDE Value: AHWqTUk6YGz8MUNF9MCFhv2CGKmhC_He8imsOfftbutna2yzubKgJbLtNmfJJ0hU79g
.kesatu.co/	1970-01-20 19:55:46	Name: __gads Value: ID=c81dbb1cfbf7407b-2270761c6cdd005a:T=1679650727:S=ALNI_MZRRhN42gpJVIj87EbMn7AkCdsg2w
.casalemedia.com/	1970-01-20 12:43:46	Name: CMPS Value: 5224
.casalemedia.com/	1970-01-20 12:43:46	Name: CMPRO Value: 5224
.casalemedia.com/	1970-01-20 19:19:46	Name: CMID Value: ZB1vqY6fF6Ka1E8m03Ft1AAA
.adnxs.com/	1970-01-20 12:43:46	Name: uuid2 Value: 678907520639518102
.adnxs.com/	1970-01-20 12:43:46	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>9mx8s[!]tbPl1M>e)ZlrFUfJ+tGXxo<ALOVP^**g-L!.XxVVe(yKzFChZslMTCTkv@3If)y3KL9D3I?+o3Kju8
.yahoo.com/	1970-01-20 19:20:08	Name: A3 Value: d=AQABBKlvHWQCEK0eY33_mLXBtUWz4BWXuMAFEgEBAQHBHmQnZAAAAAAA_eMAAA&S=AQAAAo_pXlhdcSp4QegAfOmVEqo
.adfarm1.adition.com/	1970-01-20 12:43:46	Name: UserID1 Value: 7214044949779314832
.spotxchange.com/	1970-01-20 11:14:29	Name: audience Value: ae83865b-ca27-11ed-b4b1-1afcdea00306
.everesttech.net/	1970-01-20 19:19:46	Name: everest_g_v2 Value: g_surferid~ZB1vqQAACZ3TxQBa
.analytics.yahoo.com/	1970-01-20 19:19:46	Name: IDSYNC Value: 18yl~2aox
.w55c.net/	1970-01-20 20:05:51	Name: wfivefivec Value: qkk7ZyZU1PFDSO5
.ctnsnet.com/	1970-01-20 19:19:46	Name: gid_CAESEAyDDerd7e_nZqGZJF-13ZU Value: 1
.simpli.fi/	1970-01-20 19:21:13	Name: suid Value: 38E4F25D1E4F41F687FB0B297861641C
.bidswitch.net/	1970-01-20 19:19:46	Name: tuuid Value: 6c0262d5-651d-4062-bd8c-a47df8f66a00
.bidswitch.net/	1970-01-20 19:19:46	Name: c Value: 1679650730
.bidswitch.net/	1970-01-20 19:19:46	Name: tuuid_lu Value: 1679650730
.pubmatic.com/	1970-01-20 10:35:37	Name: KTPCACOOKIE Value: YES
.w55c.net/	1970-01-20 11:17:22	Name: matchgoogle Value: 5
.e.dlx.addthis.com/	1970-01-20 20:04:25	Name: na_tc Value: Y
.travelaudience.com/	1970-01-20 20:05:51	Name: _tracker Value: %7B%22UUID%22%3A%22559BAD17-BB67-47F2-B431-3E0E3B2134F3%22%7D
.doubleclick.net/	1970-01-20 10:34:14	Name: DSID Value: NO_DATA
.de17a.com/	1970-01-20 19:12:34	Name: guid Value: 1.4167948522556185483
.agkn.com/	1970-01-20 19:19:46	Name: ab Value: 0001%3AhsKSOIPg7T38FlJin8OlP7GugYObVZPB
.agkn.com/	1970-01-20 19:19:46	Name: u Value: C\|0CEArsCwqK7AsKgAAAAAAAQ13AQCAAQpAAAAAAA
.pubmatic.com/	1970-01-20 19:19:46	Name: KADUSERCOOKIE Value: A03F51EB-02E4-4280-A83B-F84F0E6A692C
ads.travelaudience.com/	1970-01-20 20:05:51	Name: _tracker Value: %7B%22UUID%22%3A%22559BAD17-BB67-47F2-B431-3E0E3B2134F3%22%7D
.mathtag.com/	1970-01-20 20:00:05	Name: uuid Value: f152641d-6faa-4000-920d-6ba18275c48a
.addthis.com/	1970-01-20 20:04:25	Name: na_id Value: 2023032409385000013784062698
.addthis.com/	1970-01-20 20:04:25	Name: na_tc Value: Y
.addthis.com/	1970-01-20 20:04:25	Name: uid Value: 641d6faa70bc9ada
.addthis.com/	1970-01-20 20:04:25	Name: ouid Value: 641d6faa0001332ecc70f98d5472cb2758d2ed3e938f9ee5e501
.dlx.addthis.com/	1970-01-20 11:17:22	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 11:17:22	Name: na_sr Value: 20230324
.dlx.addthis.com/	1970-01-20 10:34:10	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 11:17:22	Name: na_sc_e Value: 0
.rfihub.com/	1970-01-20 19:55:46	Name: eud Value: H4sIAAAAAAAA_1vFwmtoZm5pZmpgbmxoYGkCAOCVV14QAAAA
.rfihub.com/	1970-01-20 19:55:46	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjW1MDMyNjc2NRPiM9QtLg0JCs_Iqso1KIkAADdHKeolAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjW1MDMyNjc2NRPiM9QtLg0JCs_Iqso1KIkAADdHKeolAAAA
.krxd.net/	1970-01-20 14:53:22	Name: _kuid_ Value: PdBaCkxu
.ctnsnet.com/	1970-01-20 19:19:46	Name: cid Value: 4e30da38a26e4efa8019364dd773a803
.adform.net/	1970-01-20 11:18:49	Name: C Value: 1
.3lift.com/	1970-01-20 12:43:46	Name: tluid Value: 3510768755015201653737
.360yield.com/	1970-01-20 12:43:46	Name: tuuid Value: b79daf53-5bf6-4cb1-b58d-64127c957e1d
.360yield.com/	1970-01-20 12:43:46	Name: tuuid_lu Value: 1679650731
.adform.net/	1970-01-20 12:00:34	Name: uid Value: 1880409420137677879
.bidswitch.net/	1970-01-20 10:34:11	Name: google_push Value: Aa02lx_R4e6SkBFRSBxmj1dKT5iDwQjA7rahrI3--5l9tnD7CHB9BSMUSJbdNGh49hdLKOaNAMvjCS9qSdWozlJbauc21LudBIh5Xrk
.blismedia.com/	1970-01-20 19:19:50	Name: b Value: 641D6FAC0356D24F43BA2465BLIS
.turn.com/	1970-01-20 14:53:22	Name: uid Value: 8357443178038896905
.tribalfusion.com/	1970-01-20 12:43:46	Name: ANON_ID Value: aDntuJrwZaybQXwrSQHbQktLVnZdu3w5UZc1X0suqeD9FM2nwY0p7xbQZbZcpedVZaXrMECPtaXr5q1o0F8H4pFJVmnKGS
.quantserve.com/	1970-01-20 12:43:46	Name: d Value: EHsBCQHLKIEA
.quantserve.com/	1970-01-20 20:04:25	Name: mc Value: 641d6fac-f35a9-e3956-8bbad
.mathtag.com/	1970-01-20 11:17:22	Name: mt_mop Value: 4:1679650733
.1rx.io/	1970-01-20 19:19:46	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-7deeafd8-813b-4aa6-bd91-42d24a98d521-003%22%7D
.awin1.com/	1970-01-20 10:37:03	Name: awpv20044 Value: 412871\|1679650733\|b09407a0-ca27-11ed-b6bf-22318f8574b4
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 415363:2904924
.targeting.unrulymedia.com/	1970-01-20 19:19:46	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-7deeafd8-813b-4aa6-bd91-42d24a98d521-003%22%7D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJtFZaKF2qsbd67MZCn7Dts&google_cver=1&google_push=Aer7DvIPXIgiEf4JTUZ9EJP3zMsn7wj-V3rzBQqeI3hM9oKR5SCWzi1kGCaQdY7M48Amoy5sUyT-le_gGd6GOuCufce-fO2Pj-xs06Vv Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAer7DvKh6-j-A4ZNukuQhwtu2wDUxp_oDtr0ctH92cgE6IFBSb9Mia1zm8sVeDfbr68uLXzOvI__N6coEbRLYOAlGyFvC_Wt3w3ieg&google_gid=CAESEEpxCzJLkG70X_-2KDLSmFg&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aa4a16cb6e648e054e462981699264e0.safeframe.googlesyndication.com
ad.turn.com
ad4m.at
ads.pubmatic.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
as.ad4m.at
assets.ad4m.at
assets.ayobandung.com
beacon.krxd.net
c1.adform.net
cdn.besafe.global
cdn.doubleverify.com
cm.g.doubleclick.net
cms.quantserve.com
csi.gstatic.com
d.agkn.com
d5p.de17a.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
match.360yield.com
match.adsrvr.org
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
propsid.b-cdn.net
r.turn.com
region1.analytics.google.com
rtb-csync.smartadserver.com
rtb.openx.net
rtb0.doubleverify.com
rtbc-eu3.doubleverify.com
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static-de.ad4mat.net
static.adsafeprotected.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.kesatu.co
x.bidswitch.net
googlecm.hit.gemius.pl
103.229.206.240
104.111.217.14
104.111.217.42
104.74.228.51
13.248.245.213
142.250.185.98
142.250.186.98
151.101.66.49
18.64.141.114
18.66.147.6
185.64.190.78
185.80.39.216
185.86.138.152
185.89.210.20
185.94.180.126
193.0.160.131
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
213.155.156.181
213.19.147.44
23.35.236.201
2400:52e0:1500::868:1
2600:1901:0:76b9::
2600:1f18:1aca:4282:96f7:223a:d21e:6e1a
2600:9000:223f:ae00:8:48e:53c0:93a1
2600:9000:2240:a200:8:455e:4a00:93a1
2606:4700:20::681a:71b
2606:4700:20::ac43:4a81
2606:4700::6812:19ad
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:800::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2001
2a00:1450:4001:828::2006
2a00:1450:4001:829::2002
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:4001:830::200a
2a00:1450:4001:831::2008
2a00:1450:400c:c0c::9b
2a00:1450:4017:805::2003
2a02:26f0:480:9::210:ee0e
2a02:fa8:8806:12::1400
2a05:d018:d29:3602:6398:bc78:96b2:ccd4
3.126.189.98
3.75.62.37
34.149.12.213
34.91.62.186
34.96.105.8
34.98.64.218
35.186.193.173
35.190.0.66
35.227.252.103
35.244.174.68
35.71.131.137
37.157.4.24
51.89.9.252
52.211.97.32
52.212.129.217
52.28.63.52
52.48.240.209
52.59.80.27
69.173.144.165
85.114.159.93
98.98.134.243
0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0249bb451c88404547895e0bf6f864612756386473cddc798d978742c65af546
034ca45cbb529fae03ef3369e27196c183682014c1a2c68124702696797df250
04d5f13346fb0bfb545720344a3c079e036bb3b387f713d95cc652c736ab83e2
0795a57e66286e3dd53474ee199d61efed837c0d6f27e042d4e1722088d75afa
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08995eed2bec2ac358fef4b8da9fa99c2c60ac7f3ce96937783c49c365f9ebbf
0a38cf7423f9f7060c66183e74e7e138bed849de551199c490e3a1e97ce291e7
0affac46bfc0c3bd4078f25128d0e8d2aa318b5cd3842fcd08bd350c7097c354
0b04b75bd8eefb657a643d7da99812a4fc165abe22fd3408587d11e43baec5b4
0b6655c72afc623a9d8fbd9fab55be2eab3a25f7ba68674d74ba75e95d7513ed
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c912f28b7fafd4a6ebbebe9b7614a73bd465c382c5fe4817a4cb3a25f76d80e
0cd13bffd1187110d3f360e65bfc4115b5a9fc8a31197630c632f890ddc62652
11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1517b5246f24efd5abf47f90c676a2e70fc62d28fb0f7e199e249111d4450a21
1593bd5a43dd148d4c0e4d0e9f74f80613d3a48cdfb71fa15835f79aef9919a8
15eaeb49112cb71de08a452c992fed4d87476508ede572843ab40ef34d254ebf
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1846fb88554d3180cffa9c58ccc65f3cc9f0590b92c594761ff3823cde5eaa55
1976ceaa3b49d5f7b6f20c1b67c9e3e537975ec1b00e20bc93450cee2d4a42cf
1a205d65c41e1e75736a6f89d530a8a3dbd67688cc6e8382d7cdcbef38db4d2d
1b5f54fa30def8f397c41c410dc05fbf229346c5cbbfc4e8366d25740d03de48
1b68d120efe52bc7011381f0162949fccce5b979e97d6e2b8c3fab473e2cc7f9
1b6f03dbf7a961d2263d9b82514563951150b0e8e8a1f88cd40cb17844446a94
1bbe6ccf43a1a712280b418d9b6a89f7ca17ad6ae64e0abfa93d85e84d4b2595
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d28bbdf62a792cd8baf45314d7d9112bf77f44768da5e1d4e8225d403244103
2068ff40104d2db82990dc62f865cc325cf1073af06db962ecdbe663cfaaf8f6
20c33ee04124a5737fb788a23c696f8f416d1a5e698f0d546a57bfddf0740022
20d1c7258800dff64d7e4044a7809271e75bb8ee529c3bbcd838d7b83fcf4d55
2119c260f5cee59b47c698cce4b2e1d1efec703b2220c7c3e706a98b742cce4f
21bbaa8008a3c469b361b3e8c90a911b4d04e3b13e0abd0f736c8f0d72491d83
2214d41b278709c873fdb298e1c176c1a8c2e2f40538d1b242a48e7c871611d2
22829bd69e36b744d663cbd6a2f8b432ee0a79b41b66e88361149aca040c3d3c
251aa5a76c0926d71c1be00b150a2af09b9df8fbc5ca682dd4dad3906374b5e6
25a74daac5f486d56869b275aa25c5ca4503e6b6fa172083ce1b563ae5f660d2
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2858c4be6d70d0ef0ac6cd303154658c117c12b45c6a10223214dec38553f0ea
286989eb6370c367c56c26c6057ab812334d77104e810ca257c59ef68b878157
287803722ee056b6063bced4efed58e67cb7b856d6ba61d95f1bc6aa6fa6d838
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2ad420ff11526656e79f7c2476235849d96607e4a22fe15c77b6555dd2603f11
2c34a7696b87131405dda541b204d04a953c50924aea9cc1bb37a5106571c186
2c3c04e75b55ed4bb6c4a51a634c1ebd3c210231f140c31858d84149e89537a0
2cd91a116909572d0193cea60b6c3ad49fc39a6751d7184bc0395fe4fe53ae0b
2cfba95bb449c14585a7f3495536a09c40266b422e942c3c8be4ccb0d74587c6
2d3b8d5181cb107e4fbf1698508cc99c99f470e5d0d7cf2244cedcb8290559b7
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2da86afb3b9bf7434c854f859a918567212286f93a802c14597acc2cd2060ea5
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
31552c699b839c45d0f246d1c2c2156368b5fc6d05bf6aee3134987c3aff2ca0
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31916b9fdc85bc36d93ce8f4e744cfe88bf1f1915b601ebb3a5d8094b97de44f
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32fd62775e3f6579551434ca7c9722ab27db9635ec8c510b5407b3f054cd91b3
352fd9d5db79d40ca37dd7654a8769a1ef0577dd9a8d04b8304ee4ff30b2d114
35c97d0423fe763e16e4b41a769b3e02a29521377ed55781a96a5776e02e4a3b
3617a94ea1a7348522bc5f79cac7ca75fb37403e83861ca8ab62fb69b59300f7
362dcb5b2afc1493304b740b4735d30b73be0c88fa6193a991a8048ecacfb90b
36e269daaa233a8fc7de945a0c3c1a6218809d5269e2eb45a37c9fe3988a584e
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3a8717b1c866759c800df22bdc5b34545730d2790473892a4cf31dce49bf1170
3b44d4a93813a0a4fb26ac5f817284ea95888a2465bcba78fbd4dbf8a19c5d76
3b87a3cc2321cac704426e95f7b8042fd621939cd3dd8474b4a9ba8d17477aed
3c7100e7363e76abd3ac27b0a6955788139ba02ff4a163568c4504c82bcf45ef
3c92182008a38c3fcc3c8bf6a6c74a4da2268b1ffa1bec0a33dd1e67ed844d2a
3d314ec3e0e81ea8b640b3b3f867e5eab4100cdf95ba1a6a06f584c079be27f1
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b
3e0ac0503d6b5476fd07981257659b122cca2395427c59f673745e400e7ceefa
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40da1f2bb18419fdeb462e7468c95a3ce82767d881695aaa0800bd567ed53a00
429ddaa6caa654d32c92aa143ffa993ea429a69306b79cdf2a9cdf627d98577c
42d2d2f5ca7d4a74d4cec7eb892236bd4ca4790ef0446d15a1cde9d1e1d555d0
42e8de9192dee3b3ee8a7529c5883dac20b868000168362d9f287125c95e18a8
438bb41aa1c771eaa68c855379deb5ebaa0b61f917b4e4e2c8ab00a3c7b94e92
44121e3d1aab7cd18d3186a9016aa16a316590e077a477bd7cebc5b07ee83596
4455ce32dda87764fa53b686912d078c7657d7ad58551cef57387d47b39ea788
4509d578972c4a5c85b0e1208201aae2b0be0fa0b00653a97946f34bb918ed6e
45307094a7f2c83f8a910acd1010f5684a2da608ce330a3697a3df654da97470
4610b91606a29e1400982384f0adddc0ef917693671c6320db7b20f565387fa6
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
490e91e6c3549e4c51eccf313b68a23a5cc6cd1581adb4b57c8c0d0965159e21
496ed7d3eb868f74065c9c4f435b0d4afee4a9f37bc4934e7fbccffeff98d3cf
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e80528cf2aa07678142da551633bc1af699f014c04dabf87dce86db9be207d9
4e8b5a3e2ad9f9b29e5b8cb514f4f7d0ae61997b94258cd986e60384a8b2a3eb
4ed12bdfac4ce8f4b8acfb9e906ab6d5ce05e937da31234620b56adba00f9fd1
4f0e2b8e17561ed45ceda62d49a2af7725566fd472d7ec931ef7346db1c5c76f
4f81c2ce40f0e71819182a4d4c72300ee2cb0e690e537e4e68bafc6a8c900570
4fa1d10768285f2511128db43d6987ff3489e5f153d0240087b0d7fd6d449a31
4fc80465056668fb48ea0724aa584b6030bd0e2454778b0448b69d51b03940ad
4fe2f34dd7e5dca36dd4dec1d21b6d789c57823c081baf0ea7763994f58eca27
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
525f8d5d51c56e46c53bef4cc9951c7edb5e7ef9c2cd8dd92e4dbf4f43badd11
53045d3f1b5401ed6234f4ad7f3b0dc583f1ab1a4a85174022f4da520b6d0a01
5323f7f140aaabca00b3e80d9b8adbdba6b38c60caac8ee35cf3b8ecd252090c
54ecfa572990e94acedaa3f98412b668277d09a314d645d0e4be182f3ae5a47c
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c8c9f9fe2cf6911d81bf00e08d31567afca911e1cf0252bb54e964fade59d7
58b0d4c16e89728c34fff405516be61d0a78425aea30bf1c265364eb239f3b9f
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
59ccf972686ec8f63ef06ef82b4bf7fc02fd4d6c0e037e1e920fd47c2b11c59a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d34fb496bdeb4a8b1ee80be305bc3017fe3ac53d95160291e9e71703dab5e5d
5d39b7613d5bd42f3cc0a4de5e6603da50e7581f5278084cf10f97bd2d815383
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
60759cd5541a8ed1fb36b5d9c7c9816bc8eb86da956171a6d85d5551d7d26f3e
618fda4a0bab1339a659804a7567c9bc5dcd1d8a2ffe00aef0f7fa47736e0548
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
678916200d52ae723869e4a72480288263ce1995ba28750d3151abddbd2aca13
69b2906e60f091da37046596fe7cd56a16d3a1d49f90fc5714a72e812d709b5c
69fbe642be224c81ac8defd6a5b93ef51648e5722593848b4ef0d05dc27c12e5
6b18cb4c5b0084b16c8506f0a8af0823cdac6cf1dd43f8eeb129b49314e2db7b
6b195862d73b87d34ae58467207b54281bcd256e97be777b3af9b1c11b4f4ebb
6b7ffcd06803d873ba5781bd7d67012660baea655d54265cc2b51d70b7b4d402
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e74ee88647f77e5a3df1c5a79f55cb1167382f677a81b3bc7751fc4d71e24f1
6f9960d8afe804b544d488c5ed1df81417e557b0a26ed0ad2ec8b1b7d8504f90
72d114a3f4e3a9d06d16c783918e2d4d8101a8c66aa5db94845c97b5e03944f6
73fb2fa0d192c9fe74aaef182a6dbc31c29e7cc863038f0d69eac0d5c8ae204f
740ced19ce82a3ebf1c8b9ead610ff801e536e95ccbfb09503c4b0c66ccf0686
769783dc7f03e0c2db46e0633b2963d24e3d3c170b13afdeef7b10533a565006
78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186
79878c8bfe88210cd8d54af52c9199e525c19fd63cda51c1368d0929aac0814c
7ae542bace58e607e3384b18969c424e8c77b6306ccee4298af00805479496f3
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7ee2c9d9e322c7c4a2ed4e23767d14ed9f9c5e0a6f4d667f85b39cd694ceb045
80bfbee189e13831ea39158324a0397a2718547843453c42916d55cc28fb30d3
812b6c714a944a7d28e61541e84517be5646c5e9d023181b7d9385b3c4041dcc
831a0ffeae52bcd087050c22ec911efb172a3de267305ce847a4980bdb362689
83c2cee78bcb18f392632e2f4fe16cf2da7f3f6f89927d282f8246eb7d82b3d8
83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff
83eba7a2beac4d750c0ab403fba9fc91aa36d4dbf6bee0d836b86d48be9fa074
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
855dfbae42eb6ae7faaa629932dad117408a1dbc5d5639295cbddbe201fd7503
86be7661939719094bff644e5ff06a51edfea08529f3f396b51f479d6185a0c6
871cb6fcbec52bfeef93a8fb68cd9b00baaf7d7cadb6530ef06523afe25ee9a5
87f18025d14bcc133b85996196a8be8ba7a375a50a3e594e558763ec7a0eb7ca
89aeae72e37b8c08105973f3c506211e9b6e7f1b894e48772eaf20fcbc0d0ab9
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a03c0567e6f775a5af1bd8a040f51a5ab158897effae219fe52579ad9146b16
8a66d2c94311bd31f11ac1745221fbf79cce5d9d7e7aec61e9603ceef634eebd
8b06f9f0e2abdae9e3043b070fa238da4e8be7b659eae66f544b3d3602b44c71
8c4e34094b30ef332a41fff59757045fa00d7cee7d33de1bb3105e572a310741
8d42f11c2cac4d35767c17fd2aad83f9d577c94af7bd8ddb7fe6f60d5c52f0c8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e0b6a9f92b6dc168197e8b2fb61fe95484901f9348ca923714a669ab989bfd5
91bf712ac9d33df887d0d8a52a3d530a3084c62f3dc3f31106ff5bce9403fb7e
926a4ca073c39c40cabffbf1b0371803f245f084cdb9177fc7b3f9d81c0e394d
943e474e110dbebaaaf183d9ee3615e0479f0a471d441e00c0ab054d6bc15d20
97fc46192ba4021f1636ae312a3b9fc1c22e9e1521ad9ae565d359c406e1c056
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d0417b29883daae5a08dc92614323cf6e09f82cad4986fc1b87278b2b859192
9d09759caa40ed5d354c523a90c272e0640f39c2ad72af2475617a247db110d0
9db819fcacffaf3e9d603f594ce05f8594bcbb8389c59e687c97c26966c2d850
9de5a9ee5dc9d4ca558268b7bcd6ead5eaff468a4a13f526738b4e5f65b32855
9e8150bf756a5b5a7f00f71ae2714734bf45a3e1f9af3ddcd631bcdffe28d187
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a030b0045922b8b388646d53687ee354bdcac96f9889dcf5eb1bd85370f29b4f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a32d6ef9d87b7b1a711151950799a8e835394df5440c6a226c745996c4a8d919
a340e1d4b00e8f8b4752a896dd9f550b44272c1ec3f7bcd6a9b33a8def05df41
a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c
a4381ca6d2c4d3e21f899823c0413f157b52343dfc2d6803c087450607421fda
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6371fef993ba5c5e54190f138ece42cd64c7dc7810d485480dbfcf6a4ca24f6
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a9918a7f432276ce95d1db9b73690cb338020c42950d6f01cdf402d3515653b4
a9a23d88f403f067b61c3a941232a8870aa65dfba59f1fb9a25b13f955945a7b
ab0cc89ae31165e9476ff5136147b08ea2fb9546e2a0e6fe4c40672405bf064b
ad0bd6d7c9d0aa1ef426452c396f8dae73a0b6d6d99d79c4af5858f9165fd8b6
ae8af00b31a2e69e3fc2dbc7617313ff5a3b86bccb92ca1cca13aaac26211d53
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b18c459f46362ceba3c1f0848d33081a4fc6b27422e0eaa80ff77bf70298cfa3
b3f6706798da09c4a6c6fdc621ff166ef6a9687af5920f9f4f166b36f2682413
b78fda59eb8b6bf04ef48190dd1dc7701d13685368111fd6ecf42b979445815d
bbf7aad610b99d743f5a7bb876e283b7adbc0759e6e9b0a939c35646dc4a70a5
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc92b5217945d9bdfab85fae10323da2bd6ca7700676e9a0bfe913e8f2fc36d5
bdc8bbdd768967d967bba96cf493094ba2187f0201c78e5780ad718cd4f62a50
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
becd18d09d68c65c13f9d50aa5cf55b60a08d8156c3dbf31459759ed4b3519de
bf03ea29acf0fb29f1e4bd2ed2376b49ff6277fcab56101348dec89ce647b47a
c2747415b1a508aa262c4ed4d65b69130483d31d67f116cc3fa0aa742598d47f
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c62e1e3a08ad3f3c7bd21eb512efbbb6d2bbcaa7490146c7efebd65f585badf7
c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c
c88f93adfcc6c5886eca075b507e5ba4ea5f36cc35304e88305d37ee44ff015e
c992e625e6ad22d8ef0e4a6fbfe8c58567d0b84fdd24c976a2eaec51f23d185e
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
ca6b32110c3df8b7e7a625dc32e1f0aa84476c84489c01c898a83bbe67834ef7
cbf9a09bcd7d12cff052816f5d4367f431634dc1aa767911e1c708a4c38749a8
d02d17794bb46a05736221749f8547f23c053e9b3c32f63c3d92bd32a0bb879d
d057a6097d8a0ae4831667c1f1ca37800322081ca39df92ee09cc9283517d9ad
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d150dc5d191310b098201644270389f0d6ba052fa1a4fdb5c722c4006295e90a
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de33fe1ba0d81147fc56ff19149e85914d13c4c4d7a5969aeda463d9f4787848
deaa99b4c97db2882a4a4be0455e95191f1fdb750c34e215b1bc450cf55bb465
deda2e83e48a3aa2725c655d07e512e91a234858cffc8c2aeb54adf252ec3d04
df18e53a5428373573e9f2d9bed9cc4c4280dee56c5fc6f15baa8083001bbea5
df88c0155970cc20f2a6124d666bda688144501fe5a31f41b9e3c15795f83715
df9fc78d7b87a60813207365892a68623866f0e57d145325e2fb256680bd3e7f
dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
e237b4867f371732a90ec2cb2cbec638bae9c44e91027fffa5d8001d21a9ec2e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e5016d750a959fbb302803c8712b87f4715fa195ba98eb5d116ef844b43cb292
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7a7caeab92c66a56f8715685ea3ba987ccf3c0df8ebc99605346dc1d1ee7e1f
e8a3cada7bfe4b7a40e97b3893f5acc30daf5ee8f56b4a65aa391e2cfb2c4b5e
e8b2faa65ed345e553d2f772ce2a6d59d20ab6e4b7c16330735d46fb0251e0ba
e9223a9fec85224bba9c80bb9fc5a2d8e986d698272f3436c42ad6b8af9aa9bc
e9482bbd280c459e89e68a99ac50594ee4331a6c35d6f25b64513b840eeb6818
eb74c291d1f957e008ee7cf0290660f7b723612c0af66ecddebd425399cbe338
eba83e7ea77a84f704f9487fc6b2507197c82983aa1a5b22032336eaa5221dd8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4854a989cfbb42e554712516e6f8d4de58c73d41ae29f840e8a30c07f551c2
f14cc14af11a6df39ecec63d5ca35b7afbd0552ffd3cd2071a94291fa2aee18c
f1d9ac27e964ca5bc7b8b69466ddcfaa7690ef0a1768b44a61a97aa39643a86c
f393a1b4de8599569dd9ec13c337c8594d19da3b46c1f6a130e14e49d478d540
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c
f653957a283b5264cf0177e78a1f913799cf97dc434b2bfc0640342266c6f5cf
f73b9a9d0b8e5ba94afa407735d291d99dabc070596656b5ce93100a6c21fed7
f90d95764487b1ec5946495034f4d9d13fb1a1925bbb252b92adff95b2ce327a
f97a39d86834a134b359233cc1b720a106b910d8eab5a5c28aea34400c6d7ff0
f9f7ca92ac484587069e344faf7ecd9f82c53739d5008d5adcfafa7e705d9ba9
fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb
ff7cf555670810befce554f2d0b6bee32a96e1501a7d5c965fe44a4ca740fd84
ffbaa4c6580637004983c65c6b0cb3edb1c02d3abe551249b28f248431b4b7f2

www.kesatu.co Open in urlscan Pro 18.64.141.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

771 Requests

89 %HTTPS

45 %IPv6

57 Domains

81 Subdomains

54 IPs

12 Countries

8415 kBTransfer

22803 kBSize

82 Cookies

1 Outgoing links

Redirected requests

771 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.kesatu.co Open in urlscan Pro
18.64.141.114 Public Scan

Screenshot
Live screenshot

Full Image

771
Requests

89 %
HTTPS

45 %
IPv6

57
Domains

81
Subdomains

54
IPs

12
Countries

8415 kB
Transfer

22803 kB
Size

82
Cookies

771 HTTP transactions
28 data transactions