obywatelwie.click Open in urlscan Pro
2a02:4780:9:1263:0:2d6c:6275:10 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://obywatelwie.click/
Submission Tags: https://sinking.yachts sinking-yachts phishing Search All
Submission: On December 12 via api (December 12th 2023, 11:04:14 pm UTC) from US — Scanned from DE

Summary HTTP 187 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 49 IPs in 9 countries across 43 domains to perform 187 HTTP transactions. The main IP is 2a02:4780:9:1263:0:2d6c:6275:10, located in Vilnius, Lithuania and belongs to AS-HOSTINGER, CY. The main domain is obywatelwie.click.
TLS certificate: Issued by R3 on December 12th 2023. Valid for: 3 months.

This is the only time obywatelwie.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1	2a02:4780:9:1... 2a02:4780:9:1263:0:2d6c:6275:10	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	62.129.206.181 62.129.206.181	12824 (HOMEPL-AS) (HOMEPL-AS)
11	2606:4700:440... 2606:4700:4400::ac40:92e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	195.177.217.192 195.177.217.192	50599 (Autonomou...) (Autonomous System for Data Space Sp. z o.o.)
13	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2 4	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
19	2a02:26f0:f3:... 2a02:26f0:f3:38c::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	63.33.82.49 63.33.82.49	16509 (AMAZON-02) (AMAZON-02)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2.23.196.80 2.23.196.80	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:212... 2600:9000:2127:ea00:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.239.67.100 18.239.67.100	16509 (AMAZON-02) (AMAZON-02)
2	34.202.21.73 34.202.21.73	() ()
1	35.244.188.9 35.244.188.9	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:710... 2a02:26f0:7100:8b2::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	18.239.67.245 18.239.67.245	16509 (AMAZON-02) (AMAZON-02)
1	89.207.16.201 89.207.16.201	41041 (VCLK-EU-SE) (VCLK-EU-SE)
6	107.178.244.119 107.178.244.119	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	63.140.62.135 63.140.62.135	() ()
1 1	63.33.14.251 63.33.14.251	() ()
1 5	15.197.193.217 15.197.193.217	() ()
6 6	142.250.181.230 142.250.181.230	() ()
2	34.226.231.102 34.226.231.102	() ()
4 8	185.89.210.180 185.89.210.180	() ()
5 5	172.217.18.2 172.217.18.2	() ()
2 2	2a00:1450:400... 2a00:1450:4001:831::200e	() ()
2	2a00:1450:400... 2a00:1450:4001:810::200e	() ()
2 4	185.89.210.90 185.89.210.90	() ()
4 4	37.157.6.237 37.157.6.237	() ()
5	35.190.43.134 35.190.43.134	() ()
4 5	2620:1ec:21::14 2620:1ec:21::14	() ()
1	13.107.42.14 13.107.42.14	() ()
7	23.212.88.188 23.212.88.188	() ()
1	35.244.174.68 35.244.174.68	() ()
2	212.82.100.181 212.82.100.181	() ()
1	2606:4700:440... 2606:4700:4400::6812:2089	() ()
1	2606:4700:440... 2606:4700:4400::ac40:97ee	() ()
1 1	23.215.22.232 23.215.22.232	() ()
1	2a00:1450:400... 2a00:1450:4001:828::200e	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	() ()
4 6	35.186.212.60 35.186.212.60	() ()
2 2	2606:4700::68... 2606:4700::6812:19ad	() ()
2 2	2a02:2638:3::c 2a02:2638:3::c	() ()
2 2	3.75.62.37 3.75.62.37	() ()
187	49

1 2a02:4780:9:1263:0:2d6c:6275:10 (Vilnius, Lithuania)

ASN47583 (AS-HOSTINGER, CY)

obywatelwie.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.129.206.181 (Poland)

ASN12824 (HOMEPL-AS, PL)
PTR: cloudserver011865.home.pl

www.pizzadominium.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:4400::ac40:92e1 (United States)

ASN13335 (CLOUDFLARENET, US)

www.restauracja-anima.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.177.217.192 (Poland)

ASN50599 (Autonomous System for Data Space Sp. z o.o., PL)
PTR: host-195-177-217-192.dataspace.pl

t.goadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.206.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f6.1e100.net

10121152.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10902911.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a02:26f0:f3:38c::1e80 (Glattbrugg, Switzerland)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 63.33.82.49 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
marriottinternationa.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.23.196.80 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-196-80.deploy.static.akamaitechnologies.com

cache.marriott.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:ea00:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.67.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-67-100.ams58.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.202.21.73 (None, )

ASN- ()

pxl.jivox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.188.9 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 9.188.244.35.bc.googleusercontent.com

static.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100:8b2::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.67.245 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-67-245.ams58.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.207.16.201 (Amsterdam, Netherlands)

ASN41041 (VCLK-EU-SE, US)
PTR: ams04-nessy-float1.dotomi.com

login.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 107.178.244.119 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.135 (None, )

ASN- ()

smetrics.marriott.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.14.251 (None, ) 1 redirects

ASN- ()

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 15.197.193.217 (None, ) 1 redirects

ASN- ()

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.230 (None, ) 6 redirects

ASN- ()

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.226.231.102 (None, )

ASN- ()

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.89.210.180 (None, ) 4 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.18.2 (None, ) 5 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (None, ) 2 redirects

ASN- ()

fcmatch.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (None, )

ASN- ()

fcmatch.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.90 (None, ) 2 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.237 (None, ) 4 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.190.43.134 (None, )

ASN- ()

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tr6.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (None, ) 4 redirects

ASN- ()

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (None, )

ASN- ()

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.212.88.188 (None, )

ASN- ()

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (None, )

ASN- ()

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.82.100.181 (None, )

ASN- ()

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (None, )

ASN- ()

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:97ee (None, )

ASN- ()

idpix.media6degrees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.215.22.232 (None, ) 1 redirects

ASN- ()

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (None, )

ASN- ()

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (None, )

ASN- ()

adobe-sync.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.186.212.60 (None, ) 4 redirects

ASN- ()

tag.yieldoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (None, ) 2 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (None, ) 2 redirects

ASN- ()

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (None, ) 2 redirects

ASN- ()

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	doubleclick.net 13 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 10121152.fls.doubleclick.net 10902911.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 75 ad.doubleclick.net cm.g.doubleclick.net	12 KB
19	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 431	152 KB
16	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93 region1.analytics.google.com — Cisco Umbrella Rank: 2693 fcmatch.google.com ampcid.google.com	3 KB
13	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	956 KB
12	adnxs.com 6 redirects secure.adnxs.com ib.adnxs.com	8 KB
11	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 208 marriottinternationa.demdex.net — Cisco Umbrella Rank: 43813	12 KB
11	restauracja-anima.pl www.restauracja-anima.pl	2 MB
9	google.de www.google.de — Cisco Umbrella Rank: 6765 ampcid.google.de	1 KB
8	marriott.com cache.marriott.com — Cisco Umbrella Rank: 16706 smetrics.marriott.com	259 KB
7	pinterest.com ct.pinterest.com	4 KB
7	sojern.com static.sojern.com — Cisco Umbrella Rank: 14090 beacon.sojern.com — Cisco Umbrella Rank: 5541 pixel.sojern.com	13 KB
6	yieldoptimizer.com 4 redirects tag.yieldoptimizer.com	3 KB
6	linkedin.com 4 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	5 KB
6	adsrvr.org 1 redirects js.adsrvr.org — Cisco Umbrella Rank: 1355 insight.adsrvr.org match.adsrvr.org	3 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	62 KB
5	snapchat.com tr.snapchat.com tr6.snapchat.com	1 KB
4	yahoo.com 2 redirects sp.analytics.yahoo.com cms.analytics.yahoo.com ups.analytics.yahoo.com	1 KB
4	adform.net 4 redirects c1.adform.net	2 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 329 c.bing.com	14 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	157 KB
3	tvpixel.com c.tvpixel.com — Cisco Umbrella Rank: 9225 p.tvpixel.com	32 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	234 B
2	criteo.com 2 redirects gum.criteo.com	756 B
2	tribalfusion.com 2 redirects a.tribalfusion.com s.tribalfusion.com	926 B
2	youtube.com fcmatch.youtube.com	665 B
2	dotomi.com login.dotomi.com — Cisco Umbrella Rank: 1921 adobe-sync.dotomi.com	469 B
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 630	7 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 745	21 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	13 KB
2	jivox.com pxl.jivox.com	453 B
2	goadservices.com t.goadservices.com — Cisco Umbrella Rank: 258430	1 KB
2	pizzadominium.pl www.pizzadominium.pl
1	flashtalking.com 1 redirects servedby.flashtalking.com	552 B
1	media6degrees.com idpix.media6degrees.com	205 B
1	onetrust.com geolocation.onetrust.com	310 B
1	rlcdn.com idsync.rlcdn.com	98 B
1	everesttech.net 1 redirects cm.everesttech.net sync-tm.everesttech.net Failed	517 B
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 945	18 KB
1	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2199
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138	19 KB
1	obywatelwie.click obywatelwie.click	14 KB
0	krxd.net Failed usermatch.krxd.net Failed
0	rundsp.com Failed match.rundsp.com Failed
187	43

	Domain	Requested by
19	assets.adobedtm.com	obywatelwie.click assets.adobedtm.com
13	www.googletagmanager.com	obywatelwie.click www.googletagmanager.com www.google-analytics.com assets.adobedtm.com
11	www.restauracja-anima.pl	obywatelwie.click www.restauracja-anima.pl
10	dpm.demdex.net	assets.adobedtm.com
8	secure.adnxs.com	4 redirects static.sojern.com
8	www.google.de	obywatelwie.click
7	ct.pinterest.com	s.pinimg.com
7	cache.marriott.com	obywatelwie.click cache.marriott.com
6	tag.yieldoptimizer.com	4 redirects
6	ad.doubleclick.net	6 redirects
6	www.google.com	obywatelwie.click
5	cm.g.doubleclick.net	5 redirects
5	adservice.google.com	10902911.fls.doubleclick.net 10121152.fls.doubleclick.net
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	tr.snapchat.com	sc-static.net
4	c1.adform.net	4 redirects
4	ib.adnxs.com	2 redirects static.sojern.com
4	pixel.sojern.com	static.sojern.com
4	match.adsrvr.org	js.adsrvr.org static.sojern.com
4	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
4	googleads.g.doubleclick.net	www.googleadservices.com
4	connect.facebook.net	obywatelwie.click connect.facebook.net
3	bat.bing.com	assets.adobedtm.com bat.bing.com
3	www.facebook.com	obywatelwie.click
2	gum.criteo.com	2 redirects
2	sp.analytics.yahoo.com
2	fcmatch.youtube.com	static.sojern.com
2	fcmatch.google.com	2 redirects
2	p.tvpixel.com	c.tvpixel.com
2	beacon.sojern.com	obywatelwie.click static.sojern.com
2	s.yimg.com	obywatelwie.click s.yimg.com
2	s.pinimg.com	obywatelwie.click s.pinimg.com
2	snap.licdn.com	obywatelwie.click snap.licdn.com
2	pxl.jivox.com
2	region1.analytics.google.com	www.googletagmanager.com
2	10902911.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	10121152.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	t.goadservices.com	obywatelwie.click t.goadservices.com
2	www.pizzadominium.pl	obywatelwie.click www.restauracja-anima.pl
1	ups.analytics.yahoo.com	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	s.tribalfusion.com	1 redirects
1	a.tribalfusion.com	1 redirects
1	ampcid.google.de	www.google-analytics.com
1	adobe-sync.dotomi.com
1	ampcid.google.com	www.google-analytics.com
1	servedby.flashtalking.com	1 redirects
1	tr6.snapchat.com	sc-static.net
1	c.bing.com	1 redirects
1	idpix.media6degrees.com
1	geolocation.onetrust.com	cache.marriott.com
1	idsync.rlcdn.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	cm.everesttech.net	1 redirects
1	smetrics.marriott.com	assets.adobedtm.com
1	marriottinternationa.demdex.net	assets.adobedtm.com
1	login.dotomi.com	obywatelwie.click
1	sc-static.net	obywatelwie.click
1	static.sojern.com	obywatelwie.click
1	js.adsrvr.org	obywatelwie.click
1	c.tvpixel.com	obywatelwie.click
1	region1.google-analytics.com	www.googletagmanager.com
1	script.crazyegg.com	www.googletagmanager.com
1	www.googleadservices.com	obywatelwie.click
1	obywatelwie.click
0	sync-tm.everesttech.net Failed
0	usermatch.krxd.net Failed
0	match.rundsp.com Failed
187	71

This site contains links to these domains. Also see Links.

Domain
www.pizzadominium.pl
www.facebook.com
www.instagram.com
www.restauracja-anima.pl
uk6.eveve.com
www.marriott.com
mgscloud.marriott.com

Subject Issuer	Validity	Valid
obywatelwie.click R3	`2023-12-12` - `2024-03-11`	3 months	crt.sh
*.pizzadominium.pl Certyfikat SSL	`2023-06-21` - `2024-06-20`	a year	crt.sh
www.restauracja-anima.pl Cloudflare Inc ECC CA-3	`2023-06-06` - `2024-06-05`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.goadservices.com DOMENY SSL DV Certification Authority	`2023-05-30` - `2024-05-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-21` - `2023-12-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
www.marriott.com Entrust Certification Authority - L1K	`2023-10-18` - `2024-11-09`	a year	crt.sh
*.tvpixel.com Amazon RSA 2048 M03	`2023-11-15` - `2024-12-13`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.jivox.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-17` - `2024-06-16`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-17` - `2024-02-17`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-07` - `2024-08-07`	a year	crt.sh
*.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-12` - `2024-01-31`	2 months	crt.sh
sc-static.net Amazon RSA 2048 M02	`2023-01-20` - `2024-02-18`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
smetrics.marriott.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-26` - `2024-04-25`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.snap.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-13` - `2024-04-12`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-10-24` - `2024-04-17`	6 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
dstillery.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-21` - `2024-05-21`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh

This page contains 9 frames:

Primary Page: https://obywatelwie.click/
Frame ID: 5B518AE311971F173621342EF03B20D3
Requests: 153 HTTP requests in this frame

Frame: https://10121152.fls.doubleclick.net/activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F
Frame ID: 9CC76F4B79342FD1C601F745DBD0252D
Requests: 2 HTTP requests in this frame

Frame: https://10902911.fls.doubleclick.net/activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F
Frame ID: D8952B739E7F266ADBAA006925347293
Requests: 2 HTTP requests in this frame

Frame: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=
Frame ID: 6B512336A9D6F9381016F288E36252E2
Requests: 9 HTTP requests in this frame

Frame: https://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_cid=2814&dtm_cmagic=8e987c&dtm_format=5&dtm_fid=101&cli_promo_id=2&dtmc_marsha_code=&canonical_url=https%3A%2F%2Fwww.pizzadominium.pl%2F&dtm_user_token=&dtmc_ref=&dtmc_loc=https%3A%2F%2Fobywatelwie.click%2F&fpc_status=
Frame ID: 56A4AB92E97B87C4BD6C11DA587AA967
Requests: 1 HTTP requests in this frame

Frame: https://marriottinternationa.demdex.net/dest5.html?d_nsid=0
Frame ID: 05137CDF0F5827FF82A4C6B791A4F038
Requests: 18 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0
Frame ID: E2DE858243DA45A2694DE429319D8669
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=fbf5aa06-3f82-45b5-86ba-4c4fe9c75a96&u_scsid=37b5ab5e-3d4e-4e25-9618-94f7816369ef&u_sclid=5b26970d-721c-47c0-80ab-7df632953831
Frame ID: F0F4CC714A5EF69F25E5B8BC6FFBC7B6
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 5F1D0DF832766BF19EAA2F26E96857AD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

": Wjechał w dziecko i uciekł! Zobacz nagranie! [+18]"Restauracja Anima

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Page Statistics

187
Requests

79 %
HTTPS

49 %
IPv6

43
Domains

71
Subdomains

49
IPs

9
Countries

4183 kB
Transfer

7372 kB
Size

26
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pizzadominium.pl/#skip-main
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Restauracja-Anima-111263601355642
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/restauracja.anima/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/photos
Title: Zdjęcia

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/contact-location
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/our-menus
Title: Menu

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/meet-the-chef
Title: Szef

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/specialoffers
Title: Oferty

Search URL Search Domain Scan URL

URL: https://uk6.eveve.com/web/form?est=AnimaKrakow
Title: Zarezerwuj teraz booking widget

Search URL Search Domain Scan URL

URL: http://www.restauracja-anima.pl/
Title: Zarezerwuj teraz

Search URL Search Domain Scan URL

URL: https://www.pizzadominium.pl/
Title: Dalej

Search URL Search Domain Scan URL

URL: https://www.pizzadominium.pl/

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/accessibility
Title: Dostępność witryny

Search URL Search Domain Scan URL

URL: https://www.marriott.com/about/privacy.mi
Title: Polityka Prywatności

Search URL Search Domain Scan URL

URL: https://www.restauracja-anima.pl/site-map
Title: Mapa strony

Search URL Search Domain Scan URL

URL: https://mgscloud.marriott.com/common/sales-mktg-and-rev-mgmt/ecommerce/marriott-digital-services
Title: Powered by MDS

Search URL Search Domain Scan URL

URL: https://www.pizzadominium.pl/#modal-full
Title: GODZINY OTWARCIA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://10121152.fls.doubleclick.net/activityi;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://10121152.fls.doubleclick.net/activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Request Chain 25

https://10902911.fls.doubleclick.net/activityi;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://10902911.fls.doubleclick.net/activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Request Chain 106

https://cm.everesttech.net/cm/dd?d_uuid=88842790656062436322503911365090206075 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZXjm7AAAAEbmXANn

Request Chain 108

https://insight.adsrvr.org/track/up?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0 HTTP 302
https://match.adsrvr.org/track/upb/?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0

Request Chain 109

https://ad.doubleclick.net/activity;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Request Chain 110

https://ad.doubleclick.net/activity;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Request Chain 118

https://ad.doubleclick.net/ddm/activity/src=4810757;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=[OrderID] HTTP 302
https://ad.doubleclick.net/ddm/activity/src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=[OrderID] HTTP 302
https://adservice.google.com/ddm/fls/z/src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=[OrderID]

Request Chain 119

https://secure.adnxs.com/px?id=1565798&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1565798%26t%3D1

Request Chain 120

https://secure.adnxs.com/seg?add=29464183&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D29464183%26t%3D1

Request Chain 121

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=v5s415B9deAqKjdKDvXV2g&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr&sjrn_ula=673976618 HTTP 302
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr&sjrn_ula=673976618&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_hm=v5s415B9deAqKjdKDvXV2g&google_nid=sojern_adh HTTP 302
https://fcmatch.google.com/pixel?google_gm=AMnCDoo5DJbb69zTgtSxMIK6fJK0uZkyjP_rMpLj5KKlpQJtpQ8OtUuzAAKdrG1R4_ND9pWaXcBlSYGEJZ7YQiMKPo7Z-P-SFiW4pa0iBcttwsfiVczjAIc HTTP 302
https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo5DJbb69zTgtSxMIK6fJK0uZkyjP_rMpLj5KKlpQJtpQ8OtUuzAAKdrG1R4_ND9pWaXcBlSYGEJZ7YQiMKPo7Z-P-SFiW4pa0iBcttwsfiVczjAIc

Request Chain 125

https://c1.adform.net/serving/cookie/match?cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da&party=1296 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da&party=1296 HTTP 302
https://pixel.sojern.com/idsync/adf?adfid=2611940818716061769&cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da

Request Chain 126

https://secure.adnxs.com/px?id=1228256&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1228256%26t%3D1

Request Chain 127

https://secure.adnxs.com/seg?add=21126164&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D21126164%26t%3D1

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=DRtFpN_7JMMbMcuTJfYWBg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7&sjrn_ula=824794939 HTTP 302
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7&sjrn_ula=824794939&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_hm=DRtFpN_7JMMbMcuTJfYWBg&google_nid=sojern_adh HTTP 302
https://fcmatch.google.com/pixel?google_gm=AMnCDorGH0z4kx1qnlSDZQWJrSgV0gNiaOP1zhAguRrzvotKBMbkRg3--dPDs9QqQ5eDu33t3QaN6tHUYD54ng6I-wh0fHHD2W-M-VEPQRN37ZWGPjSSgw8 HTTP 302
https://fcmatch.youtube.com/pixel?google_gm=AMnCDorGH0z4kx1qnlSDZQWJrSgV0gNiaOP1zhAguRrzvotKBMbkRg3--dPDs9QqQ5eDu33t3QaN6tHUYD54ng6I-wh0fHHD2W-M-VEPQRN37ZWGPjSSgw8

Request Chain 132

https://c1.adform.net/serving/cookie/match?cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606&party=1296 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606&party=1296 HTTP 302
https://pixel.sojern.com/idsync/adf?adfid=8642569759635705708&cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606

Request Chain 135

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D360572%26time%3D1702422252558%26url%3Dhttps%253A%252F%252Fobywatelwie.click%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true&liSync=true&e_ipv6=AQKQAqwtQaDGtwAAAYxgRg_HhshPG7lxJ0Jwmc8jadsbw6pFBVbHxRtlfcWih1JntA31nlk

Request Chain 136

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=8621190398352678120

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=ODg4NDI3OTA2NTYwNjI0MzYzMjI1MDM5MTEzNjUwOTAyMDYwNzU= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELa2vP2YsrXXjlj_eYO5BQs&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 150

https://c.bing.com/c.gif?uid=88842790656062436322503911365090206075&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=0924FF587D366F760304ECBD7CBD6EBD

Request Chain 155

https://servedby.flashtalking.com/map/?key=a74thHgsfK627J6Ftt8sj5ks52bKe&gdpr=0&gdpr_consent=&url=https://dpm.demdex.net/ibs:dpid=3047&dpuuid=[%FT_GUID%]&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=3047&dpuuid=5824DE96BCB4D8&gdpr=0&gdpr_consent=

Request Chain 172

https://tag.yieldoptimizer.com/ps/ps?t=s&p=1057&si=US&ln=EN&hbc=HRS&pg=hm HTTP 302
https://tag.yieldoptimizer.com/ps/ps?tc=502074836&t=s&p=1057&si=US&ln=EN&hbc=HRS&pg=hm

Request Chain 173

https://tag.yieldoptimizer.com/ps/ps?t=s&p=1057&mhcy=&mhcr=&mhcd=&mhst=&mhnm= HTTP 302
https://tag.yieldoptimizer.com/ps/ps?tc=162747527&t=s&p=1057&mhcy=&mhcr=&mhcd=&mhst=&mhnm=

Request Chain 175

https://a.tribalfusion.com/i.match?p=b13&u=88842790656062436322503911365090206075&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
https://s.tribalfusion.com/z/i.match?p=b13&u=88842790656062436322503911365090206075&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
https://dpm.demdex.net/ibs:dpid=22054

Request Chain 176

https://tag.yieldoptimizer.com/ps/ps?t=i&p=2233&gdpr=0&gdpr_consent= HTTP 302
https://tag.yieldoptimizer.com/ps/ps?tc=984721867&t=i&p=2233&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=22069&dpuuid=3017986941298&gdpr=0&gdprconsent=

Request Chain 181

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://gum.criteo.com/sync?s=1&c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=EBmc5DXQq8t_9VNfN6wgahvgqIKJVkss&gdpr=0&gdpr_consent=

Request Chain 182

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=88842790656062436322503911365090206075&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58782/cms?partner_id=ADOBE&_hosted_id=88842790656062436322503911365090206075&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-f2vcVctE2pEWFNxt1vi.p8apUWTqnN3k16g-~A

Request Chain 184

https://ag.innovid.com/dv/sync?tid=6 HTTP 302
https://dpm.demdex.net/ibs:dpid=80742&dpuuid=9832acea-d329-47b4-a0fb-d398c476b159

187 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
obywatelwie.click/ 41 KB
14 KB 238ms
79ms Document
text/html 2a02:4780:9:1263:0:2d6c:6275:10
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:9:1263:0:2d6c:6275:10 Vilnius, Lithuania, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/8.1.25

Resource Hash

3c35a1c82f7f991ff17de0e6d758420ae88fc547461401c31f6d0d325e840f38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 13715
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 12 Dec 2023 23:04:06 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/8.1.25

GET
H2 403 40f51bac67bbf527dc16315c49927b14.css
www.pizzadominium.pl/public/resources/style/packed/ 0
0 196ms
58ms Stylesheet
text/html 62.129.206.181
HOMEPL-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.pizzadominium.pl/public/resources/style/packed/40f51bac67bbf527dc16315c49927b14.css
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 62.129.206.181 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS: cloudserver011865.home.pl
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H2 403 c6eee5fe262225c62db5effc6ceab34a.js
www.pizzadominium.pl/public/resources/javascript/packed/ 0
0 197ms
59ms Script
text/html 62.129.206.181
HOMEPL-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.pizzadominium.pl/public/resources/javascript/packed/c6eee5fe262225c62db5effc6ceab34a.js
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 62.129.206.181 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS: cloudserver011865.home.pl
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H2 200 home.aspx
www.restauracja-anima.pl/dynamic/css/ 349 KB
350 KB 197ms
55ms Stylesheet
text/css 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.restauracja-anima.pl/dynamic/css/home.aspx?version=10112023054447

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47ffab2ea030ef1d0057d53f309ed0dac092f639e0659f3c73502c0934bb04cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
ms-content-tags: cms-css, df-1861783, df-1861787, df-1861789, pt-417408
age: 33931
cf-polished: origSize=393041
x-xss-protection: 1
request-context: appId=cid-v1:2222bae7-6b65-488b-a7a8-8f50b5e55838
x-trace-id: c72cf6be-cabb-4096-ba1a-b5b84937d174
cf-bgj: minify
server: cloudflare
etag: 10112023054447
vary: User-Agent,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public, max-age=15600
cf-ray: 83499ac2bd3d1db0-FRA

GET
H2 200 anima-cracow-logo.png
www.restauracja-anima.pl/resourcefiles/logo/ 1 KB
2 KB 236ms
94ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/logo/anima-cracow-logo.png

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0968cf15ba20387d7a0a582c40315b5b5cef4f467212f80557a7fbd0a048a605

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:06 GMT
ms-content-tags: qg5QJG
cf-cache-status: HIT
age: 33931
cf-polished: qual=85, origFmt=jpeg, origSize=1850
content-disposition: inline; filename="anima-cracow-logo.webp"
content-length: 1270
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Tue, 11 Jan 2022 13:31:07 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ac2bd401db0-FRA
expires: Tue, 19 Dec 2023 13:38:35 GMT

GET
H2 200 autoanalyticsmanager_marriott.js Show response
www.restauracja-anima.pl/milestone_common/ 23 KB
23 KB 195ms
54ms Script
application/javascript 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.restauracja-anima.pl/milestone_common/autoanalyticsmanager_marriott.js
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43b26669f51ec61920e6fbd09098660c9393d1440b1f265ccfaff0c929f91365

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:06 GMT
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 04 Dec 2023 07:31:20 GMT
server: cloudflare
age: 33931
cf-polished: origSize=42961
etag: "0d4e8df8326da1:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
cf-ray: 83499ac2bd3e1db0-FRA
content-length: 23483

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 50 KB
19 KB 215ms
121ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

756cca29e306e66f94e7b705c45bb0bc0315d7e745c159971cbecc65e62e7d3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18841
x-xss-protection: 0
server: cafe
etag: 14511532860437540159
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:04:06 GMT

GET
H/1.1 200
OK 2e80fdf3-9946-473d-96ce-7db59482af2c Show response
t.goadservices.com/tags/ 782 B
1013 B 248ms
60ms Script
application/javascript 195.177.217.192
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.goadservices.com/tags/2e80fdf3-9946-473d-96ce-7db59482af2c
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.177.217.192 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-195-177-217-192.dataspace.pl
Software: nginx /
Resource Hash: 48a3fb42b4179a24fa50c6eabaa509e7a54b6da6db26eca6b8f8a4f9b6405027

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 23:04:06 GMT
Cache-Control: private, no-cache, no-store
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=UTF-8

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 243 KB
84 KB 151ms
60ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N26QLB

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c35516b2bef43a275909a9b50efe813c5169d4bb12792d5ac89f7ba6a05b843

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85313
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:06 GMT

GET
H2 200 print.aspx
www.restauracja-anima.pl/css/ 2 KB
2 KB 58ms
58ms Stylesheet
text/css 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.restauracja-anima.pl/css/print.aspx

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02518efb2cd133d811b1f8c16d44fc8e2bb5f0a0e40109d12c929ed0971464e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
ms-content-tags: cms-css, df-1861777
age: 33930
cf-polished: origSize=1873
content-length: 1857
x-xss-protection: 1
request-context: appId=cid-v1:2222bae7-6b65-488b-a7a8-8f50b5e55838
x-trace-id: c8004bfd-06cf-404c-8c6d-261307c98c81
cf-bgj: minify
last-modified: Mon, 12 Dec 2022 13:38:36 GMT
server: cloudflare
etag: 10112023054447
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public, max-age=15600
accept-ranges: bytes
cf-ray: 83499ac2fd8d1db0-FRA
expires: Tue, 19 Dec 2023 13:38:36 GMT

GET
H2 200 home.aspx Show response
www.restauracja-anima.pl/dynamic/js/ 239 KB
240 KB 54ms
54ms Script
text/javascript 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.restauracja-anima.pl/dynamic/js/home.aspx?version=7152022094906

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d04679d77355a36335b140458d79c8e66d4a24a6951dc364dfda2fedc922e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 12 Dec 2023 23:04:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
ms-content-tags: cms-js, df-1861784, df-1861786, df-1861788, df-1861814, pt-417408
age: 33931
cf-polished: origSize=248708
x-xss-protection: 1
request-context: appId=cid-v1:2222bae7-6b65-488b-a7a8-8f50b5e55838
x-trace-id: 472d5347-6206-4047-b924-a5cf383a1637
cf-bgj: minify
server: cloudflare
etag: 7152022094906
vary: User-Agent,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public, max-age=15600
cf-ray: 83499ac3de451db0-FRA

GET Montserrat-Regular.woff2
www.restauracja-anima.pl/fonts/ 0
0

GET mimiconfont.ttf
www.restauracja-anima.pl/fonts/ 0
0

GET ArchivoBlack-Regular.woff2
www.restauracja-anima.pl/fonts/ 0
0

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET autoanalyticsrules_marriott.json
www.pizzadominium.pl/milestone_common/ 0
0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 123ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Dec 2023 23:04:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: fhyOj92gwxS4uJuU0Lw05NjcYg1qOVGN4qYMr574H5Kqdnit2bwOjCKiXdRylcLyvsR0FQ7ByzYTML+7wAoH/w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/991090543/ 3 KB
2 KB 167ms
80ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991090543/?random=1702422247129&cv=9&fst=1702422247129&num=1&label=5lXtCKmFz2IQ767L2AM&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465926%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c16a0ab0753c65e6ff50a569c325007e763af03a6aa207a36a5787137da21b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1405
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/969732012/ 3 KB
2 KB 165ms
79ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969732012/?random=1702422247132&cv=9&fst=1702422247129&num=2&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fae575eb4f70e0631fc44d1903d09e7f8f82aa2839f2cd8df60ef170dbd71f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1362
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/946161663/ 3 KB
1 KB 164ms
80ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/946161663/?random=1702422247134&cv=9&fst=1702422247129&num=3&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bff41bb579f669b886df8005e3d1b1914343b1fe0661a1db2ad7f744adaf2300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/968643253/ 3 KB
1 KB 164ms
82ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/968643253/?random=1702422247135&cv=9&fst=1702422247129&num=4&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e571c730a581e2fb93d1b195bdc90abab0b0ffeee3dd73aed832501151f8ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 2e80fdf3-9946-473d-96ce-7db59482af2c Show response
t.goadservices.com/engine/ 0
180 B 58ms
58ms Script
application/javascript 195.177.217.192
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.goadservices.com/engine/2e80fdf3-9946-473d-96ce-7db59482af2c
Requested by: Host: t.goadservices.com
URL: https://t.goadservices.com/tags/2e80fdf3-9946-473d-96ce-7db59482af2c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.177.217.192 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-195-177-217-192.dataspace.pl
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 23:04:07 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=UTF-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
84 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-15N31ETXG9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N26QLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

47dd57cc9ded75222fba6c0e19de82de25b9f076b31e9cda536725e01514ce46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85536
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Dec 2023 23:04:07 GMT

GET
H2 410 7476.js
script.crazyegg.com/pages/scripts/0092/ 0
0 166ms
50ms Script
application/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0092/7476.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N26QLB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:07 GMT
cf-cache-status: HIT
last-modified: Tue, 12 Dec 2023 16:39:58 GMT
server: cloudflare
age: 23049
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 83499ac59f86360c-FRA
content-length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 141ms
41ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N26QLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Dec 2023 21:22:25 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6102
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 12 Dec 2023 23:22:25 GMT

GET
H2

200

activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;... Show response
10121152.fls.doubleclick.net/ Frame 9CC7
Redirect Chain

https://10121152.fls.doubleclick.net/activityi;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;ua...
https://10121152.fls.doubleclick.net/activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l...

497 B
634 B

85ms
85ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10121152.fls.doubleclick.net/activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N26QLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

2f57ae027df18a30442ad8c26a9e76773bd49f96895cb2e697fb132d0b0f6fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 296
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 23:04:07 GMT
expires: Tue, 12 Dec 2023 23:04:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 23:04:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10121152.fls.doubleclick.net/activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l... Show response
10902911.fls.doubleclick.net/ Frame D895
Redirect Chain

https://10902911.fls.doubleclick.net/activityi;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1...
https://10902911.fls.doubleclick.net/activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click...

532 B
638 B

85ms
85ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10902911.fls.doubleclick.net/activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N26QLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

4a89103e0f008a1fcf62fe42810d3254a08bd7b22ec787b3702fd0747a4bf805

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 300
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 23:04:07 GMT
expires: Tue, 12 Dec 2023 23:04:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 23:04:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10902911.fls.doubleclick.net/activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET GetCountryBasedOnLocationHandler.ashx
www.restauracja-anima.pl/ 0
0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 134ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-15N31ETXG9&gtm=45je3bt0v883405594z871743015&_p=1702422246850&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1139382256.1702422247&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702422247&sct=1&seg=0&dl=https%3A%2F%2Fobywatelwie.click%2F&dt=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=842
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-15N31ETXG9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/969732012/ 42 B
455 B 142ms
51ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/969732012/?random=1702422247132&cv=9&fst=1702422000000&num=2&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_vurW6MbcZYKi3Z-G7NZlntTlZ81elQ&random=870213412&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/969732012/ 42 B
108 B 146ms
57ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/969732012/?random=1702422247132&cv=9&fst=1702422000000&num=2&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_vurW6MbcZYKi3Z-G7NZlntTlZ81elQ&random=870213412&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/991090543/ 42 B
108 B 141ms
52ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/991090543/?random=1702422247129&cv=9&fst=1702422000000&num=1&label=5lXtCKmFz2IQ767L2AM&guid=ON&eid=375603261%2C466465926%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwDICaaN2Y0SAUUUqCci-d1Sq58fKlpq_gTDrw&random=2594774393&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/991090543/ 42 B
108 B 140ms
52ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/991090543/?random=1702422247129&cv=9&fst=1702422000000&num=1&label=5lXtCKmFz2IQ767L2AM&guid=ON&eid=375603261%2C466465926%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwDICaaN2Y0SAUUUqCci-d1Sq58fKlpq_gTDrw&random=2594774393&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/946161663/ 42 B
108 B 142ms
53ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/946161663/?random=1702422247134&cv=9&fst=1702422000000&num=3&guid=ON&eid=375603261%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwDICaaNvm5ahDmbyfEHnd8KprZ9R9NYE1962A&random=590191934&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/946161663/ 42 B
108 B 143ms
55ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/946161663/?random=1702422247134&cv=9&fst=1702422000000&num=3&guid=ON&eid=375603261%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwDICaaNvm5ahDmbyfEHnd8KprZ9R9NYE1962A&random=590191934&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/968643253/ 42 B
108 B 136ms
57ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/968643253/?random=1702422247135&cv=9&fst=1702422000000&num=4&guid=ON&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwDICaaNDCel9FluOfqFPvy5D4-WuXx2JrKHBg&random=1959454755&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/968643253/ 42 B
455 B 118ms
51ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/968643253/?random=1702422247135&cv=9&fst=1702422000000&num=4&guid=ON&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fobywatelwie.click%2F&tiba=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&fmt=3&is_vtc=1&cid=CAQSGwDICaaNDCel9FluOfqFPvy5D4-WuXx2JrKHBg&random=1959454755&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
223 B 46ms
46ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1326192117&t=pageview&_s=1&dl=https%3A%2F%2Fobywatelwie.click%2F&ul=en-us&de=UTF-8&dt=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=989281543&gjid=1103116648&cid=1139382256.1702422247&tid=UA-15952150-9&_gid=1922574622.1702422247&_r=1&_slc=1&gtm=45He3bt0n71N26QLBv71743015&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=753334405

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2e67ed6358a4d4ac2d7d776c10a5711c1600eb3cd5d94c6b5c6f23ea8f7023fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1060844193962204 Show response
connect.facebook.net/signals/config/ 115 KB
31 KB 97ms
96ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1060844193962204?v=2.9.138&r=stable&domain=obywatelwie.click

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ea61599e69c89e0ed7d385b0363698ce8faf328971341fd58308adeb4e05cdb3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Dec 2023 23:04:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: hTjjntH2nuokkolHkHwWBX5Ce9tpyZOtCrirr5ESWWlo/f0D41JEMBDX9xUCAC1HHGwkiZooAPEntoqzhOWTqQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 144ms
48ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-15952150-9&cid=1139382256.1702422247&jid=989281543&gjid=1103116648&_gid=1922574622.1702422247&_u=YADAAEAAAAAAACAAI~&z=264563946

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
85 KB 60ms
60ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N0WGMNV8JE&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6e3779fe40d6f92c5efd0eddc2506c7afdc4f112f0c5c8667b2d126f4d53cb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86552
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Dec 2023 23:04:07 GMT

GET
H2 200 dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=*;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;...
adservice.google.com/ddm/fls/z/ Frame D895 42 B
401 B 164ms
78ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=*;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Requested by

Host: 10902911.fls.doubleclick.net
URL: https://10902911.fls.doubleclick.net/activityi;dc_pre=COemvYqBi4MDFYdRkQUdzZcH7A;src=10902911;type=rmkt0;cat=domin0;ord=9404625472678;auiddc=1638216297.1702422247;u1=https%3A%2F%2Fobywatelwie.click%2F;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10902911.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=*;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;...
adservice.google.com/ddm/fls/z/ Frame 9CC7 42 B
107 B 164ms
78ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=*;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Requested by

Host: 10121152.fls.doubleclick.net
URL: https://10121152.fls.doubleclick.net/activityi;dc_pre=CJ6kvYqBi4MDFWJTkQUd7ikBoQ;src=10121152;type=invmedia;cat=sg-za0;ord=8096446315517;auiddc=1638216297.1702422247;gtm=45He3bt0v71743015;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10121152.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 965654053972556 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 105ms
104ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/965654053972556?v=2.9.138&r=stable&domain=obywatelwie.click

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6d9e43ce1538a763aa4ac11b5540e6c061ebdbd52d39fb02e60ebd16b8c4c850

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Dec 2023 23:04:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: WqJSAJ+sLyHokhm7HYVXRs9VVXE9i5vOSa9xB43kL2N+6jjKD/Tbh1RIruNv+7VedmN5brZhy3L2YxVre/7/FQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 119ms
39ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1060844193962204&ev=PageView&dl=https%3A%2F%2Fobywatelwie.click&rl=&if=false&ts=1702422247469&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1702422247467.1601070480&pm=1&hrl=67f06c&ler=empty&it=1702422247350&coo=false&cs_cc=1&rqm=GET

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 12 Dec 2023 23:04:07 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 49ms
48ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-N0WGMNV8JE&gtm=45je3bt0v9135581334&_p=1702422246850&_gaz=1&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1139382256.1702422247&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fobywatelwie.click%2F&dt=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&sid=1702422247&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1128
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N0WGMNV8JE&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 49ms
48ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N0WGMNV8JE&cid=1139382256.1702422247&gtm=45je3bt0v9135581334&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N0WGMNV8JE&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 54ms
54ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N0WGMNV8JE&cid=1139382256.1702422247&gtm=45je3bt0v9135581334&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2&z=1040048249

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 50ms
49ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-15952150-9&cid=1139382256.1702422247&jid=989281543&_u=YADAAEAAAAAAACAAI~&z=1834847864

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 89ms
89ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-15952150-9&cid=1139382256.1702422247&jid=989281543&_u=YADAAEAAAAAAACAAI~&z=1834847864

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 39ms
39ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=965654053972556&ev=PageView&dl=https%3A%2F%2Fobywatelwie.click%2F&rl=&if=false&ts=1702422247618&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1702422247467.1601070480&ler=empty&it=1702422247350&coo=false&rqm=GET

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 12 Dec 2023 23:04:07 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET Montserrat-Regular.woff
www.restauracja-anima.pl/fonts/ 0
0

GET ArchivoBlack-Regular.woff
www.restauracja-anima.pl/fonts/ 0
0

GET mimiconfont.woff
www.restauracja-anima.pl/fonts/ 0
0

GET ArchivoBlack-Regular.ttf
www.restauracja-anima.pl/fonts/ 0
0

GET Montserrat-Regular.ttf
www.restauracja-anima.pl/fonts/ 0
0

GET
H2 200 naglowek-testowy.jpg
www.restauracja-anima.pl/resourcefiles/homeimages/ 307 KB
308 KB 64ms
63ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/homeimages/naglowek-testowy.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7d1eff7276fd0f5b56ac04549fd19fa3b0657f6dffc4d2418f23a612009029d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:10 GMT
ms-content-tags: 3miqov
cf-cache-status: HIT
age: 33930
cf-polished: qual=85, origFmt=jpeg, origSize=371031
content-disposition: inline; filename="naglowek-testowy.webp"
content-length: 314870
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Tue, 10 May 2022 08:45:00 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ad758e81db0-FRA
expires: Tue, 19 Dec 2023 13:38:40 GMT

GET
H2 200 anima.png
www.restauracja-anima.pl/resourcefiles/home-first-snippet/ 618 KB
618 KB 64ms
63ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/home-first-snippet/anima.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f57e2b15941cc12762ac2364ea2b04dd3d7f0ea265fdc174d26c9958d8a62bb4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:10 GMT
ms-content-tags: Zyv04L
cf-cache-status: HIT
age: 33930
cf-polished: origFmt=png, origSize=1074264
content-disposition: inline; filename="anima.webp"
content-length: 632406
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Thu, 05 Jan 2023 13:45:28 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ad758ea1db0-FRA
expires: Tue, 19 Dec 2023 13:38:40 GMT

GET
H2 200 drinks.jpg
www.restauracja-anima.pl/resourcefiles/home-second-snippet/ 72 KB
73 KB 63ms
63ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/home-second-snippet/drinks.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f8dcefa03db0daa2ee73641cc0959018449b10fabe0f5addf2c84577a627fb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:10 GMT
ms-content-tags: y1hjiX
cf-cache-status: HIT
age: 33930
cf-polished: qual=85, origFmt=jpeg, origSize=93899
content-disposition: inline; filename="drinks.webp"
content-length: 74062
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Tue, 11 Jan 2022 11:01:12 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ad758eb1db0-FRA
expires: Tue, 19 Dec 2023 13:38:40 GMT

GET
H2 200 olive-oil.jpg
www.restauracja-anima.pl/resourcefiles/home-second-snippet/ 81 KB
81 KB 68ms
67ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/home-second-snippet/olive-oil.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9f5c45cf9a0388838632336d53785a6c8d66840de32e63adef94dd4afee886b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:10 GMT
ms-content-tags: QL6muo
cf-cache-status: HIT
age: 33930
cf-polished: qual=85, origFmt=jpeg, origSize=103139
content-disposition: inline; filename="olive-oil.webp"
content-length: 82540
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Tue, 11 Jan 2022 12:56:39 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ad758ed1db0-FRA
expires: Tue, 19 Dec 2023 13:38:40 GMT

GET
H2 200 food.jpg
www.restauracja-anima.pl/resourcefiles/home-third-snippet/ 84 KB
85 KB 54ms
54ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/home-third-snippet/food.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a50bd5e5e93595496a0779a4d12f4d2076f9bded336eeda9b14574744a7286b2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:10 GMT
ms-content-tags: t0cWTS
cf-cache-status: HIT
age: 33930
cf-polished: qual=85, origFmt=jpeg, origSize=117309
content-disposition: inline; filename="food.webp"
content-length: 86348
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Tue, 11 Jan 2022 11:32:14 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ad758ee1db0-FRA
expires: Tue, 19 Dec 2023 13:38:40 GMT

GET
H2 200 restauracja-anima.png
www.restauracja-anima.pl/resourcefiles/home-first-snippet/ 623 KB
624 KB 58ms
58ms Image
image/webp 2606:4700:4400::ac40:92e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.restauracja-anima.pl/resourcefiles/home-first-snippet/restauracja-anima.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:92e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

940ba8ebf1dd95c93a7a4e0eecc06e9f8f9d582152cc2abab53cc03380c930cd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1,mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:10 GMT
ms-content-tags: zyrkQL
cf-cache-status: HIT
age: 33930
cf-polished: origFmt=png, origSize=1088735
content-disposition: inline; filename="restauracja-anima.webp"
content-length: 638348
x-xss-protection: 1,mode=block
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Dec 2022 14:18:27 GMT
server: cloudflare
etag: 10162023115735
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=10800
accept-ranges: bytes
cf-ray: 83499ad758f11db0-FRA
expires: Tue, 19 Dec 2023 13:38:40 GMT

GET
H2 200 launch-EN3963523be4674e5591a9c4d516697352.min.js Show response
assets.adobedtm.com/ 464 KB
117 KB 162ms
49ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 98f567d4bac4c7484a2856ef850e5e530498edf065158eb88d2eb5f88f8d5254

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:11 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:33 GMT
server: AkamaiNetStorage
etag: "92a49d95a1c98bd1f29f6b2b29ffecdd:1702259073.588409"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 119198
expires: Wed, 13 Dec 2023 00:04:11 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 5 KB
2 KB 215ms
57ms XHR
application/json 63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=664516D751E565010A490D4C%40AdobeOrg&d_nsid=0&ts=1702422252161

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

60c6729b0763b99517336159d664ce2b9d1eb3b0fc394ff133a6bd6fc7c05659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-2-v054-08513f95b.edge-irl1.demdex.com 1 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: 436JG9ZqQ+w=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 1737
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP971e6ad26efe44ab86e98d3905a44621/ 34 KB
13 KB 45ms
45ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP971e6ad26efe44ab86e98d3905a44621/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 089030d8bec22aa48ae59e27516a4e8a1fcec666e9d783c7a1df47220b750dc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 03 Jun 2019 23:03:32 GMT
server: AkamaiNetStorage
etag: "72404253c27255247028f0ba11022cf8:1559603012"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12916
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC998a74cdbfb34e4eb70533b7acc285a2-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 573 B
591 B 44ms
44ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC998a74cdbfb34e4eb70533b7acc285a2-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d54891ba3097219a4b8f8428e046daeb723b89c2191c3b00c3fc96cbbbe01eab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 334
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RCbbd572812c1d4d6381764b660217f8cb-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 2 KB
1 KB 45ms
45ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCbbd572812c1d4d6381764b660217f8cb-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d410325ea36bda62368a9e46a730b05b4c71315f691738824324585e19ab52c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 876
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RCb500618f5ce84b22ac56f249cbc4d22d-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 422 B
526 B 45ms
44ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCb500618f5ce84b22ac56f249cbc4d22d-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ec3484206cc9ca2bf89cd0f4015ae6de7c12af134efcb8100e2a67665d1bc32f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 270
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 206 KB
74 KB 55ms
55ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

50fdcabdc08af92992f13aca27b0df50c29c2c3ca2b534e799f695a47155cc88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75396
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H2 200 RCd27fea974d354655821709a78f4b1dd2-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 2 KB
893 B 47ms
46ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCd27fea974d354655821709a78f4b1dd2-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4b0a2dff03fbcb2a399122e94720242ff5a1cd04b401542c5223d1882875c1fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 636
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC9cb1ec8ecf2a461187113443b47b5896-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 1 KB
974 B 46ms
46ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC9cb1ec8ecf2a461187113443b47b5896-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3b42793d1ce6c10fb4ee27dd4e3ddd43d60a807e18600379e8bfc754b6cb48ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 717
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC7397178f0a1540d798c3f1a3d2c85c1b-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 1 KB
902 B 47ms
46ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC7397178f0a1540d798c3f1a3d2c85c1b-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: caafb5658f1dbb8eb00a355fd2a403a41d04a92a757e65afe304a3286848779c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 645
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 151ms
65ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 12 Dec 2023 23:04:11 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AF078565A9EA495AAE6769DCF7C7489E Ref B: FRA31EDGE0219 Ref C: 2023-12-12T23:04:12Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 RCb6c3578477864b5583591694fb0c7548-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 4 KB
1 KB 46ms
45ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCb6c3578477864b5583591694fb0c7548-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 66679eeeff1f95eb4130b7461e70a60beb8658dbbab557e08792189ab6f5dcfc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1131
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC69b12fc347724763b4d1d6b2bbb7bc67-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 1 KB
874 B 47ms
46ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC69b12fc347724763b4d1d6b2bbb7bc67-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 59d7f6386ba723011e303ae87b39e907312ee2d831f94cb1d5190874e3c83404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 617
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC28f29f2c23a143e0acc4cd8133230ddf-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 2 KB
985 B 47ms
46ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC28f29f2c23a143e0acc4cd8133230ddf-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f889865eae63c2a6ac1ffa70f050658844cd48d30fd3491415680b3afb0cbd1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 728
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RCc37891c0d65e4f2581d609fc16498257-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 548 B
555 B 66ms
66ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCc37891c0d65e4f2581d609fc16498257-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6b682e8c6452862aeba0a0ca5d7e69a6d98ae0bc4769006f5019dad00d43bbcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 298
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RCb70d7bef713543b09b57afbc6f9e056a-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 3 KB
1 KB 66ms
66ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCb70d7bef713543b09b57afbc6f9e056a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b12eec8b895f4b89c78e83b9a7ebe3685bf4867f6cabdc6d37e473d142b43e2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1097
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RCe7ed036bb4cb4dc89bdf084029e843a5-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 776 B
753 B 67ms
66ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RCe7ed036bb4cb4dc89bdf084029e843a5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 54bdcdd51e9c21b7d971b532d693b6063a7d01cfac56c82c553a5e032385a514

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 496
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC1b12bbad598c4c1380765438bb0467a9-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 718 B
710 B 67ms
67ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC1b12bbad598c4c1380765438bb0467a9-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 529a6d1a39eaba1e4de7d51ec9eb786f66569bab254b40ad52d8b1836438637a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 453
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC9f906a1934ae46f6b85351f19bfa52f0-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 2 KB
1 KB 67ms
67ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC9f906a1934ae46f6b85351f19bfa52f0-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 80cb380eb82e70d01a20b206df7878d3cd63769afa75f194fce7081c421d86cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 906
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC62a22fd426a0470dad9c40c7f2f4b2fb-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 648 B
667 B 69ms
68ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC62a22fd426a0470dad9c40c7f2f4b2fb-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9ef4b3ee0798411af436abe571b0237d71d62ab1a48920f7063cd565c88e64d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 411
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 RC5144740cc710431e95a7dd7c05b8b386-source.min.js Show response
assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/ 1 KB
936 B 67ms
67ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/697d0c070f1e/d405339bb010/66543b347854/RC5144740cc710431e95a7dd7c05b8b386-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 63d4b2ba23cac4b4b5a1c4d44afe96a33724a177e8b3a40eba4bdc7cf6cc814c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 11 Dec 2023 01:44:35 GMT
server: AkamaiNetStorage
etag: "f2c1a14270c0912967ac73a787cbd724:1702259075.343881"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 679
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP971e6ad26efe44ab86e98d3905a44621/ 25 KB
9 KB 44ms
44ms Script
application/x-javascript 2a02:26f0:f3:38c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP971e6ad26efe44ab86e98d3905a44621/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f3:38c::1e80 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 32bc033e13e02d8809b2c8c97ac5a5110c5f375a830ed6cace5ce1202ab5b480

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 03 Jun 2019 23:03:35 GMT
server: AkamaiNetStorage
etag: "e539ea6425ae55fa9f68995bc5a68886:1559603018"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8640
expires: Wed, 13 Dec 2023 00:04:12 GMT

GET
H2 200 otSDKStub.js Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/ 20 KB
7 KB 229ms
54ms Script
application/x-javascript 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/otSDKStub.js?7022798512411510
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1a6622bbfd2f4017f391cae1040e22f99a923116427a0ccb25543581f5d92257

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
last-modified: Mon, 06 Jun 2022 19:38:47 GMT
server: AkamaiNetStorage
etag: "67b989d4e95276950bf7da56f7c0598d:1654544327.296254"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=832247
accept-ranges: bytes
content-length: 6886
expires: Fri, 22 Dec 2023 14:14:59 GMT

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
32 KB 178ms
48ms Script
application/javascript 2600:9000:2127:ea00:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=marriott-0af76d19-dfba-4407-860e-54c7ed29bed4
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:ea00:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
content-encoding: gzip
via: 1.1 77d19519a1c9ed821ab469548b9d17f4.cloudfront.net (CloudFront)
date: Tue, 12 Dec 2023 19:47:36 GMT
last-modified: Thu, 16 Sep 2021 18:14:59 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 62053
etag: W/"08e770c8a17bf087d50cec01af0892c2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 9RMqgqWDqKJrqpktjlqeRg7fIlm1g9suF8vo9a9B2v-he0nhzNuxaw==

GET
H3 200 836072006419889 Show response
connect.facebook.net/signals/config/ 143 KB
37 KB 317ms
317ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/836072006419889?v=2.9.138&r=stable&domain=obywatelwie.click

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8aba4509b7ad6addbbf031a95d30d9ca14933006d511750c08d9049382fb9438

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Dec 2023 23:04:12 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: lD9sZA3FAo/uuNF4DulUtqFUjNrXKY5lqU9iw4wubmiaEh8LOHgR5jIqO/VBiqd9o4fz5o7bTgEx5xDv4dEEkA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 126ms
38ms Script
application/x-javascript 18.239.67.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.67.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-67-100.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 06:08:18 GMT
Content-Encoding: gzip
Via: 1.1 391671221007e4a70643cc0de549779c.cloudfront.net (CloudFront)
Last-Modified: Thu, 30 Nov 2023 03:37:28 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS58-P4
Age: 60955
x-amz-server-side-encryption: AES256
ETag: W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: o_vfXEQAd3nBmppQluA-0-cdJ3tz5gG3DiZ3HDFyXObdaGRLDNlEFw==

GET
H2 200 pxrc.php
pxl.jivox.com/tags/re/ 43 B
453 B 420ms
180ms Image
image/gif 34.202.21.73

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pxl.jivox.com/tags/re/pxrc.php?px=958deafa6b01b7&ret=img&cData=N/A&px_558deaefe29b99=N/A&px_45c37cd1a3ffb5=%27%27&px_75c37cd56820dd=N/A%20&px_65c37cdd1171be=1&px_95c37ce084b3e1=1&px_15b33b35ba04d9=N/A&px_65b33b372611c8=obywatelwie.click/&px_45b33b3b62bcfa=N/A&px_25b33b3e68bd91=N/A&px_05b33b3f8d42f0=N/A&px_25d820700bc474=%27%27&px_25b33b410cb604=N/A&px_25d8208f4381f8=N/A
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.202.21.73 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.39.v20210325) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
server: Jetty(9.4.39.v20210325)
p3p: CP='IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA'
access-control-allow-origin: *
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
access-control-allow-headers: content-type
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 mhotels.html Show response
static.sojern.com/marriott/ Frame 6B51 9 KB
10 KB 144ms
40ms Document
text/html 35.244.188.9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.188.9 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 9.188.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2cac89100642acb92e8c705a639a012b32de7eb32db954a31890da8a091610c3

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-length: 9706
content-type: text/html
date: Tue, 12 Dec 2023 22:48:33 GMT
etag: "61166aab6d850b40153da0ce87a22993"
expires: Tue, 12 Dec 2023 23:48:33 GMT
last-modified: Fri, 03 Feb 2023 17:26:13 GMT
server: UploadServer
x-goog-generation: 1675445173923779
x-goog-hash: crc32c=9DJkug== md5=YRZqq22FC0AVPaDOh6Ipkw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9706
x-guploader-uploadid: ABPtcPolrp41G17Q3EcPx7-vlTLS6T7hWtrgbSaKc0SoFE1DLkzhmnCP6HgoVRJ41PPfzNHlSK8

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 180 KB
66 KB 54ms
54ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-1359549&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4cf73bc1fd94db34651bb84075bfae14ec289be666607697b4f0da53798d83b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67459
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 149 KB
57 KB 61ms
61ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-924374711&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

68e4e3f5754ae658b3051518371131fc02c3c6ccf57cf1a11c4574086f0399b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58011
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
76 KB 104ms
104ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-950378023&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9edccf263907beddcbffa8334b74119cafa0ca91671b6007f94f091c2625d817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77892
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 180 KB
66 KB 74ms
74ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9035495&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

beb59db3eb2fca63bf5eab1f725e85b4b90a8ec6ebf99ed433f65c80f3f6cb0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67458
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
72 KB 78ms
77ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-366134444&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

250f9a565e1173e12ebfd03281ba95b542990d549fee3a519cc74279ce436fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74090
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 174 KB
63 KB 67ms
67ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-203334133-1&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94d948d51aee8c3f8f54fc1b38c675d5ea686d9fad295c8358ec6ace078ba359

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64962
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
78 KB 96ms
96ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1LXTBF5X2V&l=dataLayerB&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-981033382&l=dataLayerB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aed6cc8f4c6336d72155e924b859b4cc286fffddd85cd03b88486edd980680cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79475
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Dec 2023 23:04:12 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
807 B 137ms
40ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d59318dbc0445735297ba2e769e2bc60358a0abfafe66f503ddc0a09610c28b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Dec 2023 09:10:47 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=27854
accept-ranges: bytes
content-length: 597

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 4 KB
2 KB 158ms
39ms Script
application/javascript 2a02:26f0:7100:8b2::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:8b2::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
content-encoding: br
x-cdn: akamai
etag: "8d7d8ce32aa2a45d64e9f04a9a5cb1c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
alt-svc: h3=":443"; ma=600
content-length: 1793

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 18 KB
7 KB 136ms
40ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

ats-carp-promotion: 1, 1
date: Tue, 12 Dec 2023 22:55:46 GMT
x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-request-id: GFV0G161RZG314MS
age: 507
x-amz-server-side-encryption: AES256
content-length: 6262
x-amz-id-2: 9aym4FTZgyOA4sn+fMH2TMbZdT3yxZftiiFADWMM7cpc8BuAymDfvU02uJfmzb1H1WWpaWkN2v8=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Mon, 26 Jun 2023 09:26:35 GMT
server: ATS
etag: "5c6ed25dce803fd84288922b8928409e-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=3600
accept-ranges: bytes

GET
H2 200 scevent.min.js Show response
sc-static.net/ 41 KB
18 KB 153ms
65ms Script
application/javascript 18.239.67.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.67.245 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-67-245.ams58.r.cloudfront.net
Software: CloudFront /
Resource Hash: 167ee4702e76b96cfe396221bef5630f2182e4148a3406c303992ab2f44c357a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
via: 1.1 b12f8dbad5c96c988a65bc3df19995d0.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS58-P4
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 17610
x-amz-cf-id: pBtXLIr0tWabO0MziuVBuSErI3Ov41KKNKWXSIiwbNiyU4a9YrReKg==

GET
H2 200 UCMController Show response
login.dotomi.com/ucm/ Frame 56A4 181 B
365 B 234ms
119ms Document
text/html 89.207.16.201
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_cid=2814&dtm_cmagic=8e987c&dtm_format=5&dtm_fid=101&cli_promo_id=2&dtmc_marsha_code=&canonical_url=https%3A%2F%2Fwww.pizzadominium.pl%2F&dtm_user_token=&dtmc_ref=&dtmc_loc=https%3A%2F%2Fobywatelwie.click%2F&fpc_status=
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.207.16.201 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams04-nessy-float1.dotomi.com
Software: nginx /
Resource Hash: 9170f96d6133c832c41b8243196ad1955708ecb7f17e8d3dd0797d6a96ed6189

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private, max-age=0, no-store
content-length: 181
content-type: text/html
date: Tue, 12 Dec 2023 23:04:12 GMT
expires: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
pragma: no-cache
server: nginx

GET
H2 200 140436 Show response
beacon.sojern.com/pixel/p/ 5 KB
1 KB 181ms
53ms Script
application/javascript 107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.sojern.com/pixel/p/140436?f_v=v6_js&p_v=1&vid=hot&pc=https%3A%2F%2Fobywatelwie.click%2F&cid=
Requested by: Host: obywatelwie.click
URL: https://obywatelwie.click/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: f00197924b7a9112a2b107dad644c261346900e769c3f37cd04cdadc3465dda1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
via: 1.1 google
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 889

GET
H2 204 5140893.js Show response
bat.bing.com/p/action/ 0
117 B 62ms
62ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5140893.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 12 Dec 2023 23:04:11 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0C5D9328E06E4F03B1D7712C8AFA0415 Ref B: FRA31EDGE0219 Ref C: 2023-12-12T23:04:12Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 141ms
141ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5140893&tm=al001&Ver=2&mid=554d00b4-709c-4468-84f4-1dd1bc686747&sid=c39803c0994211ee9cf08d2d72d991b4&vid=c39806f0994211eea581ab89ab3b3397&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&kw=pizza,%20pizzeria,%20pizze,%20sie%C4%87%20pizzerii,%20pizzeri,%20na%20telefon,%20z%20dostaw%C4%85,%20dostawa,%20przepis%20na,%20dominium%20Krak%C3%B3w,%20Warszawa&p=https%3A%2F%2Fobywatelwie.click%2F&r=&lt=2407&pt=1702422246410,,,,,0,47,47,47,159,99,159,238,262,240,740,740,740,2404,2404,2407&pn=0,0&evt=pageLoad&sv=1&rn=908003

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Dec 2023 23:04:11 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1F97B8B736DF4C0999F766893785DC55 Ref B: FRA31EDGE0219 Ref C: 2023-12-12T23:04:12Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dest5.html Show response
marriottinternationa.demdex.net/ Frame 0513 7 KB
3 KB 78ms
55ms Document
text/html 63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://marriottinternationa.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN3963523be4674e5591a9c4d516697352.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 12 Dec 2023 23:04:12 GMT
dcs: dcs-prod-irl1-2-v054-0fcaa6a4f.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Nov 2023 17:04:14 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: aiQclZLPS/Q=

GET
H2 200 s12505659567439 Show response
smetrics.marriott.com/b/ss/marriottglobal,/10/JS-2.14.0-LDQM/ 5 KB
6 KB 202ms
77ms Script
application/x-javascript 63.140.62.135

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.marriott.com/b/ss/marriottglobal,/10/JS-2.14.0-LDQM/s12505659567439?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=13%2F11%2F2023%200%3A4%3A12%203%20-60&d.&nsid=0&jsonv=1&.d&mid=88759796142433268092511094124681146130&aamlh=6&ce=UTF-8&pageName=obywatelwie.click%2F&g=https%3A%2F%2Fobywatelwie.click%2F&cc=USD&v0=Unpaid%20Referrals%3A%20Typed%2FBookmarked&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c5=No%20Site%20ID&c8=D%3Dv15&c26=Launch&v41=No%20Site%20ID&c71=Off-Platform%20Basic&v101=Default%20Cookie%20Opt-in&v192=obywatelwie.click%2F&v237=pl&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=664516D751E565010A490D4C%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP971e6ad26efe44ab86e98d3905a44621/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.135 -, , ASN (),

Reverse DNS

Software

jag /

Resource Hash

af6060c72348dc56d0593a9187996a762466f3b763d0c0ac406d7d173e8245c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-aam-tid: scnOG+kVQQA=
date: Tue, 12 Dec 2023 23:04:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 5414
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v054-028c9a153.edge-irl1.demdex.com 6 ms
pragma: no-cache
last-modified: Wed, 13 Dec 2023 23:04:12 GMT
server: jag
etag: 3655923948445663232-4617778290835226484
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 11 Dec 2023 23:04:12 GMT

GET
H2

200

ibs:dpid=411&dpuuid=ZXjm7AAAAEbmXANn
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=88842790656062436322503911365090206075
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZXjm7AAAAEbmXANn

42 B
717 B

57ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZXjm7AAAAEbmXANn

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-0f7fdf65c.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: whDYgO6XQb8=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZXjm7AAAAEbmXANn
Date: Tue, 12 Dec 2023 23:04:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 213 Show response
beacon.sojern.com/pixel/cp/ Frame 6B51 4 KB
903 B 56ms
56ms Script
application/javascript 107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.sojern.com/pixel/cp/213?f_v=cp_v3_js&p_v=4&cid=MGP_201904%7Cundefined%7Chttps%3A%2F%2Fobywatelwie.click%2F&p=undefined&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&t=undefined&hr=undefined&hp=undefined&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&pt=TRACKING&
Requested by: Host: static.sojern.com
URL: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: 617c881e1af9c357f178e20bdc7d38ee72fb504985a6be53217e29b904d23af8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
via: 1.1 google
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 755

GET
H2

200

/ Show response
match.adsrvr.org/track/upb/ Frame E2DE
Redirect Chain

https://insight.adsrvr.org/track/up?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0
https://match.adsrvr.org/track/upb/?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0

0
59 B

58ms
58ms

Document
text/html

15.197.193.217

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/upb/?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
content-type: text/html
date: Tue, 12 Dec 2023 23:04:12 GMT
server: Kestrel

Redirect headers

content-length: 269
date: Tue, 12 Dec 2023 23:04:12 GMT
location: https://match.adsrvr.org/track/upb/?adv=hbq9bjg&ref=https%3A%2F%2Fobywatelwie.click%2F&upid=byw7ch4&upv=1.1.0
server: Kestrel

GET
H2

200

dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uap...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl...
https://ad.doubleclick.net/activity;dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dm...
https://adservice.google.com/ddm/fls/z/dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=...

42 B
107 B

77ms
77ms

Image
image/gif

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Protocol

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CJKl_oyBi4MDFR0QogMdH8kMZw;src=1359549;type=marri003;cat=m1m_m0;ord=8503227746695;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;ua...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=...
https://ad.doubleclick.net/activity;dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=1638216297.1702422247;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l...
https://adservice.google.com/ddm/fls/z/dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypha...

42 B
107 B

78ms
78ms

Image
image/gif

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F

Protocol

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CKml_oyBi4MDFSoKogMdsSoHPA;src=1359549;type=marri001;cat=m1m_g0;ord=1;num=1180328329512;npa=1;auiddc=*;u7=%2F;gtm=45fe3bt0;gcd=11l1l1l1l3;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fobywatelwie.click%2F
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-203334133-1&l=dataLayerB&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Dec 2023 21:22:25 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6107
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 12 Dec 2023 23:22:25 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 31 KB
12 KB 40ms
40ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Dec 2023 13:47:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=61972
accept-ranges: bytes
content-length: 12150

GET
H2 200 405909.json Show response
s.yimg.com/wi/config/ 44 B
683 B 216ms
137ms XHR
application/json 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/405909.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

fad2b41a387ad2bff0c05ed1475f79529e13a17163eb6e36f8953822d96ded88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
x-amz-version-id: 8L07.vJXK.i73BuPrJXdSV1ALL1hc_jp
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-request-id: FNA0TS659A5QJMM7
age: 0
x-amz-server-side-encryption: AES256
content-length: 44
x-amz-id-2: iauQXq8/ojlDDB17GjbaLQ1WpGWqsF4oAGRfnq2I4ZGNsAMTEUpPp001je5E1BBQ2RHzWGTxCXx2LrpIOmfJmQ==
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Thu, 16 Jan 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Tue, 12 Dec 2023 21:46:42 GMT
server: ATS
etag: "bef1253818c00b6e13b42804c46f2014"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 638ms
116ms Preflight 34.226.231.102

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.231.102 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://obywatelwie.click
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://obywatelwie.click
access-control-max-age: 600
content-length: 0
date: Tue, 12 Dec 2023 23:04:13 GMT
server: nginx

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
329 B 351ms
117ms XHR
text/plain 34.226.231.102

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: c.tvpixel.com
URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=marriott-0af76d19-dfba-4407-860e-54c7ed29bed4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.231.102 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://obywatelwie.click
date: Tue, 12 Dec 2023 23:04:13 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2 200 main.74d80534.js Show response
s.pinimg.com/ct/lib/ 65 KB
19 KB 40ms
39ms Script
application/javascript 2a02:26f0:7100:8b2::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:8b2::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: br
x-cdn: akamai
etag: "cb251578b1e91b3cc440fd1521770cc5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18895

GET
H2 200 b9c54897-9a69-45f1-bbe2-55b2ae0ba593-test.json Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/consent/b9c54897-9a69-45f1-bbe2-55b2ae0ba593-test/ 4 KB
5 KB 172ms
54ms XHR
application/json 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/consent/b9c54897-9a69-45f1-bbe2-55b2ae0ba593-test/b9c54897-9a69-45f1-bbe2-55b2ae0ba593-test.json
Requested by: Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/otSDKStub.js?7022798512411510
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7316c1dfbc9f061b2280befce5285d9576624d84376031f96583df11d82ea916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
last-modified: Mon, 06 Jun 2022 19:54:53 GMT
server: AkamaiNetStorage
etag: "2f1c841426300bd3781a1752ab891f7c:1654545293.924385"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=26941
accept-ranges: bytes
content-length: 4006
expires: Wed, 13 Dec 2023 06:33:13 GMT

GET
H2

200

src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=[Or...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=4810757;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;o...
https://ad.doubleclick.net/ddm/activity/src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_fo...
https://adservice.google.com/ddm/fls/z/src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for...

42 B
107 B

76ms
76ms

Image
image/gif

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=[OrderID]

Protocol

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=4810757;dc_pre=CKbp_oyBi4MDFXYPogMdGw8LKw;type=sales;cat=5myqls5f;qty=1;cost=0;u1=;u16=https%253A%252F%252Fobywatelwie.click%252F;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=[OrderID]
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1565798&t=1
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1565798%26t%3D1

0
804 B

45ms
44ms

Image
application/javascript

185.89.210.180

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1565798%26t%3D1

Protocol

Server

185.89.210.180 -, , ASN (),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: 0654a331-508f-4075-a049-5f39a07da602
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: 7c5bd50c-19f4-4833-9e26-e30dc48d1284
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1565798%26t%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=29464183&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D29464183%26t%3D1

0
804 B

45ms
45ms

Image
application/javascript

185.89.210.180

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D29464183%26t%3D1

Protocol

Server

185.89.210.180 -, , ASN (),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: f4380201-2fdf-4846-a222-a93b2c4d3b4d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: 9c111024-d8dc-4824-a63a-84e807166c1c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D29464183%26t%3D1
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

AdX
pixel.sojern.com/idSync/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=v5s415B9deAqKjdKDvXV2g&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dk...
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr&sjrn_ula=673976618&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1

42 B
275 B

48ms
47ms

Image
image/gif

107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr&sjrn_ula=673976618&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
via: 1.1 google
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr&sjrn_ula=673976618&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 412
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
fcmatch.youtube.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_hm=v5s415B9deAqKjdKDvXV2g&google_nid=sojern_adh
https://fcmatch.google.com/pixel?google_gm=AMnCDoo5DJbb69zTgtSxMIK6fJK0uZkyjP_rMpLj5KKlpQJtpQ8OtUuzAAKdrG1R4_ND9pWaXcBlSYGEJZ7YQiMKPo7Z-P-SFiW4pa0iBcttwsfiVczjAIc
https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo5DJbb69zTgtSxMIK6fJK0uZkyjP_rMpLj5KKlpQJtpQ8OtUuzAAKdrG1R4_ND9pWaXcBlSYGEJZ7YQiMKPo7Z-P-SFiW4pa0iBcttwsfiVczjAIc

170 B
432 B

176ms
47ms

Image
image/png

2a00:1450:4001:810::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo5DJbb69zTgtSxMIK6fJK0uZkyjP_rMpLj5KKlpQJtpQ8OtUuzAAKdrG1R4_ND9pWaXcBlSYGEJZ7YQiMKPo7Z-P-SFiW4pa0iBcttwsfiVczjAIc

Protocol

Server

2a00:1450:4001:810::200e -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo5DJbb69zTgtSxMIK6fJK0uZkyjP_rMpLj5KKlpQJtpQ8OtUuzAAKdrG1R4_ND9pWaXcBlSYGEJZ7YQiMKPo7Z-P-SFiW4pa0iBcttwsfiVczjAIc
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getuidnb
ib.adnxs.com/ 43 B
573 B 504ms
44ms Image
image/gif 185.89.210.90

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://pixel.sojern.com/idsync/apn?id=$UID&sjrn_id=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.90 -, , ASN (),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: e9f0955b-d648-492a-b59d-d75c5c6df8d0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.102; 80.255.7.102; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
148 B 57ms
57ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=u5eYaTFOvc2VGESQztCWjwHENCxNCbtSD48bqvd8eoY-nosO_dkJtVDSlx57ltMr&ttd_tpi=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2

202

adf
pixel.sojern.com/idsync/
Redirect Chain

https://c1.adform.net/serving/cookie/match?cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da&party=1296
https://c1.adform.net/serving/cookie/match?CC=1&cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da&party=1296
https://pixel.sojern.com/idsync/adf?adfid=2611940818716061769&cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da

0
218 B

61ms
48ms

Image
text/plain

107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idsync/adf?adfid=2611940818716061769&cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 12 Dec 2023 23:04:12 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
vary: Accept-Encoding

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://pixel.sojern.com/idsync/adf?adfid=2611940818716061769&cid=bf9b38d7-907d-75e0-2a2a-374a0ef5d5da
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

bounce
secure.adnxs.com/ Frame 6B51
Redirect Chain

https://secure.adnxs.com/px?id=1228256&t=1
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1228256%26t%3D1

0
804 B

45ms
44ms

Image
application/javascript

185.89.210.180

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1228256%26t%3D1

Requested by

Host: static.sojern.com
URL: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=

Protocol

Server

185.89.210.180 -, , ASN (),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: cff610a4-e717-4f2b-a9ae-67370179b762
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: 2913e3b3-bb1b-4b24-aa2f-571f26ea5552
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1228256%26t%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

bounce
secure.adnxs.com/ Frame 6B51
Redirect Chain

https://secure.adnxs.com/seg?add=21126164&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D21126164%26t%3D1

0
804 B

45ms
44ms

Image
application/javascript

185.89.210.180

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D21126164%26t%3D1

Requested by

Protocol

Server

185.89.210.180 -, , ASN (),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: de816e85-61d4-45a8-b411-16452c910397
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: 34c96c2d-7316-4dd5-9a64-078eacca93a7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D21126164%26t%3D1
x-proxy-origin: 80.255.7.102; 80.255.7.102; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

AdX
pixel.sojern.com/idSync/ Frame 6B51
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=DRtFpN_7JMMbMcuTJfYWBg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glq...
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7&sjrn_ula=824794939&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1

42 B
264 B

49ms
48ms

Image
image/gif

107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7&sjrn_ula=824794939&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1
Requested by: Host: static.sojern.com
URL: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
via: 1.1 google
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7&sjrn_ula=824794939&google_gid=CAESEHGSuVRV2UGu7j9c89wZkdg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 412
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
fcmatch.youtube.com/ Frame 6B51
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_hm=DRtFpN_7JMMbMcuTJfYWBg&google_nid=sojern_adh
https://fcmatch.google.com/pixel?google_gm=AMnCDorGH0z4kx1qnlSDZQWJrSgV0gNiaOP1zhAguRrzvotKBMbkRg3--dPDs9QqQ5eDu33t3QaN6tHUYD54ng6I-wh0fHHD2W-M-VEPQRN37ZWGPjSSgw8
https://fcmatch.youtube.com/pixel?google_gm=AMnCDorGH0z4kx1qnlSDZQWJrSgV0gNiaOP1zhAguRrzvotKBMbkRg3--dPDs9QqQ5eDu33t3QaN6tHUYD54ng6I-wh0fHHD2W-M-VEPQRN37ZWGPjSSgw8

170 B
233 B

214ms
84ms

Image
image/png

2a00:1450:4001:810::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fcmatch.youtube.com/pixel?google_gm=AMnCDorGH0z4kx1qnlSDZQWJrSgV0gNiaOP1zhAguRrzvotKBMbkRg3--dPDs9QqQ5eDu33t3QaN6tHUYD54ng6I-wh0fHHD2W-M-VEPQRN37ZWGPjSSgw8

Requested by

Protocol

Server

2a00:1450:4001:810::200e -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://fcmatch.youtube.com/pixel?google_gm=AMnCDorGH0z4kx1qnlSDZQWJrSgV0gNiaOP1zhAguRrzvotKBMbkRg3--dPDs9QqQ5eDu33t3QaN6tHUYD54ng6I-wh0fHHD2W-M-VEPQRN37ZWGPjSSgw8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getuidnb
ib.adnxs.com/ Frame 6B51 43 B
571 B 515ms
56ms Image
image/gif 185.89.210.90

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://pixel.sojern.com/idsync/apn?id=$UID&sjrn_id=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.90 -, , ASN (),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: 9ecb7144-c36f-4c42-88ed-b4096b548f9d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.102; 80.255.7.102; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 6B51 70 B
148 B 65ms
59ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=jQ8QmkBZ-pbiP_ORp8WLTiBcpz-xer1EkabVeDi0ZiEIv_O3glqgnA_YQBi3EMV7&ttd_tpi=1
Requested by: Host: static.sojern.com
URL: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2

202

adf
pixel.sojern.com/idsync/ Frame 6B51
Redirect Chain

https://c1.adform.net/serving/cookie/match?cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606&party=1296
https://c1.adform.net/serving/cookie/match?CC=1&cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606&party=1296
https://pixel.sojern.com/idsync/adf?adfid=8642569759635705708&cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606

0
208 B

81ms
49ms

Image
text/plain

107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idsync/adf?adfid=8642569759635705708&cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606
Requested by: Host: static.sojern.com
URL: https://static.sojern.com/marriott/mhotels.html?p=undefined&hprid=&hpr=&hb=undefined&hc1=undefined&hn1=undefined&hs1=undefined&ffl=undefined&hl=&t=undefined&hr=undefined&hd1=&hd2=&hconfno=&hp=undefined&hcu=&hrp=undefined&hdc=undefined&rew=undefined&l=undefined&vid=hot&cid=
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.sojern.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 12 Dec 2023 23:04:12 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
vary: Accept-Encoding

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://pixel.sojern.com/idsync/adf?adfid=8642569759635705708&cid=0d1b45a4-dffb-24c3-1b31-cb9325f61606
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 fbf5aa06-3f82-45b5-86ba-4c4fe9c75a96.js Show response
tr.snapchat.com/config/click/ 2 KB
894 B 402ms
50ms Script
application/javascript 35.190.43.134

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/config/click/fbf5aa06-3f82-45b5-86ba-4c4fe9c75a96.js?v=3.7.2-2312071952

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 -, , ASN (),

Reverse DNS

Software

API Gateway /

Resource Hash

8411e825967473432127a5dc6a18e391fec2ca13c68632841733ad322ceeafc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
Origin: https://obywatelwie.click
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-encoding: gzip
via: 1.1 google
server: API Gateway
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: https://obywatelwie.click
x-envoy-upstream-service-time: 0
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame F0F4 0
201 B 505ms
49ms Document
text/html 35.190.43.134

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=fbf5aa06-3f82-45b5-86ba-4c4fe9c75a96&u_scsid=37b5ab5e-3d4e-4e25-9618-94f7816369ef&u_sclid=5b26970d-721c-47c0-80ab-7df632953831

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 -, , ASN (),

Reverse DNS

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Tue, 12 Dec 2023 23:04:13 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google
x-envoy-upstream-service-time: 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D360572%26time%3D1702422252558%26url%3Dhttps%253A%252F%252Fobywatelwie.click%252F%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true&liSync=true&e_ipv6=AQKQAqwtQaDGtwAAAYxgRg_HhshPG7lxJ0Jwmc8jadsb...

0
266 B

263ms
166ms

Image
application/javascript

13.107.42.14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true&liSync=true&e_ipv6=AQKQAqwtQaDGtwAAAYxgRg_HhshPG7lxJ0Jwmc8jadsbw6pFBVbHxRtlfcWih1JntA31nlk
Protocol: H2
Server: 13.107.42.14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C5DD308320124121821E8349BF9F889C Ref B: DUS30EDGE0311 Ref C: 2023-12-12T23:04:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMWBGxHgWLqN5Kfn8cfw==

Redirect headers

date: Tue, 12 Dec 2023 23:04:12 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C4F0AE449A444C35A921E6716E78A4C3 Ref B: FRAEDGE1408 Ref C: 2023-12-12T23:04:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=360572&time=1702422252558&url=https%3A%2F%2Fobywatelwie.click%2F&cookiesTest=true&liSync=true&e_ipv6=AQKQAqwtQaDGtwAAAYxgRg_HhshPG7lxJ0Jwmc8jadsbw6pFBVbHxRtlfcWih1JntA31nlk
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMWBGti6A0UUmuz2Ijww==

GET
H2

200

ibs:dpid=358&dpuuid=8621190398352678120
dpm.demdex.net/ Frame 0513
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=8621190398352678120

42 B
717 B

56ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=8621190398352678120

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-0603339eb.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: RTdfO9OuTE4=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
an-x-request-uuid: a6e964ce-bbb8-418a-8bd7-767309866b2a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=8621190398352678120
x-proxy-origin: 80.255.7.102; 80.255.7.102; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 40ms
40ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=836072006419889&ev=PageView&dl=https%3A%2F%2Fobywatelwie.click%2F&rl=&if=false&ts=1702422252564&cd[brand]=brand&cd[level]=&cd[signin]=&cd[language]=&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1702422247467.1601070480&ler=empty&cs_est=true&it=1702422247350&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 12 Dec 2023 23:04:12 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 / Show response
ct.pinterest.com/user/ 302 B
692 B 588ms
164ms XHR
application/json 23.212.88.188

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2613977086519&pd=%7B%7D&cb=1702422252589&dep=2%2CPAGE_LOAD

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

8e63336037bea50c9887beee711d5776ac0906b701a435ba6a002caf1a724b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.6a632617.1702422253.96569fc
x-envoy-upstream-service-time: 0
content-length: 175
x-pinterest-rid: 1015444048727735
pin-unauth: dWlkPU1tUXlZbUk1Wm1NdFltTTVNeTAwTm1WbExXRTFZVE10TVdVME1qWmlOek5sWXpobQ
pragma: no-cache
referrer-policy: origin
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://obywatelwie.click
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 18ca486382a49382d94e5112f49bc2f9e5d43a34
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 302 B
693 B 510ms
87ms XHR
application/json 23.212.88.188

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?event=pagevisit&tid=2613977086519&cb=1702422252590&dep=5%2CEVENT_TAGS_ABSENT

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

8e63336037bea50c9887beee711d5776ac0906b701a435ba6a002caf1a724b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.6a632617.1702422253.96569fb
x-envoy-upstream-service-time: 1
content-length: 175
x-pinterest-rid: 3151733535058385
pin-unauth: dWlkPU56VXhZVFppWldZdFpqVTFaUzAwTVRNekxXRmxNR0l0TXpoa01EWm1ZV1kyWW1Vdw
pragma: no-cache
referrer-policy: origin
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://obywatelwie.click
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 18ca486382a49382d94e5112f49bc2f9e5d43a34
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 302 B
714 B 491ms
68ms XHR
application/json 23.212.88.188

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?event=custom&ed=%7B%22value%22%3A334%2C%22currency%22%3A%22USD%22%7D&tid=2613977086519&cb=1702422252590&dep=5%2CEVENT_TAGS_ABSENT

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

8e63336037bea50c9887beee711d5776ac0906b701a435ba6a002caf1a724b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.6a632617.1702422253.96569fa
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=600
content-length: 175
x-pinterest-rid: 1257746306081488
pin-unauth: dWlkPVpXRTBZMlJoTXprdE1EVTFOaTAwTnpRMkxUaGpNV1F0WXprd1lqZzFaalExTkRaaA
pragma: no-cache
referrer-policy: origin
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://obywatelwie.click
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 18ca486382a49382d94e5112f49bc2f9e5d43a34
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
455 B 380ms
86ms Image
image/gif 23.212.88.188

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2613977086519&pd=%7B%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fobywatelwie.click%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1702422252590

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.6a632617.1702422253.96569fd
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 9ac24272b1390cffa57796e44049f901bc97ead3
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
content-length: 35
x-pinterest-rid: 1524017876857828
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame 0513 0
98 B 400ms
48ms Image
text/plain 35.244.174.68

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=88842790656062436322503911365090206075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
245 B 298ms
77ms Image
image/gif 212.82.100.181

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Tue%2C%2012%20Dec%202023%2023%3A04%3A12%20GMT&n=-1&b=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&.yp=405909&f=https%3A%2F%2Fobywatelwie.click%2F&enc=UTF-8&yv=1.15.1&tagmgr=gtm%2Cadobe

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Dec 2023 23:04:13 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
632 B 296ms
76ms Image
image/gif 212.82.100.181

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&b=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&.yp=405909&f=https%3A%2F%2Fobywatelwie.click%2F&enc=UTF-8&yv=1.15.1&hsr=&et=custom&ea=ViewProduct&cc=&cio=%7C&cid=&tagmgr=gtm%2Cadobe

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Dec 2023 23:04:13 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 72 B
310 B 358ms
64ms XHR
application/json 2606:4700:4400::6812:2089

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/otSDKStub.js?7022798512411510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 83499ae97dc5694b-FRA
access-control-allow-headers: Content-Type

POST
H2 200 p
tr.snapchat.com/ 0
93 B 49ms
49ms Ping
text/plain 35.190.43.134

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 -, , ASN (),

Reverse DNS

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google
server: API Gateway
access-control-allow-origin: https://obywatelwie.click
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

ibs:dpid=771&dpuuid=CAESELa2vP2YsrXXjlj_eYO5BQs&google_cver=1
dpm.demdex.net/ Frame 0513
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=ODg4NDI3OTA2NTYwNjI0MzYzMjI1MDM5MTEzNjUwOTAyMDYwNzU=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELa2vP2YsrXXjlj_eYO5BQs&google_cver=1?gdpr=0&gdpr_consent=

42 B
717 B

56ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELa2vP2YsrXXjlj_eYO5BQs&google_cver=1?gdpr=0&gdpr_consent=

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-0c9232abe.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: nGXI9GflSSo=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELa2vP2YsrXXjlj_eYO5BQs&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hbpix
idpix.media6degrees.com/orbserv/ Frame 0513 43 B
205 B 480ms
152ms Image
image/gif 2606:4700:4400::ac40:97ee

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=88842790656062436322503911365090206075
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700:4400::ac40:97ee -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 20 Jun 2023 14:57:07 GMT
server: cloudflare
etag: "6491be43-2b"
content-type: image/gif
accept-ranges: bytes
cf-ray: 83499aea884e371d-FRA
content-length: 43

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 0513 70 B
148 B 57ms
57ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=obywatelwie.click&ttd_tpi=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:12 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2

200

ibs:dpid=1957&dpuuid=0924FF587D366F760304ECBD7CBD6EBD
dpm.demdex.net/ Frame 0513
Redirect Chain

https://c.bing.com/c.gif?uid=88842790656062436322503911365090206075&Red3=MSAdobe_pd&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=0924FF587D366F760304ECBD7CBD6EBD

42 B
716 B

56ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1957&dpuuid=0924FF587D366F760304ECBD7CBD6EBD

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-0a8bf9e4f.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: a0ruL7pzQhc=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A480E4B592EA4F79A3B12ACB9B926CDF Ref B: FRA31EDGE0219 Ref C: 2023-12-12T23:04:13Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://dpm.demdex.net/ibs:dpid=1957&dpuuid=0924FF587D366F760304ECBD7CBD6EBD
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 otBannerSdk.js Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/ 319 KB
76 KB 73ms
73ms Script
application/x-javascript 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/otBannerSdk.js
Requested by: Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/otSDKStub.js?7022798512411510
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 972688e6f6c24d2b23019a796b19f90515ba5f4ff744747c072b79fa44de3432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
last-modified: Mon, 06 Jun 2022 19:39:17 GMT
server: AkamaiNetStorage
etag: "aa2e3ff705d27b77a2480d446a15e46b:1654544357.83096"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=988278
accept-ranges: bytes
content-length: 77784
expires: Sun, 24 Dec 2023 09:35:31 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
703 B 69ms
69ms Image
image/gif 23.212.88.188

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?event=custom&ed=%7B%22value%22%3A334%2C%22currency%22%3A%22USD%22%7D&tid=2613977086519&cb=1702422253084&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fobywatelwie.click%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.6a632617.1702422253.9656a26
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 18ca486382a49382d94e5112f49bc2f9e5d43a34
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
content-length: 35
x-pinterest-rid: 6115671788256116
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
700 B 68ms
68ms Image
image/gif 23.212.88.188

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?event=pagevisit&tid=2613977086519&cb=1702422253102&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fobywatelwie.click%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.6a632617.1702422253.9656a34
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 18ca486382a49382d94e5112f49bc2f9e5d43a34
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
content-length: 35
x-pinterest-rid: 2586490764299421
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 p
tr6.snapchat.com/ 0
42 B 50ms
49ms Ping
text/plain 35.190.43.134

General

Check archive.org

Show headers Download Go to

Full URL

https://tr6.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 -, , ASN (),

Reverse DNS

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0
via: 1.1 google
server: API Gateway
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

ibs:dpid=3047&dpuuid=5824DE96BCB4D8&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame 0513
Redirect Chain

https://servedby.flashtalking.com/map/?key=a74thHgsfK627J6Ftt8sj5ks52bKe&gdpr=0&gdpr_consent=&url=https://dpm.demdex.net/ibs:dpid=3047&dpuuid=[%FT_GUID%]&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=3047&dpuuid=5824DE96BCB4D8&gdpr=0&gdpr_consent=

42 B
717 B

57ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=3047&dpuuid=5824DE96BCB4D8&gdpr=0&gdpr_consent=

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0de6d1965.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: saRxJhutSCU=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 23:04:13 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app19.frk11
Location: https://dpm.demdex.net/ibs:dpid=3047&dpuuid=5824DE96BCB4D8&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Tue, 12 Dec 2023 23:04:13 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 210 KB
73 KB 56ms
56ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N9X9Q5D

Requested by

Host: obywatelwie.click
URL: https://obywatelwie.click/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6ff7bc72e6c12115d05d6cbdc5de727e1d7a43a11a8a4fe901f2f13777ae2657

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74421
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 23:04:13 GMT

GET
H3 200 ct.html Show response
ct.pinterest.com/ Frame 5F1D 565 B
348 B 73ms
73ms Document
text/html 23.212.88.188

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/ct.html

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.212.88.188 -, , ASN (),

Reverse DNS

Software

Resource Hash

f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://obywatelwie.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

akamai-grn: 0.51632617.1702422253.21ac9b39
alt-svc: h3=":443"; ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Tue, 12 Dec 2023 23:04:13 GMT
pinterest-version: 18ca486382a49382d94e5112f49bc2f9e5d43a34
quic-version: 0x00000001
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
vary: Accept-Encoding
x-cdn: akamai
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1342322511620403

GET
H2 200 pl.json Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/consent/b9c54897-9a69-45f1-bbe2-55b2ae0ba593-test/3509a96c-aa3e-429d-8eeb-04eaf007b8d5/ 100 KB
101 KB 56ms
56ms Fetch
application/json 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/consent/b9c54897-9a69-45f1-bbe2-55b2ae0ba593-test/3509a96c-aa3e-429d-8eeb-04eaf007b8d5/pl.json
Requested by: Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 74d17490d5c37ee143b5af50f3890fda40c756ba85fbe9b8312aa47131b51db9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
last-modified: Mon, 06 Jun 2022 19:48:26 GMT
server: AkamaiNetStorage
etag: "285ae735b892305a6adb6c2efcdcbbb5:1654544906.410578"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=144551
accept-ranges: bytes
content-length: 101938
expires: Thu, 14 Dec 2023 15:13:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
80 KB 54ms
54ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6HS3GYZ97C&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9X9Q5D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

43496647bebce885e2a19eb91c33f8891f453bc881bd7e95211241bb244559a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81834
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Dec 2023 23:04:13 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
440 B 164ms
47ms XHR
application/json 2a00:1450:4001:828::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://obywatelwie.click
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9X9Q5D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Dec 2023 21:22:25 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6108
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 12 Dec 2023 23:22:25 GMT

GET match.gif
match.rundsp.com/ Frame 0513 0
0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 47ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-6HS3GYZ97C&gtm=45je3bt0v9122423289z8854976559&_p=1702422246850&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1139382256.1702422247&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dl=https%3A%2F%2Fobywatelwie.click%2F&sid=1702422253&sct=1&seg=0&dt=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&en=page_view&_fv=1&_ss=1&tfd=6942
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6HS3GYZ97C&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 48ms
47ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6HS3GYZ97C&cid=1139382256.1702422247&gtm=45je3bt0v9122423289z8854976559&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6HS3GYZ97C&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6HS3GYZ97C&cid=1139382256.1702422247&gtm=45je3bt0v9122423289z8854976559&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1587868193

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 p
tr.snapchat.com/ 0
44 B 51ms
50ms Ping
text/plain 35.190.43.134

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 -, , ASN (),

Reverse DNS

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google
server: API Gateway
access-control-allow-origin: https://obywatelwie.click
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 otFloatingRounded.json Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/assets/ 10 KB
11 KB 55ms
54ms Fetch
application/json 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/assets/otFloatingRounded.json
Requested by: Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 777ab0cb5c6ffd6b2d455918b8df70fdb4c74ecb18d62f54be1afdaf3733c10d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
last-modified: Mon, 06 Jun 2022 19:39:39 GMT
server: AkamaiNetStorage
etag: "becf963d0b2b5f4544a5ec243252794c:1654544379.603934"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=110503
accept-ranges: bytes
content-length: 9894
expires: Thu, 14 Dec 2023 05:45:56 GMT

GET
H2 200 otPcTab.json Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/assets/v2/ 47 KB
48 KB 57ms
57ms Fetch
application/json 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/assets/v2/otPcTab.json
Requested by: Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4efca4768dedb757f956b51f3620d1521be4e8f065080515489defc83c2de704

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
last-modified: Mon, 06 Jun 2022 19:40:07 GMT
server: AkamaiNetStorage
etag: "398ef3d808c735374c8e1b4d3984d51a:1654544407.4634"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=254836
accept-ranges: bytes
content-length: 47745
expires: Fri, 15 Dec 2023 21:51:29 GMT

GET
H2 200 otCommonStyles.css Show response
cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/assets/ 20 KB
4 KB 53ms
53ms Fetch
text/css 2.23.196.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/assets/otCommonStyles.css
Requested by: Host: cache.marriott.com
URL: https://cache.marriott.com/aka-fonts/OneTrust/R1.3/oneTrust_test/scripttemplates/6.26.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
last-modified: Mon, 06 Jun 2022 19:39:39 GMT
server: AkamaiNetStorage
etag: "61ee8e79970dcae1685a883b098b34d0:1654544379.290447"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=554763
accept-ranges: bytes
content-length: 4130
expires: Tue, 19 Dec 2023 09:10:16 GMT

GET
H2 204 current
adobe-sync.dotomi.com/match/bounce/ Frame 0513 0
104 B 280ms
120ms Image
text/plain 2a02:fa8:8806:12::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adobe-sync.dotomi.com/match/bounce/current?networkId=85983&version=1&nuid=88842790656062436322503911365090206075&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D19360%26dpuuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
369 B 177ms
46ms XHR
application/json 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://obywatelwie.click
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2

200

ps
tag.yieldoptimizer.com/ps/
Redirect Chain

https://tag.yieldoptimizer.com/ps/ps?t=s&p=1057&si=US&ln=EN&hbc=HRS&pg=hm
https://tag.yieldoptimizer.com/ps/ps?tc=502074836&t=s&p=1057&si=US&ln=EN&hbc=HRS&pg=hm

675 B
675 B

48ms
47ms

Image
text/javascript

35.186.212.60

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.yieldoptimizer.com/ps/ps?tc=502074836&t=s&p=1057&si=US&ln=EN&hbc=HRS&pg=hm
Protocol: H2
Server: 35.186.212.60 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
content-type: text/javascript;charset=ISO-8859-1
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 675
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
location: https://tag.yieldoptimizer.com/ps/ps?tc=502074836&t=s&p=1057&si=US&ln=EN&hbc=HRS&pg=hm
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

ps
tag.yieldoptimizer.com/ps/
Redirect Chain

https://tag.yieldoptimizer.com/ps/ps?t=s&p=1057&mhcy=&mhcr=&mhcd=&mhst=&mhnm=
https://tag.yieldoptimizer.com/ps/ps?tc=162747527&t=s&p=1057&mhcy=&mhcr=&mhcd=&mhst=&mhnm=

675 B
675 B

48ms
48ms

Image
text/javascript

35.186.212.60

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.yieldoptimizer.com/ps/ps?tc=162747527&t=s&p=1057&mhcy=&mhcr=&mhcd=&mhst=&mhnm=
Protocol: H2
Server: 35.186.212.60 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
content-type: text/javascript;charset=ISO-8859-1
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 675
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:12 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
location: https://tag.yieldoptimizer.com/ps/ps?tc=162747527&t=s&p=1057&mhcy=&mhcr=&mhcd=&mhst=&mhnm=
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

ibs:dpid=22054
dpm.demdex.net/ Frame 0513
Redirect Chain

https://a.tribalfusion.com/i.match?p=b13&u=88842790656062436322503911365090206075&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
https://s.tribalfusion.com/z/i.match?p=b13&u=88842790656062436322503911365090206075&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
https://dpm.demdex.net/ibs:dpid=22054

42 B
728 B

56ms
55ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22054

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0d41b9f76.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: u4X45xOXTdc=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
x-error: 300
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 133
content-type: text/html
location: https://dpm.demdex.net/ibs:dpid=22054
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 83499aee4a5f18f5-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

ibs:dpid=22069&dpuuid=3017986941298&gdpr=0&gdprconsent=
dpm.demdex.net/ Frame 0513
Redirect Chain

https://tag.yieldoptimizer.com/ps/ps?t=i&p=2233&gdpr=0&gdpr_consent=
https://tag.yieldoptimizer.com/ps/ps?tc=984721867&t=i&p=2233&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=22069&dpuuid=3017986941298&gdpr=0&gdprconsent=

42 B
717 B

60ms
59ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22069&dpuuid=3017986941298&gdpr=0&gdprconsent=

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0d743c645.edge-irl1.demdex.com 4 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: AUdAGN6fS0M=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
location: https://dpm.demdex.net/ibs:dpid=22069&dpuuid=3017986941298&gdpr=0&gdprconsent=
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
23 B 46ms
46ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1326192117&t=pageview&_s=1&dl=https%3A%2F%2Fobywatelwie.click%2F&ul=en-us&de=UTF-8&dt=%22%3A%20Wjecha%C5%82%20w%20dziecko%20i%20uciek%C5%82!%20Zobacz%20nagranie!%20%5B%2B18%5D%22&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6CjAgUABAAQCACAEu~&jid=692490968&gjid=1822224622&cid=1139382256.1702422247&tid=UA-216496337-49&_gid=469967054.1702422252&_slc=1&gtm=45He3bt0n81N9X9Q5Dv854976559&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd3=1139382256.1702422247&z=32077994

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 47ms
47ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-216496337-49&cid=1139382256.1702422247&jid=692490968&gjid=1822224622&_gid=469967054.1702422252&_u=6CjAgUABAAQCAGAEu~&z=1303614224

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 12 Dec 2023 23:04:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://obywatelwie.click
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 50ms
49ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-216496337-49&cid=1139382256.1702422247&jid=692490968&_u=6CjAgUABAAQCAGAEu~&z=616878348

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-216496337-49&cid=1139382256.1702422247&jid=692490968&_u=6CjAgUABAAQCAGAEu~&z=616878348

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://obywatelwie.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ibs:dpid=28645&dpuuid=EBmc5DXQq8t_9VNfN6wgahvgqIKJVkss&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame 0513
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://gum.criteo.com/sync?s=1&c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=EBmc5DXQq8t_9VNfN6wgahvgqIKJVkss&gdpr=0&gdpr_consent=

42 B
717 B

56ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=28645&dpuuid=EBmc5DXQq8t_9VNfN6wgahvgqIKJVkss&gdpr=0&gdpr_consent=

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-0a5c0cf66.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: uyit3xXqQXg=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=EBmc5DXQq8t_9VNfN6wgahvgqIKJVkss&gdpr=0&gdpr_consent=
date: Tue, 12 Dec 2023 23:04:13 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 790558
content-length: 0

GET
H2

200

ibs:dpid=30646
dpm.demdex.net/ Frame 0513
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=88842790656062436322503911365090206075&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58782/cms?partner_id=ADOBE&_hosted_id=88842790656062436322503911365090206075&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-f2vcVctE2pEWFNxt1vi.p8apUWTqnN3k16g-~A

42 B
717 B

56ms
56ms

Image
image/gif

63.33.82.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-f2vcVctE2pEWFNxt1vi.p8apUWTqnN3k16g-~A

Protocol

Server

63.33.82.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-82-49.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-08b641591.edge-irl1.demdex.com 1 ms
pragma: no-cache
date: Tue, 12 Dec 2023 23:04:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 5v6GAkhoRaQ=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-f2vcVctE2pEWFNxt1vi.p8apUWTqnN3k16g-~A
date: Tue, 12 Dec 2023 23:04:13 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 139ms
139ms XHR
text/plain 2620:1ec:21::14

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://obywatelwie.click/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Dec 2023 23:04:13 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C72906BF069149D4A4FBB67F60204C09 Ref B: FRAEDGE1408 Ref C: 2023-12-12T23:04:13Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://obywatelwie.click
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYMWBGztTnWqe/UOHZ2XA==

GET

ibs:dpid=80742&dpuuid=9832acea-d329-47b4-a0fb-d398c476b159
dpm.demdex.net/ Frame 0513
Redirect Chain

https://ag.innovid.com/dv/sync?tid=6
https://dpm.demdex.net/ibs:dpid=80742&dpuuid=9832acea-d329-47b4-a0fb-d398c476b159

0
0

GET
H2 404 usync.php
pxl.jivox.com/tags/sync/ Frame 0513 0
0 117ms
116ms Image
text/html 34.202.21.73

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pxl.jivox.com/tags/sync/usync.php?px=IkovJ4aN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.202.21.73 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marriottinternationa.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET v2
usermatch.krxd.net/um/ Frame 0513 0
0

GET 5w3jqr4k
sync-tm.everesttech.net/upi/pid/ Frame 0513 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/Montserrat-Regular.woff2

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/mimiconfont.ttf?o3w0oc

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.woff2

Domain: www.pizzadominium.pl
URL: https://www.pizzadominium.pl/milestone_common/autoanalyticsrules_marriott.json

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/GetCountryBasedOnLocationHandler.ashx

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/Montserrat-Regular.woff

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.woff

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/mimiconfont.woff?o3w0oc

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.ttf

Domain: www.restauracja-anima.pl
URL: https://www.restauracja-anima.pl/fonts/Montserrat-Regular.ttf

Domain: match.rundsp.com
URL: https://match.rundsp.com/match.gif?id=88842790656062436322503911365090206075&partner=adobe

Domain: dpm.demdex.net
URL: https://dpm.demdex.net/ibs:dpid=80742&dpuuid=9832acea-d329-47b4-a0fb-d398c476b159

Domain: usermatch.krxd.net
URL: https://usermatch.krxd.net/um/v2?partner=adobe&id=88842790656062436322503911365090206075

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D

Verdicts & Comments Add Verdict or Comment

Malicious task.url
Submitted on December 12th 2023, 11:04:16 pm UTC — From United States

Threats: Phishing Scam
Comment: This domain is present in the Sinking Yachts anti-phishing list. More Info: https://sinking.yachts

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

203 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 16:55:08	Name: X-AB Value: undefined
.www.restauracja-anima.pl/	1969-12-31 23:59:59	Name: _cfuvid Value: lZkCeyEX64EfNOei45XvvgUiTzATiMApNwyxYUbWFAI-1702422246884-0-604800000
.obywatelwie.click/	1970-01-20 19:03:18	Name: _gcl_au Value: 1.1.1638216297.1702422247
.obywatelwie.click/	1970-01-21 02:29:42	Name: _ga_15N31ETXG9 Value: GS1.1.1702422247.1.0.1702422247.0.0.0
.obywatelwie.click/	1970-01-21 02:29:42	Name: _ga Value: GA1.2.1139382256.1702422247
.obywatelwie.click/	1970-01-20 16:53:42	Name: _gat_UA-15952150-9 Value: 1
.doubleclick.net/	1970-01-21 02:15:18	Name: IDE Value: AHWqTUnCKdneoV0DUVsGcVnkX5Z1fj7awaqJIn3Tp6zGOfPtGtu2lYwtotCMWJz63Ng
.obywatelwie.click/	1970-01-20 19:03:18	Name: _fbp Value: fb.1.1702422247467.1601070480
.obywatelwie.click/	1970-01-21 02:29:42	Name: _ga_N0WGMNV8JE Value: GS1.2.1702422247.1.0.1702422247.60.0.0
.obywatelwie.click/	1970-01-20 16:55:08	Name: _uetsid Value: c39803c0994211ee9cf08d2d72d991b4
.obywatelwie.click/	1970-01-21 02:15:18	Name: _uetvid Value: c39806f0994211eea581ab89ab3b3397
.demdex.net/	1970-01-20 21:12:54	Name: demdex Value: 88842790656062436322503911365090206075
obywatelwie.click/	1969-12-31 23:59:59	Name: AMCVS_664516D751E565010A490D4C%40AdobeOrg Value: 1
obywatelwie.click/	1970-01-21 02:29:42	Name: AMCV_664516D751E565010A490D4C%40AdobeOrg Value: -1712354808%7CMCIDTS%7C19704%7CMCMID%7C88759796142433268092511094124681146130%7CMCAAMLH-1703027052%7C6%7CMCAAMB-1703027052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1702429452s%7CNONE%7CvVersion%7C4.3.0
.obywatelwie.click/	1970-01-20 16:53:44	Name: s_tbm Value: true
.obywatelwie.click/	1969-12-31 23:59:59	Name: s_campaign Value: Unpaid%20Referrals%3A%20Typed%2FBookmarked
.obywatelwie.click/	1969-12-31 23:59:59	Name: s_cc Value: true
.obywatelwie.click/	1969-12-31 23:59:59	Name: Value: GA1.2.1139382256.1702422247
.obywatelwie.click/	1970-01-20 16:55:08	Name: _gid Value: GA1.2.469967054.1702422252
.sojern.com/	1970-01-21 01:39:18	Name: cid Value: 0d1b45a4-dffb-24c3-1b31-cb9325f61606#1702944000000
.obywatelwie.click/	1970-01-20 16:53:44	Name: _dpm_ses.f0e0 Value: *
.obywatelwie.click/	1970-01-21 01:39:18	Name: _dpm_id.f0e0 Value: 1b147f7c-be4f-4dea-99f9-d52571d72b20.1702422252.1.1702422252.1702422252.261876e5-ec52-417d-a397-5dbe056e4e7c
.bing.com/	1970-01-21 02:15:18	Name: MUID Value: 0924FF587D366F760304ECBD7CBD6EBD
.obywatelwie.click/	1970-01-21 02:23:28	Name: _scid Value: b85b0bb5-62f4-4915-adc2-53c82fca1f7a
.obywatelwie.click/	1970-01-21 02:23:28	Name: _scid_r Value: b85b0bb5-62f4-4915-adc2-53c82fca1f7a
.demdex.net/	1970-01-20 21:12:54	Name: dextp Value: 358-1-1702422252559

31 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.pizzadominium.pl/public/resources/style/packed/40f51bac67bbf527dc16315c49927b14.css Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.pizzadominium.pl/public/resources/javascript/packed/c6eee5fe262225c62db5effc6ceab34a.js Message: Failed to load resource: the server responded with a status of 403 ()
rendering	warning	URL: https://obywatelwie.click/(Line 138) Message: The value "160dpi" for key "target-densitydpi" was truncated to its numeric prefix.
rendering	warning	URL: https://obywatelwie.click/(Line 138) Message: The key "target-densitydpi" is not supported.
javascript	warning	URL: https://obywatelwie.click/(Line 155) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.restauracja-anima.pl/dynamic/js/home.aspx?version=7152022094906, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://obywatelwie.click/(Line 155) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.restauracja-anima.pl/dynamic/js/home.aspx?version=7152022094906, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://script.crazyegg.com/pages/scripts/0092/7476.js Message: Failed to load resource: the server responded with a status of 410 ()
javascript	error	URL: https://obywatelwie.click/ Message: Access to XMLHttpRequest at 'https://www.pizzadominium.pl/milestone_common/autoanalyticsrules_marriott.json' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.pizzadominium.pl/milestone_common/autoanalyticsrules_marriott.json Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/Montserrat-Regular.woff2' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/Montserrat-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.woff2' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to XMLHttpRequest at 'https://www.restauracja-anima.pl/GetCountryBasedOnLocationHandler.ashx' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/GetCountryBasedOnLocationHandler.ashx Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/mimiconfont.ttf?o3w0oc' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/mimiconfont.ttf?o3w0oc Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.woff' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/Montserrat-Regular.woff' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/Montserrat-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/mimiconfont.woff?o3w0oc' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/mimiconfont.woff?o3w0oc Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.ttf' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/ArchivoBlack-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://obywatelwie.click/ Message: Access to font at 'https://www.restauracja-anima.pl/fonts/Montserrat-Regular.ttf' from origin 'https://obywatelwie.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.restauracja-anima.pl/fonts/Montserrat-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://connect.facebook.net/signals/config/836072006419889?v=2.9.138&r=stable&domain=obywatelwie.click(Line 137) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=88842790656062436322503911365090206075 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://match.rundsp.com/match.gif?id=88842790656062436322503911365090206075&partner=adobe Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://pxl.jivox.com/tags/sync/usync.php?px=IkovJ4aN Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10121152.fls.doubleclick.net
10902911.fls.doubleclick.net
a.tribalfusion.com
ad.doubleclick.net
adobe-sync.dotomi.com
adservice.google.com
ampcid.google.com
ampcid.google.de
assets.adobedtm.com
bat.bing.com
beacon.sojern.com
c.bing.com
c.tvpixel.com
c1.adform.net
cache.marriott.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
ct.pinterest.com
dpm.demdex.net
fcmatch.google.com
fcmatch.youtube.com
geolocation.onetrust.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
idpix.media6degrees.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
login.dotomi.com
marriottinternationa.demdex.net
match.adsrvr.org
match.rundsp.com
obywatelwie.click
p.tvpixel.com
pixel.sojern.com
px.ads.linkedin.com
px4.ads.linkedin.com
pxl.jivox.com
region1.analytics.google.com
region1.google-analytics.com
s.pinimg.com
s.tribalfusion.com
s.yimg.com
sc-static.net
script.crazyegg.com
secure.adnxs.com
servedby.flashtalking.com
smetrics.marriott.com
snap.licdn.com
sp.analytics.yahoo.com
static.sojern.com
stats.g.doubleclick.net
sync-tm.everesttech.net
t.goadservices.com
tag.yieldoptimizer.com
tr.snapchat.com
tr6.snapchat.com
ups.analytics.yahoo.com
usermatch.krxd.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.pizzadominium.pl
www.restauracja-anima.pl
dpm.demdex.net
match.rundsp.com
sync-tm.everesttech.net
usermatch.krxd.net
www.pizzadominium.pl
www.restauracja-anima.pl
107.178.244.119
13.107.42.14
142.250.181.230
142.250.186.130
15.197.193.217
172.217.18.2
18.239.67.100
18.239.67.245
185.89.210.180
185.89.210.90
195.177.217.192
2.23.196.80
2001:4860:4802:32::36
212.82.100.181
216.58.206.38
23.212.88.188
23.215.22.232
2600:9000:2127:ea00:1d:bf0a:0:93a1
2606:4700:4400::6812:2089
2606:4700:4400::ac40:92e1
2606:4700:4400::ac40:97ee
2606:4700::6812:19ad
2606:4700::6813:9408
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:802::2003
2a00:1450:4001:803::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:810::200e
2a00:1450:4001:812::200e
2a00:1450:4001:813::2004
2a00:1450:4001:828::200e
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9a
2a02:2638:3::c
2a02:26f0:3500:16::215:149b
2a02:26f0:7100:8b2::1931
2a02:26f0:f3:38c::1e80
2a02:4780:9:1263:0:2d6c:6275:10
2a02:fa8:8806:12::1400
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
3.75.62.37
34.202.21.73
34.226.231.102
35.186.212.60
35.190.43.134
35.244.174.68
35.244.188.9
37.157.6.237
62.129.206.181
63.140.62.135
63.33.14.251
63.33.82.49
89.207.16.201
02518efb2cd133d811b1f8c16d44fc8e2bb5f0a0e40109d12c929ed0971464e4
089030d8bec22aa48ae59e27516a4e8a1fcec666e9d783c7a1df47220b750dc1
0968cf15ba20387d7a0a582c40315b5b5cef4f467212f80557a7fbd0a048a605
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0f8dcefa03db0daa2ee73641cc0959018449b10fabe0f5addf2c84577a627fb5
15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a
167ee4702e76b96cfe396221bef5630f2182e4148a3406c303992ab2f44c357a
1a6622bbfd2f4017f391cae1040e22f99a923116427a0ccb25543581f5d92257
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
250f9a565e1173e12ebfd03281ba95b542990d549fee3a519cc74279ce436fc5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2cac89100642acb92e8c705a639a012b32de7eb32db954a31890da8a091610c3
2e571c730a581e2fb93d1b195bdc90abab0b0ffeee3dd73aed832501151f8ff2
2e67ed6358a4d4ac2d7d776c10a5711c1600eb3cd5d94c6b5c6f23ea8f7023fb
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
2f57ae027df18a30442ad8c26a9e76773bd49f96895cb2e697fb132d0b0f6fe0
32bc033e13e02d8809b2c8c97ac5a5110c5f375a830ed6cace5ce1202ab5b480
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b42793d1ce6c10fb4ee27dd4e3ddd43d60a807e18600379e8bfc754b6cb48ec
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c35516b2bef43a275909a9b50efe813c5169d4bb12792d5ac89f7ba6a05b843
3c35a1c82f7f991ff17de0e6d758420ae88fc547461401c31f6d0d325e840f38
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
43496647bebce885e2a19eb91c33f8891f453bc881bd7e95211241bb244559a6
43b26669f51ec61920e6fbd09098660c9393d1440b1f265ccfaff0c929f91365
47dd57cc9ded75222fba6c0e19de82de25b9f076b31e9cda536725e01514ce46
47ffab2ea030ef1d0057d53f309ed0dac092f639e0659f3c73502c0934bb04cd
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
48a3fb42b4179a24fa50c6eabaa509e7a54b6da6db26eca6b8f8a4f9b6405027
4a89103e0f008a1fcf62fe42810d3254a08bd7b22ec787b3702fd0747a4bf805
4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f
4b0a2dff03fbcb2a399122e94720242ff5a1cd04b401542c5223d1882875c1fe
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf73bc1fd94db34651bb84075bfae14ec289be666607697b4f0da53798d83b0
4efca4768dedb757f956b51f3620d1521be4e8f065080515489defc83c2de704
50fdcabdc08af92992f13aca27b0df50c29c2c3ca2b534e799f695a47155cc88
529a6d1a39eaba1e4de7d51ec9eb786f66569bab254b40ad52d8b1836438637a
54bdcdd51e9c21b7d971b532d693b6063a7d01cfac56c82c553a5e032385a514
59d7f6386ba723011e303ae87b39e907312ee2d831f94cb1d5190874e3c83404
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
60c6729b0763b99517336159d664ce2b9d1eb3b0fc394ff133a6bd6fc7c05659
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb
617c881e1af9c357f178e20bdc7d38ee72fb504985a6be53217e29b904d23af8
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
63d4b2ba23cac4b4b5a1c4d44afe96a33724a177e8b3a40eba4bdc7cf6cc814c
66679eeeff1f95eb4130b7461e70a60beb8658dbbab557e08792189ab6f5dcfc
68e4e3f5754ae658b3051518371131fc02c3c6ccf57cf1a11c4574086f0399b7
6b682e8c6452862aeba0a0ca5d7e69a6d98ae0bc4769006f5019dad00d43bbcb
6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e
6d9e43ce1538a763aa4ac11b5540e6c061ebdbd52d39fb02e60ebd16b8c4c850
6e3779fe40d6f92c5efd0eddc2506c7afdc4f112f0c5c8667b2d126f4d53cb5c
6ff7bc72e6c12115d05d6cbdc5de727e1d7a43a11a8a4fe901f2f13777ae2657
7316c1dfbc9f061b2280befce5285d9576624d84376031f96583df11d82ea916
74d17490d5c37ee143b5af50f3890fda40c756ba85fbe9b8312aa47131b51db9
756cca29e306e66f94e7b705c45bb0bc0315d7e745c159971cbecc65e62e7d3f
777ab0cb5c6ffd6b2d455918b8df70fdb4c74ecb18d62f54be1afdaf3733c10d
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7fae575eb4f70e0631fc44d1903d09e7f8f82aa2839f2cd8df60ef170dbd71f4
80cb380eb82e70d01a20b206df7878d3cd63769afa75f194fce7081c421d86cc
8411e825967473432127a5dc6a18e391fec2ca13c68632841733ad322ceeafc5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8aba4509b7ad6addbbf031a95d30d9ca14933006d511750c08d9049382fb9438
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e63336037bea50c9887beee711d5776ac0906b701a435ba6a002caf1a724b91
9170f96d6133c832c41b8243196ad1955708ecb7f17e8d3dd0797d6a96ed6189
940ba8ebf1dd95c93a7a4e0eecc06e9f8f9d582152cc2abab53cc03380c930cd
94d948d51aee8c3f8f54fc1b38c675d5ea686d9fad295c8358ec6ace078ba359
972688e6f6c24d2b23019a796b19f90515ba5f4ff744747c072b79fa44de3432
98f567d4bac4c7484a2856ef850e5e530498edf065158eb88d2eb5f88f8d5254
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9d59318dbc0445735297ba2e769e2bc60358a0abfafe66f503ddc0a09610c28b
9edccf263907beddcbffa8334b74119cafa0ca91671b6007f94f091c2625d817
9ef4b3ee0798411af436abe571b0237d71d62ab1a48920f7063cd565c88e64d7
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a50bd5e5e93595496a0779a4d12f4d2076f9bded336eeda9b14574744a7286b2
a9f5c45cf9a0388838632336d53785a6c8d66840de32e63adef94dd4afee886b
aed6cc8f4c6336d72155e924b859b4cc286fffddd85cd03b88486edd980680cf
af6060c72348dc56d0593a9187996a762466f3b763d0c0ac406d7d173e8245c6
b12eec8b895f4b89c78e83b9a7ebe3685bf4867f6cabdc6d37e473d142b43e2a
b7c16a0ab0753c65e6ff50a569c325007e763af03a6aa207a36a5787137da21b
beb59db3eb2fca63bf5eab1f725e85b4b90a8ec6ebf99ed433f65c80f3f6cb0c
bff41bb579f669b886df8005e3d1b1914343b1fe0661a1db2ad7f744adaf2300
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caafb5658f1dbb8eb00a355fd2a403a41d04a92a757e65afe304a3286848779c
d04679d77355a36335b140458d79c8e66d4a24a6951dc364dfda2fedc922e9db
d410325ea36bda62368a9e46a730b05b4c71315f691738824324585e19ab52c2
d54891ba3097219a4b8f8428e046daeb723b89c2191c3b00c3fc96cbbbe01eab
d7d1eff7276fd0f5b56ac04549fd19fa3b0657f6dffc4d2418f23a612009029d
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea61599e69c89e0ed7d385b0363698ce8faf328971341fd58308adeb4e05cdb3
ec3484206cc9ca2bf89cd0f4015ae6de7c12af134efcb8100e2a67665d1bc32f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c
f00197924b7a9112a2b107dad644c261346900e769c3f37cd04cdadc3465dda1
f57e2b15941cc12762ac2364ea2b04dd3d7f0ea265fdc174d26c9958d8a62bb4
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f889865eae63c2a6ac1ffa70f050658844cd48d30fd3491415680b3afb0cbd1c
fad2b41a387ad2bff0c05ed1475f79529e13a17163eb6e36f8953822d96ded88

obywatelwie.click Open in urlscan Pro 2a02:4780:9:1263:0:2d6c:6275:10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

187 Requests

79 %HTTPS

49 %IPv6

43 Domains

71 Subdomains

49 IPs

9 Countries

4183 kBTransfer

7372 kBSize

26 Cookies

18 Outgoing links

Redirected requests

187 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

obywatelwie.click Open in urlscan Pro
2a02:4780:9:1263:0:2d6c:6275:10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

187
Requests

79 %
HTTPS

49 %
IPv6

43
Domains

71
Subdomains

49
IPs

9
Countries

4183 kB
Transfer

7372 kB
Size

26
Cookies

187 HTTP transactions
2 data transactions