earnme.club Open in urlscan Pro
104.21.42.166 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://clickcafe.in/MOJjz
Effective URL:
https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Submission: On October 14 via manual (October 14th 2021, 6:05:38 pm UTC) from IN — Scanned from DE

Summary HTTP 348 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 45 IPs in 8 countries across 34 domains to perform 348 HTTP transactions. The main IP is 104.21.42.166, located in and belongs to CLOUDFLARENET, US. The main domain is earnme.club.
TLS certificate: Issued by R3 on September 3rd 2021. Valid for: 3 months.

This is the only time earnme.club was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	172.67.143.56 172.67.143.56	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 19	104.21.42.166 104.21.42.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	172.217.16.138 172.217.16.138	15169 (GOOGLE) (GOOGLE)
1	104.126.37.184 104.126.37.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.32.99.54 13.32.99.54	16509 (AMAZON-02) (AMAZON-02)
32	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	142.250.185.72 142.250.185.72	15169 (GOOGLE) (GOOGLE)
17	199.80.53.188 199.80.53.188	40824 (WZCOM-) (WZCOM-)
3	18.233.250.173 18.233.250.173	14618 (AMAZON-AES) (AMAZON-AES)
10	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	142.250.186.174 142.250.186.174	15169 (GOOGLE) (GOOGLE)
1	104.126.37.155 104.126.37.155	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	52.206.167.40 52.206.167.40	14618 (AMAZON-AES) (AMAZON-AES)
1	141.95.4.196 141.95.4.196	16276 (OVH) (OVH)
3	184.30.25.105 184.30.25.105	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.160.76.96 54.160.76.96	14618 (AMAZON-AES) (AMAZON-AES)
1	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
4 28	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
15	142.250.186.161 142.250.186.161	15169 (GOOGLE) (GOOGLE)
61	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	67.202.105.24 67.202.105.24	32748 (STEADFAST) (STEADFAST)
48	142.250.184.193 142.250.184.193	15169 (GOOGLE) (GOOGLE)
8	142.250.184.234 142.250.184.234	15169 (GOOGLE) (GOOGLE)
1 13	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
12	142.250.72.99 142.250.72.99	15169 (GOOGLE) (GOOGLE)
4	64.233.167.154 64.233.167.154	15169 (GOOGLE) (GOOGLE)
5	142.250.185.161 142.250.185.161	15169 (GOOGLE) (GOOGLE)
3	108.128.225.113 108.128.225.113	16509 (AMAZON-02) (AMAZON-02)
1 12	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
4 4	142.250.74.206 142.250.74.206	15169 (GOOGLE) (GOOGLE)
8	173.194.188.102 173.194.188.102	15169 (GOOGLE) (GOOGLE)
2	173.194.188.39 173.194.188.39	15169 (GOOGLE) (GOOGLE)
8	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
3 5	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
2	173.194.188.6 173.194.188.6	15169 (GOOGLE) (GOOGLE)
1 3	3.125.90.12 3.125.90.12	16509 (AMAZON-02) (AMAZON-02)
1 1	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
5	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1 1	34.250.155.46 34.250.155.46	16509 (AMAZON-02) (AMAZON-02)
1	18.66.248.69 18.66.248.69	16509 (AMAZON-02) (AMAZON-02)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	91.228.74.226 91.228.74.226	16509 (AMAZON-02) (AMAZON-02)
1 2	104.18.12.5 104.18.12.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1 1	81.222.128.213 81.222.128.213	20597 (ELTEL-AS) (ELTEL-AS)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
1	184.30.25.193 184.30.25.193	16625 (AKAMAI-AS) (AKAMAI-AS)
2	70.42.32.127 70.42.32.127	13789 (INTERNAP-...) (INTERNAP-BLK3)
348	45

2 172.67.143.56 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

clickcafe.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
link.clickcafe.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 104.21.42.166 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

earnme.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.138 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f138.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.126.37.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-184.deploy.static.akamaitechnologies.com

tg1.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-54.fra60.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 199.80.53.188 (United States)

ASN40824 (WZCOM-, US)

aj2414.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.233.250.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-250-173.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.126.37.155 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-155.deploy.static.akamaitechnologies.com

player.avplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.206.167.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-167-40.compute-1.amazonaws.com

servt.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.4.196 (France)

ASN16276 (OVH, FR)
PTR: ip196.ip-141-95-4.eu

storage.de.cloud.ovh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.25.105 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-105.deploy.static.akamaitechnologies.com

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.160.76.96 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-160-76-96.compute-1.amazonaws.com

serv.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.250.186.162 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net

c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 142.250.184.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.184.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.196 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.72.99 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f3.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.233.167.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wl-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.128.225.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-225-113.eu-west-1.compute.amazonaws.com

unified.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.74.206 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f14.1e100.net

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 173.194.188.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s33-in-f6.1e100.net

r1---sn-4g5ednss.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.194.188.39 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s31-in-f7.1e100.net

r2---sn-4g5ednse.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.218.208.246 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.243 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.194.188.6 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s30-in-f6.1e100.net

r1---sn-4g5edns7.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.125.90.12 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-90-12.eu-central-1.compute.amazonaws.com

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

tapestry.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.155.46 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-155-46.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.69 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.226 (United Kingdom)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.12.5 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.222.128.213 (Russian Federation) 1 redirects

ASN20597 (ELTEL-AS, RU)
PTR: ad13.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.44 (United Kingdom) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.25.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-193.deploy.static.akamaitechnologies.com

images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.127 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
129	googlesyndication.com c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	675 KB
64	doubleclick.net 5 redirects securepubads.g.doubleclick.net bid.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net	2 MB
24	2mdn.net 4 redirects gcdn.2mdn.net r1---sn-4g5ednss.c.2mdn.net r2---sn-4g5ednse.c.2mdn.net s0.2mdn.net r1---sn-4g5edns7.c.2mdn.net	6 MB
22	gstatic.com fonts.gstatic.com csi.gstatic.com	191 KB
21	google.com 1 redirects adservice.google.com www.google.com	6 KB
19	earnme.club 1 redirects earnme.club	187 KB
17	aj2414.online aj2414.online	31 KB
14	googleapis.com fonts.googleapis.com imasdk.googleapis.com	505 KB
7	modoro360.com tg1.modoro360.com servt.modoro360.com serv.modoro360.com	9 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
5	adsafeprotected.com 1 redirects unified.adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com	10 KB
5	ampproject.org cdn.ampproject.org	103 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	googletagservices.com www.googletagservices.com	139 KB
4	purpleads.io cdn.purpleads.io api.purpleads.io	10 KB
3	outbrainimg.com images.outbrainimg.com log.outbrainimg.com	18 KB
3	myvisualiq.net 1 redirects t.myvisualiq.net	2 KB
3	aniview.com player.aniview.com	220 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	openx.net 1 redirects us-u.openx.net	488 B
2	33across.com ssc.33across.com ssc-cms.33across.com	294 B
2	google-analytics.com www.google-analytics.com	382 B
2	clickcafe.in 2 redirects clickcafe.in link.clickcafe.in	966 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	582 B
1	1rx.io 1 redirects sync.1rx.io	697 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	adriver.ru 1 redirects ssp.adriver.ru	340 B
1	adsrvr.org match.adsrvr.org	265 B
1	quantserve.com cms.quantserve.com	463 B
1	tapad.com 1 redirects tapestry.tapad.com	447 B
1	ovh.net storage.de.cloud.ovh.net	15 KB
1	avplayer.com player.avplayer.com	58 KB
1	gravatar.com secure.gravatar.com	2 KB
1	googletagmanager.com www.googletagmanager.com	49 KB
348	34

	Domain	Requested by
61	pagead2.googlesyndication.com	securepubads.g.doubleclick.net c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com tpc.googlesyndication.com 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com googleads.g.doubleclick.net fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com www.googletagservices.com
48	tpc.googlesyndication.com	c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com earnme.club 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com cdn.ampproject.org imasdk.googleapis.com b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com googleads.g.doubleclick.net
32	securepubads.g.doubleclick.net	earnme.club securepubads.g.doubleclick.net aj2414.online c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
19	earnme.club	1 redirects earnme.club
17	aj2414.online	earnme.club aj2414.online
13	www.google.com	1 redirects tpc.googlesyndication.com earnme.club 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
12	googleads.g.doubleclick.net	1 redirects b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com earnme.club eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
12	csi.gstatic.com	imasdk.googleapis.com
10	fonts.gstatic.com	fonts.googleapis.com
9	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
8	s0.2mdn.net	b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com earnme.club 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com s0.2mdn.net eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
8	r1---sn-4g5ednss.c.2mdn.net	imasdk.googleapis.com
8	imasdk.googleapis.com	c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
8	adservice.google.com	securepubads.g.doubleclick.net
7	googleads4.g.doubleclick.net	googleads.g.doubleclick.net earnme.club
6	fonts.googleapis.com	earnme.club c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com cdn.purpleads.io
5	ade.googlesyndication.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	servt.modoro360.com	earnme.club player.aniview.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	securepubads.g.doubleclick.net b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
4	gcdn.2mdn.net	4 redirects
4	bid.g.doubleclick.net	imasdk.googleapis.com
3	t.myvisualiq.net	1 redirects eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
3	unified.adsafeprotected.com	imasdk.googleapis.com
3	player.aniview.com	player.avplayer.com player.aniview.com
3	api.purpleads.io	cdn.purpleads.io
2	log.outbrainimg.com	cdn.purpleads.io
2	us-u.openx.net	1 redirects
2	r1---sn-4g5edns7.c.2mdn.net	fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
2	r2---sn-4g5ednse.c.2mdn.net	8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
2	b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com
1	images.outbrainimg.com	cdn.purpleads.io
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	ssp.adriver.ru	1 redirects
1	match.adsrvr.org	eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
1	s.tribalfusion.com	eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
1	static.adsafeprotected.com
1	pixel.adsafeprotected.com	1 redirects
1	tapestry.tapad.com	1 redirects
1	ssc-cms.33across.com	player.aniview.com
1	d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ssc.33across.com	player.aniview.com
1	serv.modoro360.com	player.aniview.com
1	storage.de.cloud.ovh.net	earnme.club
1	player.avplayer.com	tg1.modoro360.com
1	secure.gravatar.com	earnme.club
1	www.googletagmanager.com	earnme.club
1	cdn.purpleads.io	earnme.club
1	tg1.modoro360.com	earnme.club
1	link.clickcafe.in	1 redirects
1	clickcafe.in	1 redirects
348	64

This site contains links to these domains. Also see Links.

Domain
i
earn
rasik
wordpress.org
mhthemes.com

Subject Issuer	Validity	Valid
*.earnme.club R3	`2021-09-03` - `2021-12-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
wl1.aniview.com R3	`2021-10-11` - `2022-01-09`	3 months	crt.sh
*.purpleads.io Amazon	`2020-12-31` - `2022-01-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
aj2414.online R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
outstreamedia.com R3	`2021-10-12` - `2022-01-10`	3 months	crt.sh
*.adservrs.com Amazon	`2021-02-02` - `2022-03-03`	a year	crt.sh
storage.de.cloud.ovh.net Sectigo RSA Domain Validation Secure Server CA	`2021-03-11` - `2022-03-11`	a year	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-02-23` - `2022-02-27`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-09-28` - `2021-12-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
wrapper-vast.adsafeprotected.com Amazon	`2020-12-18` - `2022-01-16`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-09-28` - `2021-12-07`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.myvisualiq.net Go Daddy Secure Certificate Authority - G2	`2020-12-12` - `2022-01-13`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.outbrainimg.com DigiCert SHA2 Secure Server CA	`2021-05-04` - `2022-05-09`	a year	crt.sh

This page contains 53 frames:

Primary Page: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Frame ID: A340FF25DE75BA07675AB797F48BC38B
Requests: 50 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6114dbdb1f8b0669e215b7e4
Frame ID: B36E4633A1389D35D336B7D34B5603E9
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 601948661C1CA9A1B6439F1F3658B82A
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 3244B754F041FBB80EA9BC7482A48A32
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 7362C6F004EA831B05094FC128D40C10
Requests: 8 HTTP requests in this frame

Frame: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 0382CC73CCF1B523C2DB3A4D3DCEB7A4
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: ED8FACA443A524440A7186FD1A52113C
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 692A7430A2F727E38253715D7D394A78
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: A1A066C05EA3863CEAFFA263CF09FCA3
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: C6DB9EC825D9DBF9582845553E02DC42
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 91323CFB83B2742F3E3670C37FA89DC5
Requests: 8 HTTP requests in this frame

Frame: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6F26389D25F47A7202B068212AB003E0
Requests: 1 HTTP requests in this frame

Frame: https://d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 8CA221D59EFB69171102E1CF2EF92005
Requests: 1 HTTP requests in this frame

Frame: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6CFAC337EE75F529301EDC42E7A50A6E
Requests: 1 HTTP requests in this frame

Frame: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: EF3EA132D5A6DC1DC22F834DA169D4F6
Requests: 1 HTTP requests in this frame

Frame: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 5585B012DA4A107BEFB2D3E6015BA4DB
Requests: 1 HTTP requests in this frame

Frame: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3AECD967B88E50C387F4DE168C710D1F
Requests: 1 HTTP requests in this frame

Frame: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: A4140A457C64EAEB5AA6B8327D9483C6
Requests: 1 HTTP requests in this frame

Frame: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B68EB4946D6599B8238772E762829AD7
Requests: 43 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=cFJaFg4dmr64KsaKjGFx_2&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 877CD12DF377A6EE23836A69ACB96595
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: D516CEC4AEAE882E6ED7812FB43F297D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D4DC98CF695035E5A4D8D08804A999DD
Requests: 2 HTTP requests in this frame

Frame: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4A2D798AEB5CEEC379E2718E745CC33B
Requests: 18 HTTP requests in this frame

Frame: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2495EE2D079D3670208B0A1910FB50EC
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 2E1485888247B984D8108D9D2D65896A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A42F155015BDDBFF6F014B499DFD3FE7
Requests: 2 HTTP requests in this frame

Frame: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: FC8C0860A343CEF631AE1E5A6E00DC25
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 1F70FD9A0D2DF619BFE8B53320D5E61E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 830DB931E64A8A5DA5367016116CC2A1
Requests: 2 HTTP requests in this frame

Frame: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 5C904753D61767C1E63CC5E1FB3654EA
Requests: 17 HTTP requests in this frame

Frame: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6A23192E18FF5165984006ED1FE86A1E
Requests: 18 HTTP requests in this frame

Frame: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: A47F988602ACDFDA93C7ABF8CD293C64
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 551FEDD58C1B29BFB80ECC1E51AAF0F9
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLrYRBC9x2UY4O39iAEwAQ&v=APEucNUeWYkOEFAWSWnCCWRdgGhFOyrF3OVDLRdmzdME1YGAcovdIEhU0oMP-SioqTdu5vPjMauTASC-B_Vf901lSPnhmbt9cA
Frame ID: 5B16AACE3A30BBBB4DCAD6C8739EF2C5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: DDEFE6443D62B425EDDD6A3404498E53
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 54E57CA84363066BC4CACEDEFB62F624
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaQJxCz3bABGLDY7bUBMAE&v=APEucNXvwEkbon1lanceFKfJsN_CU0OGO6x1-dnd2B0keNPBiDCKyGPVrHTpo5lveXJ_rgStjug421pB7eBSekJyiyp-Qg-DNw
Frame ID: 13486D9877596D1050DF14FD8FEC682C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLrYRBCZ6FgYs93VjgEwAQ&v=APEucNVx-VTQM6ze7By-gQRhMPt07B3QgfYqgSerP277NdAxmNc7Ohjut7bv8JJoArKaSXdjWl2Ayol3IeLja3IM5mpvdlSHaw
Frame ID: D8AFA4761F9EB617F0ED9CDBE55FCB5A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 2615945D549FAA8E1D6289EE301E31DF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1DBB75B89B3530E1E2088D2B7A9150AD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 9BE8886C8A1DAC9A57BEC6513F51F5CE
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7AAD785B3B5788A91B9871352AAFD1FE
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: FD8F57601B6D11245C074397C009BE08
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 42A78036EB2EA318DFE9A6B02D7F42C6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 42F44ABB476102B0D62429EA238CD647
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: A86CD7867A4DFF90647D12988F6CDA46
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html
Frame ID: E1F305610A192D1049DF88E7A51617B9
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3B3E395B1F80E84C2A611B41162816E0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CF50089B61A57DBB512F49CFA234EC4A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 01DD1F9BA836826AC261DE751650A6C0
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: DDE4488BF242821D3BF4FC1C09CE5357
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 510C15AB033A8125ABA1A1644A186B0C
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: 0A93B3AEB5D5AAA3209C709FA37A7B5C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AirBass Z1 TWS from Boult launched for Rs 1599 – Tech One

Page URL History Show full URLs

https://clickcafe.in/MOJjz HTTP 301
https://link.clickcafe.in/MOJjz HTTP 301
http://earnme.club/?link=MOJjz HTTP 301
https://earnme.club/?link=MOJjz Page URL
https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

348
Requests

99 %
HTTPS

0 %
IPv6

34
Domains

64
Subdomains

45
IPs

8
Countries

10212 kB
Transfer

17095 kB
Size

26
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://i%20have%20no%20websites%20bro/
Title: Sarbash

Search URL Search Domain Scan URL

URL: http://earn%20me.%20com/
Title: Saminda

Search URL Search Domain Scan URL

URL: http://rasik%20reo/
Title: Rasik

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

URL: https://mhthemes.com/
Title: MH Themes

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://clickcafe.in/MOJjz HTTP 301
https://link.clickcafe.in/MOJjz HTTP 301
http://earnme.club/?link=MOJjz HTTP 301
https://earnme.club/?link=MOJjz Page URL
https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://clickcafe.in/MOJjz HTTP 301
https://link.clickcafe.in/MOJjz HTTP 301
http://earnme.club/?link=MOJjz HTTP 301
https://earnme.club/?link=MOJjz

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 168

https://gcdn.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/5DAAA61FDF543841B3070A19214226ED8F783703.A9BDCB3900394248F5CBC3BE2ABE5D3279A6A1E2/key/ck2/file/file.webm HTTP 302
https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0B88535CE7AA74A6CC2EAE2341702677EEB4D919.4AA0C99D39CFBE07FA1C663901C41F6FC7A280A3/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm

Request Chain 183

https://gcdn.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/5DAAA61FDF543841B3070A19214226ED8F783703.A9BDCB3900394248F5CBC3BE2ABE5D3279A6A1E2/key/ck2/file/file.webm HTTP 302
https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/306F222EB974C5801524B04CF9B7D1FF46F2F97A.690D02880AEE7E5E1BBBD8C230EFF01ADFA5DEBF/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm

Request Chain 223

https://gcdn.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/708F6E51E58FB2FB21E6DB115FACF707EF24977A.A919B86A5DC608475325D6BA8F78E03A7FBC0019/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5ednse.c.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/122A11DE37CDB7F32ED17D2D327C3C53A9E927B5.48679BB8F8BB2B60699D9B0AB7E57349DCC29AC6/key/cms1/cms_redirect/yes/mh/lr/mip/216.131.114.25/mm/42/mn/sn-4g5ednse/ms/onc/mt/1634234338/mv/u/mvi/2/pl/24/file/file.mp4

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1&C=1

Request Chain 257

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWhxabOmhdBDuKxLat2uzQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1

Request Chain 258

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMU85QnziDnRCrFTR9MPqoA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMU85QnziDnRCrFTR9MPqoA%26google_cver%3D1

Request Chain 259

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ2NzY2NDE5MjgzOTQ4NTI1Ng%3D%3D

Request Chain 265

https://gcdn.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/51ACFAA61138983067885F656230F47029EC53AE.934215D82D5828935540FC1DBF2FC49627FF6EBA/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5edns7.c.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/1D49D1C091E90C08F862B9A352905A35F6A07940.4CDB6E10C1DA09F25A627862AF668F16EE6FAACB/key/cms1/cms_redirect/yes/mh/0D/mip/216.131.114.25/mm/42/mn/sn-4g5edns7/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.mp4

Request Chain 268

https://t.myvisualiq.net/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i HTTP 302
https://t.myvisualiq.net/ul_cb/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i

Request Chain 271

https://tapestry.tapad.com/tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D HTTP 302
https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_aea50768-3c1b-4778-9dc6-ed1b440cb393

Request Chain 296

https://pixel.adsafeprotected.com/rfw/st/774604/57264043/skeleton.gif?xmtp=v&xmapp=0&xsId=76ad6f45-c27c-4f04-8912-476e860ec8a7&blockedAdTracking=https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvERamocrzFxWc7tFQ0Z_vlBMXkcLKvDHNk6ZGjj-RCGcCu82oWiKin0HqhQAsBv7oyojE1IKI3i_WsHPBKPhzJIynRXG3c8dwnn-3c8_RqwSkZ5nMaq70y2qMiWg&sai=AMfl-YQP7xjB1yACDzKVWA7Aej5pYaUTFatEmm1Rz1uimldrgEXUKK7FQF5nfdHu50878DXnZEZaoKR2xZrm9GghXnyDqG6ElRaxxSS34SM&sig=Cg0ArKJSzEN1LXnN_w2xEAE&urlfix=1&vt=13&adurl=&ias_xappb=[ctv_appid]&mon=57264043&redirectedRetries=0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 298

https://googleads.g.doubleclick.net/xbbe/pixel?d=COefRxCA_O0CGNXhhacBIAEwAQ&v=APEucNWHEqecKLXv5uEgjC6tIn8dRQcaF2wfCgTfGXxiMqblKr1AO6XV_ECH4UNALLC-TIOygTt_U9PWRspDdThVgdtsKQfgyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBjc5Vje-TSxdrvQCjiRvWg&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEBjc5Vje-TSxdrvQCjiRvWg&google_cver=1

Request Chain 311

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHVCzYcIxVjNUUbNK2WPAyw&google_cver=1&google_push=AYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHVCzYcIxVjNUUbNK2WPAyw&google_cver=1&google_push=AYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 313

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEGx5-fWrbpmrqld34JyPnvY&google_cver=1&google_push=AYg5qPJUh7tm8yT-9wMJtpdB38p_dHjp7rSg70D2tI2OsMzOz0YyfdbZwEbkqHFjbG-d3ynDCVucLcPAKJH1KfD3JdHyz4nA9lTx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJUh7tm8yT-9wMJtpdB38p_dHjp7rSg70D2tI2OsMzOz0YyfdbZwEbkqHFjbG-d3ynDCVucLcPAKJH1KfD3JdHyz4nA9lTx&google_hm=QUxBMVB2S3dRbEpyd2oxd3plWjdxU1E=

Request Chain 314

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEIKomR3F4ICoft1rmciZd0&google_cver=1&google_push=AYg5qPIamdMF6aY5ddXv5ElSKb6dwMSu2J76vYK8vq3JZI1k056RkPuxDjqryhRJqn7_0Por7hm9tSrzBrToSBEzYAaK8AGKC1os HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VSOTVXRkgtMjgtRlNGRQ==&google_push=AYg5qPIamdMF6aY5ddXv5ElSKb6dwMSu2J76vYK8vq3JZI1k056RkPuxDjqryhRJqn7_0Por7hm9tSrzBrToSBEzYAaK8AGKC1os

Request Chain 315

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k

Request Chain 316

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEOH_LRZqoU8KTVmWVhc50yw&google_cver=1&google_push=AYg5qPJ7kcFLSfvBrfnxminKuVy0q-9PcYGqI87-UY2GTmS7nod_3JBdjzmxUwK47o8UQ-Ari2s606n4ZR3ZwtNOAL05L0SgA_x- HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-a898ea19-5848-480c-b90f-4245fd88683f-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ7kcFLSfvBrfnxminKuVy0q-9PcYGqI87-UY2GTmS7nod_3JBdjzmxUwK47o8UQ-Ari2s606n4ZR3ZwtNOAL05L0SgA_x-%26google_hm%3DA6iY6hlYSEgMuQ9CRf2IaD8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ7kcFLSfvBrfnxminKuVy0q-9PcYGqI87-UY2GTmS7nod_3JBdjzmxUwK47o8UQ-Ari2s606n4ZR3ZwtNOAL05L0SgA_x-&google_hm=A6iY6hlYSEgMuQ9CRf2IaD8

348 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
earnme.club/
Redirect Chain

https://clickcafe.in/MOJjz
https://link.clickcafe.in/MOJjz
http://earnme.club/?link=MOJjz
https://earnme.club/?link=MOJjz

2 KB
1 KB

428ms
387ms

Document
text/html

104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/?link=MOJjz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: earnme.club
:scheme: https
:path: /?link=MOJjz
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 14 Oct 2021 18:05:25 GMT
content-type: text/html; charset=UTF-8
link: <https://earnme.club/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zerMiu3nJf7oEGPkWtIpaaZYlCqtiK28zZXfY%2F4PedIxV2syZ66QH7lXNhoY6I1qOeRAFat%2BGU%2BMDEiI1mLd9zWuKmXA%2BUN6CquZhf75sJaNUAzI%2F%2F%2F9HrEjjG5riA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69e2bc5ae87327b8-PRG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date: Thu, 14 Oct 2021 18:05:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 14 Oct 2021 19:05:25 GMT
Location: https://earnme.club/?link=MOJjz
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IHde6GSQmvDlmB5Iz%2BkHboFZ0DhitZU3L4%2Bh31jxWB9KwebR5HH6AyM7dsJzQVaG3j33T6%2BKrd3N92DMwXaLLMU4MYt8tCuWujU8A8HpI%2BsAqYZbOQK9I1wBDZqWZw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 69e2bc5a8dd8278c-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 fuckadblock.js
earnme.club/wp-content/plugins/wp-safelink-v3/assets/ 6 KB
2 KB 23ms
23ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-content/plugins/wp-safelink-v3/assets/fuckadblock.js
Requested by: Host: earnme.club
URL: https://earnme.club/?link=MOJjz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /wp-content/plugins/wp-safelink-v3/assets/fuckadblock.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/?link=MOJjz
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/?link=MOJjz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2655
cf-polished: origSize=7171
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 17 Dec 2020 11:29:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFGa%2FWjA1Gt7Oq9u8HXHISCOylJxjkRRSeDKAbKGsgzalpbQrIDpo7k0xlWjuf%2FrPMigPnw8B4AJEILnCGQPqADz5kBHpRcetAfppMat2C80WK2%2BQ3kNGKukzQx%2BfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69e2bc5de9f027b8-PRG
cf-bgj: minify

POST
H2 200 Primary Request / Show response
earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/ 30 KB
9 KB 165ms
164ms Document
text/html 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c95c768fb5daacaa981ee1b7e3002c3cc4e10388673a7a11a82574b85e4305a9

Request headers

:method: POST
:authority: earnme.club
:scheme: https
:path: /airbass-z1-tws-from-boult-launched-for-rs-1599/
content-length: 788
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://earnme.club
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://earnme.club/?link=MOJjz
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://earnme.club
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/?link=MOJjz

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://earnme.club/xmlrpc.php
link: <https://earnme.club/wp-json/>; rel="https://api.w.org/" <https://earnme.club/wp-json/wp/v2/posts/62>; rel="alternate"; type="application/json" <https://earnme.club/?p=62>; rel=shortlink
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5ClhSNKfAxYLrd%2BEmGoCCQfx4yDpZ21%2FsUvUMTzpETBjRjPLpSENgRradGEFSyzZNv6FNeBqeHapCPVDiORw30V2C2R26NYs8xkkFJ66OnfBn68tgvOej3YjzunTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69e2bc5de9f227b8-PRG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 style.min.css
earnme.club/wp-includes/css/dist/block-library/ 53 KB
8 KB 23ms
23ms Stylesheet
text/css 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-includes/css/dist/block-library/style.min.css?ver=5.5.6
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.5.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 27 Aug 2020 18:00:38 GMT
server: cloudflare
age: 2654
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNN8LHSHT63lr6j41WVYSMuYpk3xCHJTU70ZBBawPHKEVuDahWA7duWERc200F9SdOaZZ7hwrFZykV7j%2BD1Qlwm6kxmNuxgHv%2BMJ8odkWFroznQOgb%2Bx1m20qJ5KWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69e2bc5f3dbc2774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 10 KB
2 KB 353ms
15ms Stylesheet
text/css 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,700,600

Requested by

Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f138.1e100.net

Software

ESF /

Resource Hash

d2207aa81a9bceb80bcaea2d0d98f49fd24e35ed34c276ffecfe497e42ef1036

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 17:18:25 GMT
server: ESF
date: Thu, 14 Oct 2021 18:05:26 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 18:05:26 GMT

GET
H3 200 style.css
earnme.club/wp-content/themes/mh-magazine-lite/ 37 KB
8 KB 24ms
23ms Stylesheet
text/css 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-content/themes/mh-magazine-lite/style.css?ver=2.9.0
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c013d3fb73112b051523c0798ab7ec22c3120ffb2742b4c9b45e6ca0fd1f9f7

Request headers

:path: /wp-content/themes/mh-magazine-lite/style.css?ver=2.9.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2654
cf-polished: origSize=45583
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 20 Jun 2021 14:26:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkiaBH%2B1sucp%2BUF%2FTkEjeoX9ykCGRYkUGVOETgVW9QLI9nt7W%2F%2Fo%2BGk%2FWJyDLXq613FOqAepBYjgu1VE9W6NJhVlo8bvokyEeuHJ9E523Qz4bLyGq8K3clVhHRmz9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69e2bc5f3dbf2774-PRG
cf-bgj: minify

GET
H3 200 font-awesome.min.css
earnme.club/wp-content/themes/mh-magazine-lite/includes/ 30 KB
7 KB 37ms
37ms Stylesheet
text/css 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

:path: /wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Jun 2021 14:26:21 GMT
server: cloudflare
age: 2654
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiHBsfp5Tu5ZbDsIclwqJa6Q9g8yveaj1bLDUlR3TkraWrQ28hoypi5FIhGW7NRhVanr%2F8W0aQSXNJcP0zvf1RAPlspgO7VTLpuAqwYnZgHP9PzlryxpLYaF6dEt9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69e2bc5f3dc02774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 jquery.js Show response
earnme.club/wp-includes/js/jquery/ 95 KB
35 KB 37ms
37ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

:path: /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2654
cf-polished: origSize=96873
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=clyM21pRviS7Wdn%2FycpODJfQ3f0Bae86nibHOPkdnfblQzN6cn5X4kABd6JoNnydp26eq%2BkuSb9qIR4JbA4YPI%2B%2FIEvwp2OJs8mSfzZoqiK%2B4fpZ7iXndbmc%2Fuzi8w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69e2bc5f3dc12774-PRG
cf-bgj: minify

GET
H3 200 scripts.js Show response
earnme.club/wp-content/themes/mh-magazine-lite/js/ 36 KB
12 KB 53ms
53ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.0
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ce57bd0fa2624bc5eac3701da8c04e315f177fc440ef4a9f46bb0699f942c34

Request headers

:path: /wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2654
cf-polished: origSize=37321
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 20 Jun 2021 14:26:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ZFedvHEyFG9XUP8n6RoR4CBgggaOZ7EbPkvfzxOlt6%2F7VPNc2pEajgDFlRrINOCunCgZd%2F4JQ5xQpVOM3H%2B%2B21Qqh4nYlzw56p2H75iOS48qViaOU%2BgBZRgP%2BHJBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69e2bc5f3dc22774-PRG
cf-bgj: minify

GET
H/1.1 200
OK spt Show response
tg1.modoro360.com/api/adserver/ 19 KB
6 KB 204ms
150ms Script
text/javascript 104.126.37.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tg1.modoro360.com/api/adserver/spt?AV_TAGID=6114dc90d1bead46fe092d17&AV_PUBLISHERID=6114dbdb1f8b0669e215b7e4
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bc506f4274ef8991a6310a3f08e9f050e3ea16267ef8ddd56cdea636caf8832e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:26 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS, INDEX
Content-Type: text/javascript
Cache-Control: max-age=300
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With,avsptstaging
Content-Length: 5401
Expires: Thu, 14 Oct 2021 18:10:26 GMT

GET
H2 200 load.js Show response
cdn.purpleads.io/ 23 KB
7 KB 343ms
6ms Script
application/javascript 13.32.99.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-54.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b3788bb602d752bf7bed3d0342490f06f600764d9a461226aa6737ffb9209392

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 18:06:55 GMT
content-encoding: gzip
last-modified: Tue, 22 Jun 2021 08:40:36 GMT
server: AmazonS3
age: 90024
etag: "6f7844e83aefcd39625c83ff38c9b5d1"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 6604
x-amz-cf-id: ImBWsjOuWsf54JZc7hoeGSlJ6FLlNQGPjIS4m9kwE6leqiFsi8ISxA==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 53ms
25ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

af7e40dfa1546d4357ecc537451ed7e486826423640d19f8c2bd1f0f25b56df6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 779 of 1000 / last-modified: 1634209622"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27163
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:26 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 123 KB
49 KB 48ms
22ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LY1N2M6E7Y

Requested by

Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

dec9054a94349bf2b2ad6e46ae3eb0032eac23c5517bf147799abea3b41be9ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49436
x-xss-protection: 0
expires: Thu, 14 Oct 2021 18:05:26 GMT

GET
H3 200 wp-emoji-release.min.js Show response
earnme.club/wp-includes/js/ 14 KB
5 KB 25ms
24ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-includes/js/wp-emoji-release.min.js?ver=5.5.6
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.5.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Jun 2021 14:24:54 GMT
server: cloudflare
age: 2653
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWYqkIfxPUvtm5oV1CSSRuyVcdU7414vTrKJiNjtrFYvaci6czS16wwhxswfRIBk9A5eDY4L8Bkddd5yAiTQ57ivhaGsLwwGBLXAWCZZPc4VbzHLRe3p1mChdnqdjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69e2bc618e702774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200 024852e0.js Show response
aj2414.online/ 36 KB
13 KB 636ms
252ms Script
application/javascript 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/024852e0.js
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 20aaddfcd175634f6fa953d1da8c2aa312a61b9ff81072f2b7064fc0c0ea35db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: gzip
transfer-encoding: chunked
accept-ranges: bytes
etag: "0c56f87f74136f83923a6983e69fb7a0f"
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 wai.png
earnme.club/wp-content/uploads/2020/12/ 2 KB
3 KB 21ms
20ms Image
image/png 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://earnme.club/wp-content/uploads/2020/12/wai.png
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 806452f1b480eeeadffcc371cb695fc34d6accba5ebaab95fe8c7b50d8d6061b

Request headers

:path: /wp-content/uploads/2020/12/wai.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
cf-cache-status: HIT
last-modified: Sun, 20 Jun 2021 14:35:08 GMT
server: cloudflare
age: 2653
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVoWjLOAKs3MnsiHc37S8QIwFkL6gBwBCmwZB1pesVGBNgBVtvbb1XmuctPvR4S8ym0cmCMQbzDGrcaol4yJ2VM5obH%2B6DlENrnKcCNImzWK6Brr%2FAmK36IPq%2FqQ6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69e2bc618e712774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2178

GET
H3 200 download-2021-03-24T065937.621-1-1.jpg
earnme.club/wp-content/uploads/2021/03/ 5 KB
6 KB 352ms
351ms Image
image/jpeg 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://earnme.club/wp-content/uploads/2021/03/download-2021-03-24T065937.621-1-1.jpg
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f65104f0574974a4564e90a06d8e76efa8041483b0522a71939072e1fccf4de

Request headers

:path: /wp-content/uploads/2021/03/download-2021-03-24T065937.621-1-1.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
cf-cache-status: MISS
last-modified: Sun, 20 Jun 2021 14:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZe%2B2Z05KNARyikuMuCvn7duccx8XXvgsdLY4ceqQWHnff6PGu61oGZNWtFK2P%2Bcjzu4QzaJfS8SGqoOiiLr1IRZpeBv5Nu6ubGrqeeota3rhgO9r%2BdZ%2FD23mHRqgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69e2bc618e722774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5158

GET
H3 200 tg.png
earnme.club/wp-content/uploads/2020/12/ 2 KB
3 KB 21ms
20ms Image
image/png 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://earnme.club/wp-content/uploads/2020/12/tg.png
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db0c5a52f4b6afff48b7539fa61041a99ad04208363b200833d38688a6678dd

Request headers

:path: /wp-content/uploads/2020/12/tg.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
cf-cache-status: HIT
last-modified: Thu, 03 Jun 2021 13:37:58 GMT
server: cloudflare
age: 2653
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=maTtgzidh4xNfmL94FgUWO8XLDWxH%2B8wgOj5kIvz2BQg9c7JhsxFKLH%2B4AuwHRA0rZUwWLRznK1Id1bunQjZtIcYt%2BxFNLVyo1zjiKlIizJ1fv6SvxZM99NLaEebyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69e2bc618e732774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2178

GET
H3 200 fuckadblock.js Show response
earnme.club/js/ 6 KB
2 KB 21ms
21ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/js/fuckadblock.js
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5aea6792c807cf687f4c33074139aabbafb9af1d0b61e6b41dbe7cae8a64d7a

Request headers

:path: /js/fuckadblock.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2654
cf-polished: origSize=7171
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 17 Dec 2020 11:23:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8EgQ6zng2WHFmQ34qxt8%2BQ3NSok56PzlYWmchhAs1nxcQeda0iYZrt0IolPzqmL2FKrryoS0E%2FB%2BDkISKlJ9yQQ2FDJDMk4CGuqB9AOuuu26V0issNrA5%2BGBCBtdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69e2bc616e662774-PRG
cf-bgj: minify

GET
H3 200 comment-reply.min.js Show response
earnme.club/wp-includes/js/ 3 KB
2 KB 21ms
20ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-includes/js/comment-reply.min.js?ver=5.5.6
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Request headers

:path: /wp-includes/js/comment-reply.min.js?ver=5.5.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Jun 2021 14:24:54 GMT
server: cloudflare
age: 2653
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zL8%2FNztDW5oWtbQiV8FNaPy0SpMQYZQW9M7HrJXOe9UTUBBN6Cww7VqLwYoaWo7iHNfLK38ONH9gOto9WvasgAaZyVfuuZTUlTqAJ3MQCuBLdJL9GjWk3tDZ0afphA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69e2bc616e6b2774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 wp-embed.min.js Show response
earnme.club/wp-includes/js/ 1 KB
1 KB 20ms
19ms Script
application/javascript 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-includes/js/wp-embed.min.js?ver=5.5.6
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.5.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Jun 2021 14:24:54 GMT
server: cloudflare
age: 2653
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MfR2xgJxOBHT99OMjj6s%2Bw5HBSX8GDa78IarFiI3wauKIm4h5bUbCejf5UJ90X6s8BjqEycX0cGa82JAA8krSQq3Ut5BKI1UUtRE6ojYnr8U5FW5pHcJrYQ9vM757g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69e2bc617e6f2774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 400ms
195ms Preflight 18.233.250.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1634234726633
Protocol: H2
Server: 18.233.250.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-250-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 85ff962e-2665-4ef4-b640-94317c83a29a

GET
H2 200 / Show response
api.purpleads.io/x/ 9 KB
3 KB 3803ms
3591ms Fetch
application/json 18.233.250.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1634234726633
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.250.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-250-173.compute-1.amazonaws.com
Software: /
Resource Hash: b9a894e4b69451ad2d50899ce9ccb489cb9bd87af0c35c1e3f615e776b924e23

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
x-request-url: aHR0cHM6Ly9lYXJubWUuY2x1Yi9haXJiYXNzLXoxLXR3cy1mcm9tLWJvdWx0LWxhdW5jaGVkLWZvci1ycy0xNTk5Lw==
Accept: application/json
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.10

Response headers

date: Thu, 14 Oct 2021 18:05:30 GMT
content-encoding: gzip
etag: W/"25b0-+TW7yka9PRMtnKNH8YmoRAMI3hE"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
x-request-id: 6d9995bb-f283-4885-bb59-ea297df11a3e

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ 44 KB
44 KB 28ms
7ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,700,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://earnme.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:04:31 GMT
x-content-type-options: nosniff
age: 3655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44760
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 16:50:17 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 14 Oct 2022 17:04:31 GMT

GET
H3 200 fontawesome-webfont.woff2
earnme.club/wp-content/themes/mh-magazine-lite/fonts/ 75 KB
76 KB 22ms
22ms Font
font/woff2 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://earnme.club/wp-content/themes/mh-magazine-lite/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: earnme.club
URL: https://earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

:path: /wp-content/themes/mh-magazine-lite/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
origin: https://earnme.club
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: earnme.club
referer: https://earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
Origin: https://earnme.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
cf-cache-status: HIT
last-modified: Sun, 20 Jun 2021 14:26:21 GMT
server: cloudflare
age: 2653
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mdHchb%2BFCrXuTm3SyiaQD%2F47H9P7J5dE9sEZvJzPEhhU%2FHadQYujxfqzZMkbF6wrD5nDqkG%2FyxZZIrpiX456G8MdIPfYlRYkOdx%2BuF91pfSebdq%2BLj%2FeJFcUp%2FiFAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69e2bc61be902774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 77160

GET
H3 200 download-2021-03-24T065328.162-1-1-80x60.jpg
earnme.club/wp-content/uploads/2021/03/ 2 KB
3 KB 384ms
383ms Image
image/jpeg 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://earnme.club/wp-content/uploads/2021/03/download-2021-03-24T065328.162-1-1-80x60.jpg
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0906ae990495b37aad25f47e13629d282ec80ff21461ca688902ff0c163b1f18

Request headers

:path: /wp-content/uploads/2021/03/download-2021-03-24T065328.162-1-1-80x60.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
cf-cache-status: MISS
last-modified: Sun, 20 Jun 2021 14:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWoF9zBYSp75q%2FgTX1tiHPCxczokSLa6K9JIQ5gtIgMwFOGoby28XotDWrVKicOlZZPMgZ5nOriu0i2rgCBPp1ls96qkmaXJQLMId7LdeXWzLg9ZHTii%2FN%2F5XaLEhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69e2bc621ea62774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2137

GET
H3 200 images-34-1-1-80x60.jpg
earnme.club/wp-content/uploads/2021/03/ 2 KB
3 KB 351ms
350ms Image
image/jpeg 104.21.42.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://earnme.club/wp-content/uploads/2021/03/images-34-1-1-80x60.jpg
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.166 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f2abda14bf95d8ef376b680f779482c5dbac38a7a3cf9df25b497a1e0828ec6

Request headers

:path: /wp-content/uploads/2021/03/images-34-1-1-80x60.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: earnme.club
referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
cf-cache-status: MISS
last-modified: Sun, 20 Jun 2021 14:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9HNpD70i%2ByMjAqKO%2BVxtWc3evhU9eEzZfhP7da3ARxdzGyIbcCrtytS2rlBsIa%2BM3Wa4tQtZWVFgXes6WYvDIijcpKw5XoT4qNlJwSmmUttlEuwZ9Tzvbb2R48n7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69e2bc621ea72774-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2480

GET
H2 200 e5a06e3365f070c5a204c3e3b6111bf9
secure.gravatar.com/avatar/ 1 KB
2 KB 29ms
6ms Image
image/jpeg 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/e5a06e3365f070c5a204c3e3b6111bf9?s=80&d=mm&r=g
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 2cdc7482af3176d3c41e97a312dcf7e679a5b3b49b32c5ad4642c5b30e1b6017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 14 Oct 2021 18:05:26 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="e5a06e3365f070c5a204c3e3b6111bf9.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/e5a06e3365f070c5a204c3e3b6111bf9?s=80&d=mm&r=g>; rel="canonical"
content-length: 1323
expires: Thu, 14 Oct 2021 18:10:26 GMT

GET
H3 200 pubads_impl_2021101202.js Show response
securepubads.g.doubleclick.net/gpt/ 367 KB
124 KB 33ms
19ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101202.js?31063161

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

1f56ed761ba8fa2864cc4178d9d0aa6f48f64cb5cd4ed29da0a8366c7c9a14a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126598
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 19:41:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:26 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 138 B
127 B 45ms
31ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

7d0275f5466da4818361c6d387a2264854a4c5efd927733bc16402f6ba81dfd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102
x-xss-protection: 0
expires: Thu, 14 Oct 2021 18:05:26 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
365 B 36ms
13ms Ping
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LY1N2M6E7Y&gtm=2oead0&_p=1385684366&sr=1600x1200&ul=en-us&cid=1283393647.1634234727&_s=1&dl=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&dr=https%3A%2F%2Fearnme.club%2F%3Flink%3DMOJjz&dt=AirBass%20Z1%20TWS%20from%20Boult%20launched%20for%20Rs%201599%20%E2%80%93%20Tech%20One&sid=1634234726&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LY1N2M6E7Y
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://earnme.club/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 avcplayer.js Show response
player.avplayer.com/script/2/v/ 241 KB
58 KB 49ms
8ms Script
application/javascript 104.126.37.155
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.avplayer.com/script/2/v/avcplayer.js
Requested by: Host: tg1.modoro360.com
URL: https://tg1.modoro360.com/api/adserver/spt?AV_TAGID=6114dc90d1bead46fe092d17&AV_PUBLISHERID=6114dbdb1f8b0669e215b7e4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.155 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-155.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 142d085939eff84bb1b7ca0a9707f6f6efc6c9b762fdf6616fce54901ef84663

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:26 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsOzrw_ImvELZCarBAeKgPgLrFvigfuF1cWt7yuYhA0Xz2Pq6rCxhC-nDSt1XgM2BOxhYKd_7cENqrf-SgBKY0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 58570
last-modified: Wed, 29 Sep 2021 08:43:54 GMT
server: UploadServer
etag: "8d50b39b3410c52ab3209b6ce2e74d33"
vary: Accept-Encoding
x-goog-hash: crc32c=PSTABg==, md5=jVCzmzQQxSqzIJts4udNMw==
content-language: en
x-goog-generation: 1632905034632137
cache-control: public, max-age=300
x-goog-stored-content-length: 58570
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 14 Oct 2021 18:10:26 GMT

GET
H2 200 track
servt.modoro360.com/ 0
71 B 326ms
98ms Image
text/plain 52.206.167.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?pid=6114dbdb1f8b0669e215b7e4&cid=6114dbec10453b5f0e60bac4&cb=1634234726870&r=earnme.club&stagid=6114dc90d1bead46fe092d17&stplid=6049d3f140d88e45f4252456&d35=&e=playerLoaded
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.167.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-167-40.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK favicon.ico
storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/js/ 15 KB
15 KB 68ms
20ms Image
image/x-icon 141.95.4.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.de.cloud.ovh.net/v1/AUTH_4b1b323ce19643f985895cf772add44b/js/favicon.ico
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 141.95.4.196 , France, ASN16276 (OVH, FR),
Reverse DNS: ip196.ip-141-95-4.eu
Software: /
Resource Hash: fb20da3761f50927006a6f6303ae6fceec0b3cb5f4c532ba5845bcd5392112d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:27 GMT
X-Openstack-Request-Id: tx0a18caf2f411416a827e5-0061687167
Last-Modified: Sun, 31 Jan 2021 12:57:34 GMT
X-Trans-Id: tx0a18caf2f411416a827e5-0061687167
Etag: 7bf4f6782dee3b520a65ff84286e3691
Content-Type: image/x-icon
X-Timestamp: 1612097853.12655
Accept-Ranges: bytes
Content-Length: 15086

GET
DATA 200
OK truncated
/ 480 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame B36E 361 KB
102 KB 46ms
7ms Script
application/javascript 184.30.25.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6114dbdb1f8b0669e215b7e4
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/2/v/avcplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.30.25.105 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-105.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 4be248af2533387777c0841dbe22c2da3d19217cee48ae7c68063ba2966f1d77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycds-YtlbBJv2QJARUbxWzAzMVWCcXYWe7En0xUNaKmOAn8G1zzpH98c8yGFCVmdULL8nqDY9vumr90FBk2C_qHg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 103423
last-modified: Wed, 13 Oct 2021 06:17:51 GMT
server: UploadServer
etag: "e88cbf5213e55dde489911c70aa5ec91"
vary: Accept-Encoding
x-goog-hash: crc32c=4L5KPg==, md5=6Iy/UhPlXd5ImRHHCqXskQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1634105871199372
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 103423
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 14 Oct 2021 18:10:27 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 130ms
100ms Image
text/plain 52.206.167.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?r=earnme.club&sn=&ic=0&tgt=0&app=&wi=400&he=300&test=&d36=6.1.2.78&apppkg=&fv=1&proto=https&pid=6114dbdb1f8b0669e215b7e4&cid=6114dbec10453b5f0e60bac4&stagid=6114dc90d1bead46fe092d17&stplid=6049d3f140d88e45f4252456&e=inventory&vi=100&cb=1634234727067
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.167.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-167-40.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 / Show response
serv.modoro360.com/api/adserver/tag/ 16 KB
2 KB 341ms
114ms XHR
application/json 54.160.76.96
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://serv.modoro360.com/api/adserver/tag/?AV_TAGID=6114dc90d1bead46fe092d17&AV_PUBLISHERID=6114dbdb1f8b0669e215b7e4&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&AV_CHANNELID=6114dbec10453b5f0e60bac4&format=json&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=earnme.club&AV_DADPOS=1&AV_TAG=6114dc90d1bead46fe092d17&AV_TEMPLATE=6049d3f140d88e45f4252456&d36=6.1.2.78&avtoken=727066&AV_WIDTH=400&AV_HEIGHT=300&AV_DNT=0&cb=1634234727083
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6114dbdb1f8b0669e215b7e4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.160.76.96 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-160-76-96.compute-1.amazonaws.com
Software: /
Resource Hash: 0430ff4c28ff3015360240ce23277456d995bf04a91bbcfbabdf1c42427a564e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://earnme.club
cache-control: no-cache
access-control-allow-credentials: true
expires: Sun, 03 Oct 2021 04:18:47 GMT

POST
H/1.1 200 zIdEO0IZ0LbHFldgDJXh0IFCmi0uEx0nhOAitRl0pg6h_G5g4uI0bYZH68q2mFLwJsKpk4pWA03MaFgDVsjT9Rn8B7CFzBPgZBdEqfzFfp8LXg1tYq-V_OETzTnSd58qZHax0J_aCJPdRpn--jruNzNf5w-d6u32YtIXRDrX7ITPRIAR1_GCD79z4-OubYnGTtIYo... Show response
aj2414.online/ 1 KB
2 KB 136ms
136ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/zIdEO0IZ0LbHFldgDJXh0IFCmi0uEx0nhOAitRl0pg6h_G5g4uI0bYZH68q2mFLwJsKpk4pWA03MaFgDVsjT9Rn8B7CFzBPgZBdEqfzFfp8LXg1tYq-V_OETzTnSd58qZHax0J_aCJPdRpn--jruNzNf5w-d6u32YtIXRDrX7ITPRIAR1_GCD79z4-OubYnGTtIYoJqiEM69EpvuIYx7OwV-UFiXtD--3tjcnlNmRCMoaTHWqpknLjJSOFLCdWnsvpGPWnvgTKrRLchtTe_J9GV0xen6Riabt6ZZVOhsVqi6KUghF6IlKC0QkrZpxRtP0wgJK_ZKBb2C2OxMS0OC0E1rVIViAfmiFIaLRdc1pVwDy8ntc1u3oYGOZwHuLQe0eMCV1EjSjRPvu6J54fGXF6biDZIR5lD3LzIwgVo5vuGUI2G1ZAqzOPJdXa_aFKSskMsJtpOnfVlVz7WtszOu7YOEgg-nitDVdNBxiv55m-0-D1LVgl-5WBP6XWlPfL6fy9tBM3lUgromrE2E8KgkN8U_SEL2DMZCVwObESHJ7nrCobFa_TLRVVBbeabYeP5aoa4n9HF8XDXKzYPFj5A?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: da7d583f2d6c7cbaa8adde489471182e6c62e894171d9d9bc14e826dbf831e40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1349
expires: 0

POST
H/1.1 200 zFWyfIIlG2batgjjXPgAqlKpSoY2O4TCYfdi_3MYI9zvjDgNczMVOuRiMgPQtXGBHcAamOCdIOKdQHXQYa2fg9CzGkzOCLFi4dmRHqfEjaFgxWvK9zoTMbzvotu7B43p07OgpLb10Tei2GvOLJDyt5Nbl6XiKX7vMYfM4ElkxAuyvEVwDrinoVxZ8TlVBKNUKoy-4... Show response
aj2414.online/ 1 KB
2 KB 127ms
127ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/zFWyfIIlG2batgjjXPgAqlKpSoY2O4TCYfdi_3MYI9zvjDgNczMVOuRiMgPQtXGBHcAamOCdIOKdQHXQYa2fg9CzGkzOCLFi4dmRHqfEjaFgxWvK9zoTMbzvotu7B43p07OgpLb10Tei2GvOLJDyt5Nbl6XiKX7vMYfM4ElkxAuyvEVwDrinoVxZ8TlVBKNUKoy-4aAEYYo_auScFA-sw9DrKU0Qti2swpRS0C3IL-JISRTnx96mUaaUml3rv-OrSZsuK9ehIILSMrZs1GrI68HDYZrChcB4gKnUhuUBmOgTLkNKvdgAolbJe9MYN9xe92I2xKjhRfzaUOuYqNjiN7keLXzSq0NgQ9AM1WBpf_KjutBkg45Ovk24r-HYsBj3A_sWg9u1ulVg19TBID1VtgyYlwvK5gb03xkhe-PPYrlzA8jap3EL5-MW_Y_lu2PtkeFb_3fCv5UBLDx9t9tooquqeIKrWSQCLucoIgsmYBCn1NTNfsbLKSD8v9Aw0iXaMn7ngixNtSuA2cR_FNuFYsrZ8bpamn9DxcNw8h_UI5B2sAoL4ViFjN3rji4m3RQVyZTF0QB1HCSfjMfc1tg?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 5b1102c76492322b4bc3386084d17417c8c34d2229ef4a3387465aa1b3264424

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1349
expires: 0

POST
H/1.1 200 z9_Kv_YfXi9ack4RJ6xu4kvs0xGRdlctn-ycdLGLlEJrFJXRjMlRVephMxMBxuiZrJBWJVeVeD4VmPQaS2lPkjFqP4cZj1Uizn1Y-tqNu0k3rl5QWc9oaUaWn81y-Z3HE3m3nj_ebY9DHDFqQ52iAhlQ9r-ov4vDVuEt35Cyd2ilVgIXFvS-mIyyGA9dS1u5WoO6D... Show response
aj2414.online/ 1 KB
2 KB 252ms
127ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/z9_Kv_YfXi9ack4RJ6xu4kvs0xGRdlctn-ycdLGLlEJrFJXRjMlRVephMxMBxuiZrJBWJVeVeD4VmPQaS2lPkjFqP4cZj1Uizn1Y-tqNu0k3rl5QWc9oaUaWn81y-Z3HE3m3nj_ebY9DHDFqQ52iAhlQ9r-ov4vDVuEt35Cyd2ilVgIXFvS-mIyyGA9dS1u5WoO6DnlwdwFxm9KzEOAexcRvf172uVVdecEpkvE0Qz6sCPVM6Dz_b6KBZ1HY6uUrPtKrHBfLWFC2pC1MYvNrwD19LoEtyYi5q98jmwrn0yL8QqljN32E8ti8CfXd0HSihK4P0EUEcTrCI91l5UEvEJMJGyncBR0SA5tgdSsbBgrLyz_EI9EKsFUyLD2RRW4SiRzr-zK-RLKcx39QO8nRzaKFbaEoitVmFMjJyfj0t11oPX30u0J6RRHW5oKPRym9FbcXOZRj8gAPFo8BrWu4naUY_ImfFUo2VhmFjwJz74rMQC5D21qT2X-TDHrfCOITvlgXVVSE7p0BrZl_aSeyacAjxgVxu4Ep2ODQ9b9cxefCOr0hSE8ZeinNIkR6Fg067xYIeTglEWXW4Z6Rk4w?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 1ccafb20c04338fe13f836484ac9c805fdcdafda38a8c4fc821b8119ee27787b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1349
expires: 0

POST
H/1.1 200 zcuHuVIDXQUJp74GiVS0RmIjlCmzpx5aW76j9te6kwcsi6Gout1s9zs02AksCNnwITq2w9Oa44y7Lu-n8Lc19tI4XQo77DiQtOzpSGU5158vQN_NvgTbeVWXk6rX7VgvPcnGCFdm7L-cLdiveVNitWx71ZVi8Da4qH7wyO4IrYHBfo_K16juVFs2pf8M8hmoWUUEa... Show response
aj2414.online/ 1 KB
2 KB 264ms
134ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/zcuHuVIDXQUJp74GiVS0RmIjlCmzpx5aW76j9te6kwcsi6Gout1s9zs02AksCNnwITq2w9Oa44y7Lu-n8Lc19tI4XQo77DiQtOzpSGU5158vQN_NvgTbeVWXk6rX7VgvPcnGCFdm7L-cLdiveVNitWx71ZVi8Da4qH7wyO4IrYHBfo_K16juVFs2pf8M8hmoWUUEaeaOcmq0pa6atGUj3TSMpqYLO7gbWS8hnVTT2xrfsNYX79ag2jfqEL9RAR9amSUW5qk9Ao13GXR41SqMBmzYbHU6DR9lEeLOxByBJmYGDWPi5ygz0Y0vnTH-wMxitgCdrYZNzkX-kmb49KnRpQh4WJ6bLKA1qxwDPKuQFOoyl06co4OumMqQfJDxpFKX0NTrJYG4kUqH9Q-0PjQ3DuomgDLQm-hgeZ0QHbXlkyKZujkQ6DJMmOvyR9FGbhpkKuuOXg7EBlRljICficFJ3zrXRRUYrjzs7xoaxx9CHpV7PmllnMVb4jS_PDSA_MCNYtjHb7Ma6ttMX_QpQxVaals2isz_xBVfAmFlHVe_IOfOSBbzr7eLoJKTNcSdQ49SzYu2U07dGDnS4NqY3tA?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 909010e84e575b1115fd502bb469fc7a9c655793ca0c1a0bc3be37dfe9b10f29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1237
expires: 0

POST
H/1.1 200 zzRCMem4uVXQYmsWf9wyEHeVx55jP38VwzyPULDRF0Qtm5fwnW0hkKRyDfFmZKQtdlAgC7blHz6XcRWjbldwRpAhlHaqr1R5VhqbaHNuH5DdPjzTtz8FffmGxMVbdKfQsBghekoI7QzL_-ITTSvjGs9c_Gv9wNKe6DyuZTyimesfUX8S8CgYh-qsYyEd8RB1D4J18... Show response
aj2414.online/ 1 KB
2 KB 376ms
130ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/zzRCMem4uVXQYmsWf9wyEHeVx55jP38VwzyPULDRF0Qtm5fwnW0hkKRyDfFmZKQtdlAgC7blHz6XcRWjbldwRpAhlHaqr1R5VhqbaHNuH5DdPjzTtz8FffmGxMVbdKfQsBghekoI7QzL_-ITTSvjGs9c_Gv9wNKe6DyuZTyimesfUX8S8CgYh-qsYyEd8RB1D4J18TQytf0EL8ZnCtZxxvvV45A2NNzq29OoU0cjYnxkDXfOTNzRTJrU-meRGSD-evXdtqswKhIxigqTGgmxmIq6E9pp53nuPFgF2imJdKPmBxM5QeL9bNodceW8OZ2dy2KudanZ442LYFp40Ugw2obI2EBGHE0zDb_TMhxfHjEh0Sz-ySikB0YMQuRAwJ_GtessEqtQNrqjF6EgRrTFKNmbYpHd-R1jODEPenGZfHamfEZ_t6xZlh24YFSfAQ3WO8kHshGt-7vUs_ml5atF2NeyLPKEuV3lnKnv0njIst8XVnfZmWV2TWr76fESYZpzm2aaVngGq8ylVyjP_ZiGomxCN68GdAnP6YAG7a9VBb6zrRQuIVUIOwYf9QBrU9UG9taPlJcNBBSDlZaM1uA?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 218bd68f71a6dd4e1465af6d1454cb6c0871724d5d65b23c0434f034a55cee6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1237
expires: 0

POST
H/1.1 200 zf5qpXHlLzHEeV3cYxDhVPiW7jRlq99Cn4-AuUu7mJjZaEGoXoz1hxa_YJG_zn_JQEcaxfjDYS8ZSAy4T3P_3Axpfbyy8UJiehxmTi92mknGq5P6sSZm1aBBxfeuJmAPZ1uNuEtjfBftgCl9A3L_YhB2GhHzvW5U4rerN4mQ2qVQWg7rRdgLeV0hf0swqcBx3UgUy... Show response
aj2414.online/ 1 KB
2 KB 374ms
129ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/zf5qpXHlLzHEeV3cYxDhVPiW7jRlq99Cn4-AuUu7mJjZaEGoXoz1hxa_YJG_zn_JQEcaxfjDYS8ZSAy4T3P_3Axpfbyy8UJiehxmTi92mknGq5P6sSZm1aBBxfeuJmAPZ1uNuEtjfBftgCl9A3L_YhB2GhHzvW5U4rerN4mQ2qVQWg7rRdgLeV0hf0swqcBx3UgUyXBDtvQD6409bvWDFi3kQpzjOyRqYQcLIecYhA2fHZjz5FLrLgYLMBVjiYSc961iUGsfEYySKqUw0YVArE8dnuVAOMtfCiVngsOFYpIgQL1-EpwpaVnNlSWJg1G40oL0iVHuro_x6DhQFwTWGvEDnXHFKYW4vmcDn0uO2N5wm-fPzvNXdGddVJ7qUto77tMscoJvFEurg6pSrSst81O5IwAVIe_Su4o1fdTDGiYvjBCQtoj3wYRxpcRvthFgW7toTt6_GB_uCpO0gcF29QYMW1SKsPgKRsGUegpQG7oeVmwKAsaEwYvQ4KDfaxqJxmvqIM5hktanHbhcU5-JJrhvleUfRB0xWLmp55Y23wP59-VpgPzVMiozk3eNRuq1v_BOcrM5ADX_iNKIxsg?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: f956a57cdb3f16c4e83c513b7d72bbfa49db02226b832acc98428bd7fd5744e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1237
expires: 0

POST
H/1.1 200 zJrRaswd8Ef_Pv4TlpVyF-2LTkWNpla_-aSoe8teDqJ88k6tmIDAiLulYse3iN2fz31oNOywSXnafIWUSvZ2IgTJIU09KfIiuJ5OgICNWKmiXYhvk0xlBQqszBQCSmseHQ52IGrLqygpoNMHzgg7XQc5OnQUCtDzk9x533gKxAdAaRKzpGTav32aAPAHVHWCK0-qs... Show response
aj2414.online/ 1 KB
2 KB 375ms
130ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/zJrRaswd8Ef_Pv4TlpVyF-2LTkWNpla_-aSoe8teDqJ88k6tmIDAiLulYse3iN2fz31oNOywSXnafIWUSvZ2IgTJIU09KfIiuJ5OgICNWKmiXYhvk0xlBQqszBQCSmseHQ52IGrLqygpoNMHzgg7XQc5OnQUCtDzk9x533gKxAdAaRKzpGTav32aAPAHVHWCK0-qsJLG0q6jx4nVcf1rxHJlxf-_4LwCA0ivA8Hd3Wgr2MkM91tJLAF31_B76ZQaYvmD7I5OoK89QbAWG964f-y7l6q8eSPI5qeOoC8eio0X7aaUQjd3BQsDBp6LiwZNpohBD_KlsJ8SApXvMfS2WJbx9WrHGPIud3TEnNLUWzWNCGj6nMRd0fCoI-5i_weqZ-HfSGCLblE11_0ATilYUWpS3uE5fvcIo_vSMBTIAD6gQucOxjmZyOEzODfmJIMrQRbnnAoNqxBsPQCgOy1oIjLsQPRmLDVbl84pKX-2J2ll-SvFzDpZ4QE22e4TcA8s2z95fAYiyxxWngX4UtnIiFRoEA3fi8Ej5afz9qGfLhwc1MX-N32cgrsNUu6nt-vIrf4p-s49BCSC5NfZl5Q?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: a76af243fe9e4d31585af658a45621e5db0a65ac62d3747f307c4b442d949e8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1237
expires: 0

POST
H/1.1 200 znFxxiWChH7_nf2kfs6vW_AvYc1ms7gTObgfNznz3Sn2AssgX2EHMuIH5hXUXRMaa-kdrh-MKyAkrnyBxKPnxoXzQ4j9Mo7NpC19MUHkR2_eVgljPRaAlv_F8SwCqZsGIci3Gs1GfP36sFXQQTlpGnQBzIanMA2948DcAX67tdgrcZCw8DsEMqEwB6P6qqhFv_nG6... Show response
aj2414.online/ 1 KB
2 KB 374ms
127ms XHR
application/json 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to

Full URL: https://aj2414.online/znFxxiWChH7_nf2kfs6vW_AvYc1ms7gTObgfNznz3Sn2AssgX2EHMuIH5hXUXRMaa-kdrh-MKyAkrnyBxKPnxoXzQ4j9Mo7NpC19MUHkR2_eVgljPRaAlv_F8SwCqZsGIci3Gs1GfP36sFXQQTlpGnQBzIanMA2948DcAX67tdgrcZCw8DsEMqEwB6P6qqhFv_nG6j3Az3d2KgzGde6NEgRiV-Rh85fr7vu5HMiTExQvGQ7OAVEq9YwERDc4oqhq_M5JZxQU1b7lEj8HJ28AjsP0utcg6Zn77tKskczbAyrDnLR_q-Sq8ov68ZvKl_BXStiPF5tLpFWyleLZrb9wJg_jDVuR02Dta64EUgrE-rUIdhUkt80mC_E5sOjNnGegXMf5jIiFIUQ9XQ3zkNHH4Y-WC2APVIZJUN3d_HZs0BGXmJkbsh2_U9D_49yzGYOFKm5g2ui8vVNmc_90DBln86BGExHsqzhiJb0czPu8_v3XK4L_mQN3Npu_XJXrtijrNzc-ivq0NkLrA_XOw_y6G3GWmdjQwvMy60d202FyJtGWf5l_D0TIgjecM69CsIg3PKqCtuvMRWCK1Y_cy5A?
Requested by: Host: aj2414.online
URL: https://aj2414.online/024852e0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: aa6108b7131709496f832074a6b3aa96493b183a96f576484a59a5878f6af744

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
content-length: 1237
expires: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6019 80 KB
27 KB 38ms
38ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

e45fe08e6ffd0f8f113b68cc5c408e70bb5e0c85e9e9bf6d6168bf332e836d1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 634 of 1000 / last-modified: 1634209622"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27187
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 z2fkxJQZpY128x6qDTkDWuQLXPbYgjQtD3M1EL4oa6_dMAvYtI1-483O2Uh76gHAF2RDlqRkoDDbzsmr6YQODh4HE2dN5hdAqdPhHWQTPYCO-m25JpsjzDzjH9vnX5iJRIy_VVgDbETHwOiVksdwEFu5pmY-X8VEuGNME54Zfqw-pMbFLhw6GLf2vSr0yqWMi04Lc...
aj2414.online/ Frame 6019 43 B
510 B 131ms
130ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/z2fkxJQZpY128x6qDTkDWuQLXPbYgjQtD3M1EL4oa6_dMAvYtI1-483O2Uh76gHAF2RDlqRkoDDbzsmr6YQODh4HE2dN5hdAqdPhHWQTPYCO-m25JpsjzDzjH9vnX5iJRIy_VVgDbETHwOiVksdwEFu5pmY-X8VEuGNME54Zfqw-pMbFLhw6GLf2vSr0yqWMi04LcC67dNtowURzklSj81Ok91Wkpew8cNNH7VIaiN_9PaErbJVaY4V9H1TXLy0MG3-Kaj4AwZ3jyJJnVLJDctOvq4eyzur_AebUJOD9risleCv4adKOLbZz7RkWHb4homfostMpyNE5Yjb0BI_G82wABvrth0MkBrs6ge79hv_Wqw5QiqOppA6byVMiDc3At2Jtk6APfq5tevP5mpQ?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3244 80 KB
27 KB 40ms
40ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

6dc933e95d73e716ba13166c6e76001d12b5274cd18801c7c46df9077a4dbbbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 752 of 1000 / last-modified: 1634209622"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27163
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 zNnIwvzy7oWzUTAzG7Ess1oy4_3CcW0_jxbwr12VjsBcZWPNoksHeNhkJwymUSPu4-xDKUWcglxwHblznRa3_t39mjWcMoE1abf-YdtJLDi_-PzwIS_SrB1q7ugx1Ojg4KIQZO3_loHFh-73MF2U9BCzo5aW0dcjhNhsysgNQiMd-GBzfZ38A0g_AjLl-DOLlHtRA...
aj2414.online/ Frame 3244 43 B
510 B 132ms
131ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/zNnIwvzy7oWzUTAzG7Ess1oy4_3CcW0_jxbwr12VjsBcZWPNoksHeNhkJwymUSPu4-xDKUWcglxwHblznRa3_t39mjWcMoE1abf-YdtJLDi_-PzwIS_SrB1q7ugx1Ojg4KIQZO3_loHFh-73MF2U9BCzo5aW0dcjhNhsysgNQiMd-GBzfZ38A0g_AjLl-DOLlHtRA0M4qlEfymDsTNyu6Y4LlLoCqOzG0pChDuYmBqHdlxNN7H_XzUEPWkl-hjRxJzD9PLQbYh6mXi3ZYtj07SPxSKirfDiVXs7MQnTPeKpygjQeZTQpmEm_Z346oRILa3oSdPRwtPg9XQ60Doo3TTC0IBSr2cMf7c7grah4c6DAD0GuihHX7X9QlFTJkHR94M3pxuHif1TiWJeprHg?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 avpb3.js Show response
player.aniview.com/script/6.1/ Frame B36E 303 KB
95 KB 7ms
7ms Script
application/javascript 184.30.25.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6114dbdb1f8b0669e215b7e4
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.30.25.105 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-105.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: ac7b9f46edcec0a88c11c18bf0a08879953bfd042486c0a2a7c58426df25088c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduZw_i5ti7yyLKbGdH9e-AJSyuIrZowyBkvpjZIzG5xPvNYPc7k0NfjV4IddG3zqY2hEr64JKpFnz7rIG1wp5Y
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 96232
last-modified: Wed, 13 Oct 2021 06:16:58 GMT
server: UploadServer
etag: "ad7ef38cf13e26516d10222fcdb4ead3"
vary: Accept-Encoding
x-goog-hash: crc32c=vtLYAw==, md5=rX7zjPE+JlFtECIvzbTq0w==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1634105818129804
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 96232
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 14 Oct 2021 18:10:27 GMT

GET
H2 200 avpb3a1.js Show response
player.aniview.com/script/6.1/ Frame B36E 74 KB
24 KB 13ms
12ms Script
application/javascript 184.30.25.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6114dbdb1f8b0669e215b7e4
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.30.25.105 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-105.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 7a4569a62133c80d4c36eb1f349bbaf292e323a90e0e4d8030ede845dcd0258f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvfsDTCuqwyCC0AHqpIhpAUqstBQMxfcPU7ST1T8U9p1lmGdRwUH862Z2ft9XQZYWTktys5ZnoOC1ifML3WyU0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 23767
last-modified: Wed, 13 Oct 2021 06:17:26 GMT
server: UploadServer
etag: "563f07a3f412ef29a8ada1595f3a5eb4"
vary: Accept-Encoding
x-goog-hash: crc32c=A12Knw==, md5=Vj8Ho/QS7ymoraFZXzpetA==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1634105846052310
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 23767
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 14 Oct 2021 18:10:27 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 98ms
98ms Image
text/plain 52.206.167.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=US&cos=Windows&r=earnme.club&rs=earnme.club&sid=85636&t=1634234727&cip=216.131.114.25&sn=&tgt=0&osv=10&bv=93.0&brn=Chrome&wi=400&he=300&app=&AV_PUBLISHERID=6114dbdb1f8b0669e215b7e4&test=&aafaid=&proto=https&uid=1634234727365-911940631243-006647-001-002364&cha=0.05&stagid=6114dc90d1bead46fe092d17&stplid=6049d3f140d88e45f4252456&d35=&d36=6.1.2.78&cb=68886365881&d9=0000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=300&&ppid=6114dbdb1f8b0669e215b7e4&nid=60095c900c0799791c46d8d4&pcid=6114dbec10453b5f0e60bac4&ncid=6045faede4831b73554dc6f4&pasid=6114dc0eef104227c562c9f5&e=request&cb=1634234727449&asid=60d9df6656650922c95b411e%2C60d9df24e3ea4720e70806a8%2C60d9e03be568d161976ee48e%2C60d9df69980e33168e552ee6%2C60d9df6de3ea4720e70806aa%2C60d9df6ac9ec1355f34ddfd4%2C60d9e040e1151d701731d30b%2C60d9e042c3c59a269438a856%2C60f43295bab3c9450e22e2f6%2C611a457f87e270137b58cd4c%2C60d9dece2661355d12767d74%2C60d9e045aac2e2613b0847b4%2C60f432adfefd02069455d1f4&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C1%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.167.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-167-40.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 65 B
294 B 150ms
109ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cFJaFg4dmr64KsaKjGFx_2
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: e08ada5e7630ee2870834114070d93ba7532bac5dda2b1e49c995fc96a947616

Request headers

Referer: https://earnme.club/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H3 200 pubads_impl_2021101201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6019 361 KB
122 KB 15ms
15ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124532
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 08:35:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 pubads_impl_2021100701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3244 366 KB
124 KB 373ms
373ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

74e0705ba9740aea8c7f1f7a8e582ae656c55e1c8d047b212683fadb5e623fa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126551
x-xss-protection: 0
last-modified: Thu, 07 Oct 2021 08:38:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 7362 80 KB
27 KB 22ms
21ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

3fee0e1fb0e879da788a4daf371d6ffdacb4d300b86d199e5042b60858498ebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 685 of 1000 / last-modified: 1634209622"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27204
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 zX8cX_h9mbmK3jZReY7l16D81rXMoHY19dwcRpH19led-3dicDJODjY_cqznKZZj82e1Aa18_VkVTPc8jq15mKkijoZPcL1-X0s98eiI636X0knPS8BWYCRdzlEnNiDyTdptbH9YDlBPlw9CGH8aufcWdcVkMsBwmV5zPXUiAvcmLFz_ZbToKpd_kmMGDqeFjQSCn...
aj2414.online/ Frame 7362 43 B
510 B 126ms
125ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/zX8cX_h9mbmK3jZReY7l16D81rXMoHY19dwcRpH19led-3dicDJODjY_cqznKZZj82e1Aa18_VkVTPc8jq15mKkijoZPcL1-X0s98eiI636X0knPS8BWYCRdzlEnNiDyTdptbH9YDlBPlw9CGH8aufcWdcVkMsBwmV5zPXUiAvcmLFz_ZbToKpd_kmMGDqeFjQSCnU327eueXaUD_VYTEbYvVjE9_dKEfLWtgjjTLm7TJOeUVz3hfs-T53af6S-FsVNLeCXmlvLmmSQrX5qXdtV8lDJPBLC2UFs_F3mGq4RxAJdBJSI3SKg2mg8_t3We0sSb5VYmWFYP3kLA4N8mrfrtqUH5q9BNVKFtrgITpthfZmQx1WnPiD9dYgTyTXnCLLcFLc8BByoKwiyvrwQ?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6019 107 B
570 B 39ms
17ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6019 64 KB
18 KB 372ms
372ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3143325445286147&correlator=3083225660874749&output=ldjh&impl=fifs&eid=31063134%2C31063158%2C31062948&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=22367406785%2CMPU2&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C336x280%7C300x250%7C200x200&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&lmt=1634234727&dt=1634234727607&dlt=1634234727420&idt=155&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=632&adys=525&adks=3269061538&ucis=xlw500oeg7nq&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x200&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=2105365477&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

97c1543256668b1db6856a5b09da46bb9c659a97f7f15961614a0465f0da1794

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18841
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0382 6 KB
4 KB 73ms
22ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame ED8F 80 KB
27 KB 15ms
15ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

3fee0e1fb0e879da788a4daf371d6ffdacb4d300b86d199e5042b60858498ebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 573 of 1000 / last-modified: 1634209622"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27204
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 zi_qGl9UY2TIwslLJAqGuEce3ZY5RcKPYMY-qwqddGDHKMNkYSlnVK_xYi60fDkt_zf2b29BIRYM0F-G5Y7NXOSYi9Kdu7mfJixnd6mGYcQBGAcoXb_5gwB0Atrpr_vvy3lGez90WF_9ApREuVTHuKA_wTnXB3_XNeKrPHIrz4IorzDDtdwHAm2roay0i0VMqtho_...
aj2414.online/ Frame ED8F 43 B
511 B 126ms
126ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/zi_qGl9UY2TIwslLJAqGuEce3ZY5RcKPYMY-qwqddGDHKMNkYSlnVK_xYi60fDkt_zf2b29BIRYM0F-G5Y7NXOSYi9Kdu7mfJixnd6mGYcQBGAcoXb_5gwB0Atrpr_vvy3lGez90WF_9ApREuVTHuKA_wTnXB3_XNeKrPHIrz4IorzDDtdwHAm2roay0i0VMqtho_I9wFCmP8S8bLarbqqQL3izgZvSB5Nm6KxU4CLiWEDENc5uY2_-yXJL7jJqF0ILKFAUlsSt1jjXqMW5guOsVIUTobbcNMF9gcxUX1oO_0ix2ub0CBdpiJUiwj-d2YraAx_VAXcda3ByOfPqscUU1RV9mq61GfJ-ogAJQbIiIEChtWjM0GFpgMeCfrToSsMjfGkU8coJhBKQ_oELw?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 pubads_impl_2021101301.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 7362 361 KB
122 KB 22ms
22ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

29d3ac66cb7823c6a5771bbb0ee77b819f72c251c06f7c9eb5c3000ea9611b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124741
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 08:34:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 98ms
98ms Image
text/plain 52.206.167.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=US&cos=Windows&r=earnme.club&rs=earnme.club&sid=85636&t=1634234727&cip=216.131.114.25&sn=&tgt=0&osv=10&bv=93.0&brn=Chrome&wi=400&he=300&app=&AV_PUBLISHERID=6114dbdb1f8b0669e215b7e4&test=&aafaid=&proto=https&uid=1634234727365-911940631243-006647-001-002364&cha=0.05&stagid=6114dc90d1bead46fe092d17&stplid=6049d3f140d88e45f4252456&d35=&d36=6.1.2.78&cb=68886365881&d9=0000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=300&&ppid=6114dbdb1f8b0669e215b7e4&nid=60095c900c0799791c46d8d4&pcid=6114dbec10453b5f0e60bac4&ncid=6045faede4831b73554dc6f4&pasid=6114dc0eef104227c562c9f5&e=bid&cb=1634234727649&asid=60d9df6656650922c95b411e%2C60d9df24e3ea4720e70806a8%2C60d9e03be568d161976ee48e%2C60d9df69980e33168e552ee6%2C60d9df6de3ea4720e70806aa%2C60d9df6ac9ec1355f34ddfd4%2C60d9e040e1151d701731d30b%2C60d9e042c3c59a269438a856%2C60f43295bab3c9450e22e2f6%2C60d9dece2661355d12767d74%2C60d9e045aac2e2613b0847b4%2C60f432adfefd02069455d1f4&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.167.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-167-40.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 pubads_impl_2021101301.js Show response
securepubads.g.doubleclick.net/gpt/ Frame ED8F 361 KB
122 KB 15ms
15ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

29d3ac66cb7823c6a5771bbb0ee77b819f72c251c06f7c9eb5c3000ea9611b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124741
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 08:34:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 692A 80 KB
27 KB 18ms
18ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

3fee0e1fb0e879da788a4daf371d6ffdacb4d300b86d199e5042b60858498ebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 655 of 1000 / last-modified: 1634209622"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27204
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 z6yXlnx_jz8ZbE2Ge8zg9hC3t6iVj-0FBqALT6uNOFD5eVhTCKgxNuJvNYZ0L3EQjYyf170cU0WJ52AuEVnl16eCyuq7ZEbFlBX2XFSmb6udDyhsKq-UhdKgjXiQ4_HC-Fkxoqga5LD8FcT0uBGRFjytoU_VgD0hA1lcSxjm7DzDplgX50-2CTP1yulU5w202or_T...
aj2414.online/ Frame 692A 43 B
534 B 128ms
128ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/z6yXlnx_jz8ZbE2Ge8zg9hC3t6iVj-0FBqALT6uNOFD5eVhTCKgxNuJvNYZ0L3EQjYyf170cU0WJ52AuEVnl16eCyuq7ZEbFlBX2XFSmb6udDyhsKq-UhdKgjXiQ4_HC-Fkxoqga5LD8FcT0uBGRFjytoU_VgD0hA1lcSxjm7DzDplgX50-2CTP1yulU5w202or_Tg9Erkqr14pyCj3sxNY38dvss69mUSoetx_felX_hn_8j_P5VC2dg5-r9VdUvxaF6Dbse_0oRQmkqFsaafpjcBmSG62ql-9j-jyA9pWtM8SmKZp0NCCkPreD_5l-u4O2EmA0-CJ4fqMQp66aQIitRsFCEo9J-qqN1W7suwzhEEfjhdAOjOA01yHNPhP8C70xWdeKSX4B7Igo-mw8?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame A1A0 80 KB
27 KB 18ms
18ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

cb842e61690ec5fcd0121a12540c5d71ecf9694e0fa9b526df1ed22048d435ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 82 of 1000 / last-modified: 1634209575"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27185
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 znNzevAkK46FRUdeupRzqS78uU53CwzepAWUB-R_ls70OIcBTP_dl8v1j__E18bXAyKWEbuDwq38_lO3PBe6il7fWndsbb5QxgcJTJUjSLKg9FfOJIsBejp5uPtWKjdjdcYqNa3LwTbO-RszRiRk8QhyTwCZLA8Hdverk_oABhbyTA65ZvZflWiC0sqHPRCdyzgV2...
aj2414.online/ Frame A1A0 43 B
534 B 132ms
132ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/znNzevAkK46FRUdeupRzqS78uU53CwzepAWUB-R_ls70OIcBTP_dl8v1j__E18bXAyKWEbuDwq38_lO3PBe6il7fWndsbb5QxgcJTJUjSLKg9FfOJIsBejp5uPtWKjdjdcYqNa3LwTbO-RszRiRk8QhyTwCZLA8Hdverk_oABhbyTA65ZvZflWiC0sqHPRCdyzgV2k-avb-0MAaF0AC1PmTLV1na5emzZRG7XSMCgzEMyhKnWTzfP54TxuTrK7STOoU2IMzFL0F8DVuj8c_VZVTbV8uEfDvqwTMdG-ao8_G1zzwG8zuTxWsuDMTdwlEmwspzQgQ7bzQbbOBQ8D9p_X1Ta2SPYcCPAbJpfTfsSCS7YnxQCT8jhvJfectYnfNmT_hVTH-pKfak3pld5oQw?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame C6DB 80 KB
27 KB 16ms
16ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

cb842e61690ec5fcd0121a12540c5d71ecf9694e0fa9b526df1ed22048d435ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 187 of 1000 / last-modified: 1634209575"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27185
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 zSxEE7CGrnbevg1Qy_zEdZ8Zklzoq3mtH5H-oCfZfRxAOZ5Znv17k48llyDqtZ0FalhEHNL8ZZJotZPeTiljtkvBRv907bKK8rm202-Wg9-2AUxnnqIFh8F9dSeJambP74JKm4cuRbuYJ2HtWz3N5kWCdLWf1859y7TBKq380ssWIFjY97l4lpJlfyEan3Xg-t5ZC...
aj2414.online/ Frame C6DB 43 B
534 B 126ms
125ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/zSxEE7CGrnbevg1Qy_zEdZ8Zklzoq3mtH5H-oCfZfRxAOZ5Znv17k48llyDqtZ0FalhEHNL8ZZJotZPeTiljtkvBRv907bKK8rm202-Wg9-2AUxnnqIFh8F9dSeJambP74JKm4cuRbuYJ2HtWz3N5kWCdLWf1859y7TBKq380ssWIFjY97l4lpJlfyEan3Xg-t5ZCmp4JiQLeNLaknd6h6YWPG7a1Om77wLHs-vYZe5HEl5i_B4IQnyMFjo528Fsy4P_9fjzi9R1hO19QZgY2PV7ujps40OIcRyaA8HMtSdF8xlZlVt2su-IbhKLGnikBJ9-uyr18i4k9UQARZVsMR4X8rTJMni1CQJFajehsYBrpJeDjeUdiNGAThbdD_Eoef9KzM9Ih5K7jqdLGPZY?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9132 80 KB
27 KB 17ms
17ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: aj2414.online
URL: https://aj2414.online/024852e0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

cb842e61690ec5fcd0121a12540c5d71ecf9694e0fa9b526df1ed22048d435ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 953 of 1000 / last-modified: 1634209575"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27185
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H/1.1 200 zU7VQuDynTo58c4rbVWy7872w_nfNHG2ChKnEuteA69sOI-2dizWbLVfhx4-95wom0tFLK_kcGmy569glhB_PfkgBGRcXdvr2m595ix3pkcF6i_JzfilJET7rEy1K0VjCY1Py6zwKETDKYPOfruAgMWe6un0F3mYgLC4FbS_iMAse_0nvx5b_IplKPBVOSELMoevo...
aj2414.online/ Frame 9132 43 B
534 B 126ms
126ms Image
image/gif 199.80.53.188
WZCOM-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aj2414.online/zU7VQuDynTo58c4rbVWy7872w_nfNHG2ChKnEuteA69sOI-2dizWbLVfhx4-95wom0tFLK_kcGmy569glhB_PfkgBGRcXdvr2m595ix3pkcF6i_JzfilJET7rEy1K0VjCY1Py6zwKETDKYPOfruAgMWe6un0F3mYgLC4FbS_iMAse_0nvx5b_IplKPBVOSELMoevoMhm083CG0Dq1zBUEsX3nHO_ucvUKZSWOZujD5_U7B-63hGqgi1MTEsfuxpfIXbZEn2jt8NCu57_MBz0Vrp7B0_K8ZSLSjxqXWSgiYXlF9RG35dYA_XArK0IdkQNCHj8-cGWvRGSRcB2bbqpUDfZHZMUmA2Ak0PjFcnHF-yboUmhR2Iap35X0UQFPbBC9GCfPfJFHfpWVCsE5Efk?DC=WZ
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.80.53.188 , United States, ASN40824 (WZCOM-, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:27 GMT
last-modified: Wed, 21 Jul 2021 08:16:30 GMT
etag: W/"43-1626855390000"
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7362 107 B
122 B 50ms
23ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7362 63 KB
18 KB 486ms
486ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897545899839513&correlator=427893306657028&output=ldjh&impl=fifs&eid=31063159%2C31062221%2C31060889%2C31062526&vrg=2021101301&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=22367406785%2CMPU3&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C336x280%7C200x200%7C300x250&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&lmt=1634234727&dt=1634234727805&dlt=1634234727548&idt=233&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=456&adys=1504&adks=395059052&ucis=cv37eubrt22h&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x200&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=1459056308&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

53b958849a6a7c96426f7d693656c0141a411d57837587435831ffa5d8dfcdc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18764
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6F26 6 KB
3 KB 36ms
22ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2021101301.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 692A 361 KB
122 KB 14ms
14ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

29d3ac66cb7823c6a5771bbb0ee77b819f72c251c06f7c9eb5c3000ea9611b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124741
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 08:34:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 pubads_impl_2021101101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame A1A0 361 KB
122 KB 21ms
21ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

09ccd1239af4971d32ae7f1220a52e047e569bea7f10aaf7dd2014b637263d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124570
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 08:37:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 pubads_impl_2021101101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C6DB 361 KB
122 KB 25ms
25ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

09ccd1239af4971d32ae7f1220a52e047e569bea7f10aaf7dd2014b637263d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124570
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 08:37:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame ED8F 107 B
122 B 24ms
23ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame ED8F 43 KB
11 KB 414ms
414ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4176024519852548&correlator=1673813310080624&output=ldjh&impl=fif&eid=31063083%2C31063135%2C31063159&vrg=2021101301&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=21735448363%3A22367406785%2Cearnme.club&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200&fluid=height&eri=4&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&dt=1634234727871&dlt=1634234727615&idt=239&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=456&adys=2326&adks=1706086568&ucis=kbfjmekmjs4h&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2F&loc=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=earnme.club&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x0&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=138140571&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

fc78e4c9ac41f9199b33c83695bf5e5ef4c526dc9fc74bdfda18261cea15abbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10802
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8CA2 6 KB
3 KB 39ms
25ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2021101101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9132 361 KB
122 KB 15ms
15ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

09ccd1239af4971d32ae7f1220a52e047e569bea7f10aaf7dd2014b637263d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124570
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 08:37:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 18:05:27 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 692A 107 B
122 B 23ms
23ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 692A 65 KB
18 KB 406ms
406ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=933717603646843&correlator=299796043914863&output=ldjh&impl=fif&eid=31063159%2C31062930%2C31062948&vrg=2021101301&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=21735448363%3A22367406785%2Cearnme.club&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200&fluid=height&eri=4&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&dt=1634234727923&dlt=1634234727716&idt=193&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=989&adys=2577&adks=240726471&ucis=hmjmkt3o5ft5&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2F&loc=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=earnme.club&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x0&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=1230966980&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

133dda7ed4da3948baf0e876f32b470c8b8dc8d73366d4c81560b612a6611e39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18685
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6CFA 6 KB
3 KB 36ms
21ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame A1A0 107 B
122 B 24ms
23ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A1A0 64 KB
18 KB 548ms
548ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2359724945446046&correlator=2857403629002672&output=ldjh&impl=fif&eid=31062525%2C44748553%2C31062930%2C31062949&vrg=2021101101&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=21735448363%3A22367406785%2Cearnme.club&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200&fluid=height&eri=4&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&dt=1634234727971&dlt=1634234727725&idt=222&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=3&adxs=989&adys=1177&adks=523290386&ucis=9m6snic7wyri&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2F&loc=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=earnme.club&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x0&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=1170123055&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a6cabe8c0788cbea07b7fd846ff52d6197e07cae7f409f53e4497b7a18713d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18821
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EF3E 6 KB
3 KB 36ms
21ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3244 107 B
122 B 23ms
22ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3244 15 KB
9 KB 560ms
559ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=272788335596595&correlator=1929316879944738&output=ldjh&impl=fifs&eid=31063083%2C31063160%2C21068031%2C31062526&vrg=2021100701&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=22367406785%2CMPU1&enc_prev_ius=%2F0%2F1&prev_iu_szs=200x200%7C250x250%7C300x250%7C336x280&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&lmt=1634234728&dt=1634234728010&dlt=1634234727430&idt=557&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=632&adys=193&adks=3685389058&ucis=11lwew1ycvkc&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x200&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=604511986&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

d9c76f6ed88ff93ed4dd98bb470288147e34ee19146803a42b460f7d681dbb01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9167
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5585 6 KB
3 KB 36ms
22ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame C6DB 107 B
122 B 24ms
23ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame C6DB 12 KB
7 KB 565ms
565ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2066361545737926&correlator=1379941492930764&output=ldjh&impl=fif&eid=31060838%2C31060889%2C31062525&vrg=2021101101&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=21735448363%3A22367406785%2Cearnme.club&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200&fluid=height&eri=4&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&dt=1634234728039&dlt=1634234727735&idt=291&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=632&adys=3597&adks=3210347167&ucis=alizhaigd0ur&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2F&loc=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=earnme.club&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x0&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=2058313929&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

9562a10bdc04892edb22f709b34db413b692a2116eb6cc789fb7587dea9f8d76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7404
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3AEC 6 KB
3 KB 36ms
22ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9132 107 B
122 B 24ms
23ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=earnme.club

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9132 13 KB
7 KB 415ms
415ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=580715759903413&correlator=1636929255709617&output=ldjh&impl=fif&eid=31063133%2C31062464%2C31062525&vrg=2021101101&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=21735448363%3A22367406785%2Cearnme.club&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200&fluid=height&eri=4&cookie_enabled=1&cdm=earnme.club&bc=31&abxe=1&dt=1634234728061&dlt=1634234727744&idt=306&ea=0&frm=23&biw=1600&bih=1200&isw=336&ish=280&oid=2&adxs=632&adys=3877&adks=3350271826&ucis=lyeolrf07mix&ifi=1&ifk=3655946209&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fearnme.club%2F&loc=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&top=earnme.club&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x280&msz=336x0&ga_vid=1283393647.1634234727&ga_sid=1634234728&ga_hid=1218100339&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

83f08309977cbf8a379c5f163c54fb12b62ef9c5b41718c1f52c1b797ea1a5e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7405
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://earnme.club
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A414 6 KB
3 KB 49ms
21ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B68E 6 KB
3 KB 44ms
15ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6019 11 KB
9 KB 54ms
27ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

883c565c8660789549b0caeabf67a9ca7c57463c1c3d222186911c989e1d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8518
x-xss-protection: 0

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 877C 0
0 344ms
110ms Document
text/plain 67.202.105.24
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=cFJaFg4dmr64KsaKjGFx_2&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip24.67-202-105.static.steadfastdns.net
Software: 33XP005 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&ru=deb&id=cFJaFg4dmr64KsaKjGFx_2&gdpr_consent=undefined&us_privacy=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

x-33x-status: 2000208
server: 33XP005
date: Thu, 14 Oct 2021 18:05:27 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame B68E 18 KB
8 KB 31ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite_fy2019.js

Requested by

Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:05:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B68E 8 KB
715 B 30ms
15ms Stylesheet
text/css 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f138.1e100.net

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 16:58:38 GMT
server: ESF
date: Thu, 14 Oct 2021 18:05:28 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame B68E 14 KB
3 KB 31ms
8ms Stylesheet
text/css 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.css

Requested by

Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 18:33:21 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame B68E 352 KB
122 KB 31ms
9ms Script
text/javascript 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Requested by

Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

9af2a8ce32fd1a1765ee52d154940f56c2388ff1927226dc71570584202d8e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 12:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277954
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125117
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 12:52:54 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame B68E 14 KB
6 KB 30ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6019 17 KB
7 KB 37ms
17ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js?31063158

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame D516 12 KB
5 KB 23ms
7ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D4DC 783 B
1 KB 41ms
19ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

fce532bfb1fbfba01843965e730862e7ab9caf2c796010668b7b66bdf3e5bad1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ucat0nqLJ8oK9Rw3UQgnBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:28 GMT
date: Thu, 14 Oct 2021 18:05:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ucat0nqLJ8oK9Rw3UQgnBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 csi
csi.gstatic.com/ Frame B68E 0
348 B 279ms
99ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kur95ulk&c=4141617371549&slotId=2070808685774.5&qqid=CIOsr-O-yvMCFQyuewodPyYL6g&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B68E 15 KB
15 KB 29ms
9ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 92028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:40 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B68E 15 KB
15 KB 26ms
7ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 17:27:37 GMT
x-content-type-options: nosniff
age: 261471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 17:27:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B68E 0
20 B 58ms
41ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=ColTQZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTpAU_QwGk4Fo37ZKBSBTXLW71GF2bkbD3dMrq0y3DxHpiK7HTBg_4CFc09WUXNb7tgcjGyEg0nOhxhH46WxT7zOxd2O-AEmc-BHEed4TeFv5oz_qOeXqQTrg92rspQEgtWDEdAJ3yI1X0RYSae2UwfODcuHAL_F-bqrkPxH-NGXOwXnXmJhAWeQXAqexv4SE5gABI1yMl0VBrMwb4HLw-9s0ZPycNCNsB_FTxDCnFRXbkJcOXwvPeaSzCP52VAnyOCR2QTQaPuTDO3w6LCa91yvcnoyChyDi3SZQ6Qv8onDRTIb5khGPYbGvWrwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB&eventType=clickstring&clientTime=1634234728241&ai=ColTQZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTpAU_QwGk4Fo37ZKBSBTXLW71GF2bkbD3dMrq0y3DxHpiK7HTBg_4CFc09WUXNb7tgcjGyEg0nOhxhH46WxT7zOxd2O-AEmc-BHEed4TeFv5oz_qOeXqQTrg92rspQEgtWDEdAJ3yI1X0RYSae2UwfODcuHAL_F-bqrkPxH-NGXOwXnXmJhAWeQXAqexv4SE5gABI1yMl0VBrMwb4HLw-9s0ZPycNCNsB_FTxDCnFRXbkJcOXwvPeaSzCP52VAnyOCR2QTQaPuTDO3w6LCa91yvcnoyChyDi3SZQ6Qv8onDRTIb5khGPYbGvWrwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB

Requested by

Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame B68E 20 KB
13 KB 90ms
45ms XHR
text/xml 64.233.167.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-B7fNkXqy6CEqxRyhcznwUa0wfL7YBRiZJOoy2YSeVLKF68QXn5QPcTXGopyAqMU8Bp85VHcseHZ4zDzPZI5lwf-luC8w&dbm_d=AKAmf-Bv_eU2q8RapEwlDCaBBlHUIqC_WN-c2vlCK768Kk3gwuoyvT9_W8yUOmJbqKBa_VM1757S7ALScuUARKRXixKaFKGVBfFwt8DoHDre_D6E_Ocw6SamIkRXnQaQgjMMiwSRFb5IGxbuHIcw9afr7IiO7dGCGs5vKl7MVJoLFMpr95tQi8-g-A1kwXxbWGwtAwKM4sYgBIGHzrV5x4C-bYfb1A133xdCnlT6RPsIuuzXPcmlA9ZqridJhIWoxXRxeFkce1sjDF82qNx_4d995HyG9cCDw5it0NzPbntQgH2HWDDIBz0mh26Ea746rZFDeFr3bvUWHYvn5z-UsmPrNLp66jCk7qOJCLPtA4CrOYIBOxcfdZTecNmEhgSPyz74_Lv25m7BP952XG2XjDR8qN056a7BVCfaJpckGXMfGHNesogq2NwHzpw3gCsjDElB7gtflGxsd5aCJXiiWR4jYmCF9zjs1ME5Q5DAtpkx2Qy18uTEWM_OjD2Wg5CsmPOQ4QfkdsCqBK_gLmZlI1NR7wmMNoChfQbeT5g7r40YIXjVr02mv9JYFzFRemK-iJKH_9SGsDBZDSyM3Q3kvfvRPR8x5hf-QkT8_uYiJbiLM7idVE9-cbTwtGBlI-nHUsX7k2zqOA9nz3EBnvHy6edRMOxp7CKipO_FGuZMP22WB2moYKzsQ29a9H8rinJ3ZfooOw9jMo7JuQYtY0ZHXv6kQuhmoDJnzJzBIvv5KHRtDQLRfmd0Rb26aeEuh-BqfuBvPTsGsH4URYible45RAD01VQAWFv0jrRNxd43sFMhsA27eFSB2NzH55pjXnfE0PMqXRwPlRlINvWvaqfOpbyw53bSQUOPAWYJP8HEvMNfpsDU-zCVDegfXUd0O--g0xoIcf7Bxs4BS58kPdni7b8L20C5k8bQMYrBYmX530AzfVrhUZRW84lh7oEDx68BRxInBlg4pTEF5BuSBgJhP38uQw5-0U8D4lig_Caln1P0W-TG4jXZPDItXRPj6ZSIjhFjVGptTpy0g0C83rA_fBE5XQQXY-QLGdLnmAL27RSvZ4X4p5QD6rqVwKOqs8x0Ptd-w87xQOy7uvpCf-MF1KYXCnR_GKH8weDfFo2e5RQt0r-0TeVmxr5hKbOyectk1j19_erDydMsJ9HmbZ-B0Yiu3sj-hwYboVaT1mbybQMF50hh5TWoZSgZVHFrzJqasmX3NUBdwDXBHntjAhBYvJWA5sjIaxAheygclcuOMduk-n1KjSVO3ZK-c2fRQH4pMVOHsSpRoqKf2ZGh5tZhQxiB_halPmx8Y4YeXDCR_q7m5FDduw-ZDXs4cl23gHjhEdWX7_jhHMns80hfhXiDtPNAvR89J-CaOFIAbaG2gdPAOq5jkHOOVZC5VLtCUYi1xXRdBiTHEJRXuDfWDi3hPJyvanBhf1wo9TGwzy1emFkGDBBT5QRFhXPh__FKgR-_szcRAt5WUY-JYYulB36DQQfWHHCOhOke8YkZScr3iJywnf2yrSkhvJ7bS6dtx0i4FDxMXAljIAEvuzCF7iUTgJOz5AjJBKE-xYnj5-PJ1n5igeRPwKDW6mk4dFw5uYKQM-EGCSOSXd7xR48XuaFKEDIaqwa4CO9bNe4ubOoHK2wWVG2S3hZDH1qnVy8aCBLfzmGwtoCt-Mniw1REweZPXFCKDN0jPF7ij2gA3P_qrHVYUGrTro9hjYUODJPpUWs0rzWUh8o4vxEiAdHqUQ8iFg5cU00sW5D4vBGyv7KzY4WMnMf2zQyuLoBlfza3-7EOnbjgFAY-bXBGtTuPbt7RXo_fFXggGDfFjlIsZI-_my0L4TLtxqtFYa3rfErzuTXHTUev3FEWFcBIFe8yX6hpQQeOmBEs-2LGzXEKXWl3Ck4v4GzqY9MsUdSaN2OSEyrnfStMH27OwxI64moeJ5JdBrr0pt3BXE0HQjQ22vhxLzPL33wMnbQMagjc-XFXHas0SEhio1RP6cCxUIFLjuI7DeMy9QNDHXZ3Xd_c_rZsNE_9nJbvn6lWEKTCVH_xvUSndQH7ThvR7AaVxLiyvTMcuth_e8CivsH8AHu8xosbGFacpjIJTdlB96Bcma5TK7_Q-yxEiPLTAxUuYGTBa5qWcuXpAJMKTp5SDin1gV9AaVw4CqR2Mu7LKigLRnchJRsVfOg9Tkn-Tq2fLbEY471-1fJqHFTzVaoYK9X4Vn85EPToNT9uUw8yAahr5CwpyVO7P7SGrCpOPtCOjGMZGH82NZkSMfM3TZQW_ADdxG_BPiULMzAB_Z2tR3LbQKNQdhYy2IPJITVI5iEarn203SsMzOo2B3KPoNy8WaxKlVdZTQvKl0biEtKnItavCDos038CMxxlcmH0-DJ-TILDF2NZRnTyko2tKIttbXT-aBC36TO8A5aAZ_Mkad5JVZ6faFYMLkp14-6XUWw6jMNS_-uNblhD2hFfT8jjiy-r9cnGZQHc38rbuEFaR87xqXFPQMpKVVKHnzPfY5guME13HBpelPTSBv6Zk7eQOMNMXTUrvFCuOqN1TvnZkmOkJ3NZqYQjSWbGzub5HIa2aPuM8HfUdT8j9YoCC3OrrDkOU5rgFD7qbsadpCTE5Sy_KPc5MFoiQTXxq8DbvAkEAJExjueHSOKS0SJDRMyB1D_YWrqPLWmxlgTv3ZeeT4OtbTDCkui4RJD1u65F05nETBXUf8vxJSzsKvABmeS2HAUHJwAbVFlMqNDxdw4E-wgbv7JkY4L9w_rCBngxuDuW2OsfLG_IbfeqdRefoQVasp6uFELQfH32Jazz2jIXGdaJmpifuLf-dVpoJN0F0O_HZAv9GnXkJc4P4bQZMJD1KupYsn74kOOsfwHE3lpQA5cxtQjKWSnYjDsmFuvj3R-7X1NdXOd65v0o76dVh9Drb2JXGczqGukibDE4tI-BqcT_yYqtposDMXXssB-jfTGiSNsHOQFFAQfFB4ID8DvBCpFdQjt1XeEYY9Ce9jgsmT-pHkihDR5cGo0GxSmh6tKZAEYY7gJ5E_3BtMjf585h4eFmMr8GnFfbnnITVbWS_iUEvWfuUGt1ZoNvb9O3KQEakRAkbQcOqo9YGI1Jh6neHrHGcp2XqozHA4mqNG3vPjR3zK8__LEKQyIbzcKaHNu7arTkhe4vzHhBzUGOM-pIJjbga40XbDtwHURNUVcWnPZzi6POr3WONJNpRt3MWB9kCdPfB2KDx95bmccJj0XjrHRa-GQqHLWw7RqTYiZ8MYmMoqrnq_3JmT_LEjo-wxjCTOvl7t3Gg0hcyGfG81_SJQ&cid=CAASFeRoBKjRL3geTkFMR2cZKsIKALa8Qg&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.167.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f154.1e100.net

Software

cafe /

Resource Hash

699a06ea55cc549ba44d4715cda02a16c179c9d7e0823ff1d34d9428de96a13c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12681
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B68E 0
0 44ms
44ms Fetch
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cu2-DZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwGqBOYBT9DAaTgWjftkoFIFNctbvUYXZuRsPd0yurTLcPEemIrsdMGD_gIVzT1ZRc1vu2ByMbISDSc6HGEfjpbFPvM7F3Y74ASZz4EcR53hN4W_mjP-o55epBOuD3auylASC1YMR0AnfIjVfRFhJp7ZTB84Ny4cAv8X5uquQ_Ef40Zc7BedeYmEBZ5BcCp7G_hITmAAEjXIyXRUGszBvgcvD72zRk_Jw0I2wH8VPEMKcQlcI_zjd7YuKR3ISy1kLo1iIkC6Q6O081uRLarJJstCxbgXJLh9_-gaA8qJ0XW-CPjgBeR3RZODjbnABIuQndfOA-AEA4gF6ffJti6SBQYIAxAFGAGSBQYIGxABGAGSBQoIIhADGANIx-JfkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAfAxbrGAagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwDyBwoQjblNGNXhhacB0ggHCIhhEAEYHfIIG2FkeC1zdWJzeW4tNTU2MzUzMzI1ODE5Mjg3MoAKA8gLAbAT7s_1DMgT4NjICdATANgTDYgUMtgUAdAVAYAXAbIXHgocCAASFHB1Yi00OTAzNDUzOTc0NzQ1NTMwGKv1eg&sigh=2E5YEthz8ls&uach_m=[UACH]&cid=CAQSPwCNIrLMjtSWlGxLn2BzNYeubNbywplY9HALA81hQG3HmBAcg2dfDvrghKZJmOHBnX79YNqQRZ32UILSh8qlKg&vt=10
Requested by: Host: c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
URL: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame B68E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f569281395ee24379c6e52ec186baa7b95f9e827f519128ff4681efe682f7b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012109102127000/ Frame ED8F 189 KB
55 KB 59ms
7ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 158423
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55506
x-xss-protection: 0
server: sffe
date: Tue, 12 Oct 2021 22:05:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c42e3b94efe0099e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Oct 2022 22:05:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame ED8F 13 KB
5 KB 69ms
18ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131450
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4995
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 05:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bc03df60ee69192f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 05:34:38 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame ED8F 89 KB
28 KB 70ms
19ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 83804
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28507
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 18:48:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "283b6526337df106"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 18:48:44 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame ED8F 4 KB
2 KB 73ms
22ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131946
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1638
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 05:26:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b3f838efba7b15f2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 05:26:22 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame ED8F 40 KB
13 KB 73ms
23ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 346479
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12820
x-xss-protection: 0
server: sffe
date: Sun, 10 Oct 2021 17:50:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2e8049efde94274d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 10 Oct 2022 17:50:49 GMT

GET
DATA 200
OK truncated
/ Frame ED8F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f01616ffb4bd4c2da042673a3ab2b8407bc40c9246cb31d6ea9d1897a5b36fd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 8420690197192890531
tpc.googlesyndication.com/simgad/ Frame ED8F 7 KB
7 KB 12ms
12ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8420690197192890531?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qk-LfibvlP5jkLB8yYgGOMebB_6dA

Requested by

Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

0c64ffb727f16b430dcb84d2ef5cdc376a401d3638cee1fb43cb7f706a4e3976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 09:35:10 GMT
x-content-type-options: nosniff
age: 549018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6943
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 16:07:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 08 Oct 2022 09:35:10 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ED8F 2 KB
2 KB 8ms
7ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 14:19:22 GMT
x-content-type-options: nosniff
server: cafe
age: 13566
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 15 Oct 2021 14:19:22 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ED8F 295 B
319 B 8ms
7ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 14:31:09 GMT
x-content-type-options: nosniff
server: cafe
age: 12859
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 15 Oct 2021 14:31:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame ED8F 0
0 31ms
14ms Image
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSzxf-0_FGKeS0mJmbr8raAhsQgSEWr5WnGOAY3sGTAeyUasDXSI9GpA6luXlGO1ebci8I1
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame ED8F 0
0 88ms
88ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C948wZ3FoYYjtN9vx-gahyLv4Dtul9tVk3-S-0OsNpOfy7ZUCEAEgvszXamDJBqABl5342QPIAQKpAufLONv9A7c-4AIAqAMByAMIqgTyAU_QkX0NY0KjPuQgp1VhPbktdgo2Zm752SxbsOvhboSf5Z4VL1elHh4JhqQDo2aoYDTN9YrAbrP3aXbejKKrB5m863Gq3Vh8-a0qmXj7oxBDAVUZMxIuVAzUNRfyjy9rOrIgQX67A6ArY-psvsmPCPQ6gKMCS1-fD2G8bzisUAe85ZOlPDu0bWdV6T_Iu9FXIcy6iZsXpy_OuKn4u38y7nMicJIU8BTI2zYNlkoLzroswttre7qCb4xslbZBjLR2g2EyGpgpaUOTXqiHOdXAXIHHtMrRykxx0bweyaSbXlhv8fzIlmho60t5hkVw7xvIi8D_wATQ2-KamQPgBAGSBQQIBBgBkgUECAUYBKAGAoAH0eKHJqgH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwHyBwQQ7foP0ggJCIjhgGAQARgd8ggbYWR4LXN1YnN5bi02MjE2NTE5OTQxNDEwOTAwgAoDyAsB2BMM0BUBmBYBgBcBshceChwIABIUcHViLTk5NTk3MzA3NTQwMzgwMjYYxt1t&sigh=bpclN94ftSg
Requested by: Host: earnme.club
URL: https://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame ED8F 11 KB
8 KB 36ms
20ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

44c03f12c6fb725f6167d96034b701d35de2207963bf511e50d518febae6bd39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8495
x-xss-protection: 0

GET
H3 200 container.html Show response
8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4A2D 6 KB
3 KB 16ms
15ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7362 11 KB
8 KB 24ms
23ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

3646fe53fce065a6f2d4460fdad5fddeb78dd1e6b1c77fec519d264138455137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8450
x-xss-protection: 0

GET
H/1.1 200
OK 57264042 Show response
unified.adsafeprotected.com/v2/774604/ Frame B68E 22 KB
5 KB 185ms
63ms XHR
text/xml 108.128.225.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/774604/57264042?mon=57264043&omidPartner=[OMIDPARTNER]&apiframeworks=[APIFRAMEWORKS]&bundleId=[BUNDLEID]&ias_xappb=[ctv_appid]&blockedAdTracking=https://googleads4.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjsvERamocrzFxWc7tFQ0Z_vlBMXkcLKvDHNk6ZGjj-RCGcCu82oWiKin0HqhQAsBv7oyojE1IKI3i_WsHPBKPhzJIynRXG3c8dwnn-3c8_RqwSkZ5nMaq70y2qMiWg%26sai%3DAMfl-YQP7xjB1yACDzKVWA7Aej5pYaUTFatEmm1Rz1uimldrgEXUKK7FQF5nfdHu50878DXnZEZaoKR2xZrm9GghXnyDqG6ElRaxxSS34SM%26sig%3DCg0ArKJSzEN1LXnN_w2xEAE%26urlfix%3D1%26vt%3D13%26adurl%3D&redirectedRetries=0&originalVast=https://ad.doubleclick.net/ddm/pfadx/N286407.1972103DOUBLECLICKBIDMAN/B25684492.302338137%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/%3Bdc_ves%3DdGltZXN0YW1wOiAxNjM0MjM0NzI4MzM5Cg%3Bdc_cid%3D159304060%3Bdc_adid%3D508738722%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.225.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-225-113.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e4e84a66dc8716879937866fd96fb9436ed5bee473bebce28bd2b212394c4387

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:28 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4621

GET
H3 200 container.html Show response
8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2495 6 KB
3 KB 15ms
15ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:27 GMT
expires: Fri, 14 Oct 2022 18:05:27 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 692A 11 KB
8 KB 26ms
25ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ff57c745ef1ac11af00ef52a114793466a53b0c9c33f2de31c1102e39b0b1cff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8554
x-xss-protection: 0

GET sodar2.js
tpc.googlesyndication.com/sodar/ Frame ED8F 0
0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7362 17 KB
6 KB 17ms
16ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D4DC 0
0 74ms
73ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101201&jk=3143325445286147&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 692A 17 KB
6 KB 21ms
21ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame D516 35 KB
13 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 4A2D 18 KB
8 KB 6ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite_fy2019.js

Requested by

Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:05:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4A2D 8 KB
715 B 16ms
15ms Stylesheet
text/css 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f138.1e100.net

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 16:51:52 GMT
server: ESF
date: Thu, 14 Oct 2021 18:05:28 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame 4A2D 14 KB
3 KB 22ms
8ms Stylesheet
text/css 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.css

Requested by

Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 18:33:21 GMT

GET
H3 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame 4A2D 352 KB
122 KB 22ms
9ms Script
text/javascript 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Requested by

Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

9af2a8ce32fd1a1765ee52d154940f56c2388ff1927226dc71570584202d8e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 12:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277954
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125117
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 12:52:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 4A2D 14 KB
6 KB 6ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame ED8F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

252ms
41ms

Image
text/html

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 2495 18 KB
8 KB 7ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite_fy2019.js

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:05:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 2495 8 KB
715 B 16ms
16ms Stylesheet
text/css 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f138.1e100.net

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 16:52:40 GMT
server: ESF
date: Thu, 14 Oct 2021 18:05:28 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame 2495 14 KB
3 KB 7ms
7ms Stylesheet
text/css 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.css

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 18:33:21 GMT

GET
H3 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame 2495 352 KB
122 KB 9ms
8ms Script
text/javascript 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

9af2a8ce32fd1a1765ee52d154940f56c2388ff1927226dc71570584202d8e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 12:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277954
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125117
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 12:52:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 2495 14 KB
6 KB 10ms
8ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2495 0
0 16ms
15ms Image
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQdQ8vN9xtctlncy4fLshaowsBBQTTCFpMtGOLXJsNfNeEI5oEJRRxLNtMKTph3x66VBUJ6
Requested by: Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 2E14 12 KB
5 KB 7ms
6ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A42F 783 B
536 B 17ms
16ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

dae3d6f03ddfaa29b7032682e2b4839b60a3bc0084de91d87edb01dce1083198

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-x0C5IKVxllOm7FEZs0UTxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:28 GMT
date: Thu, 14 Oct 2021 18:05:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-x0C5IKVxllOm7FEZs0UTxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 8420690197192890531
tpc.googlesyndication.com/simgad/ Frame ED8F 7 KB
7 KB 8ms
6ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8420690197192890531?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qk-LfibvlP5jkLB8yYgGOMebB_6dA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

0c64ffb727f16b430dcb84d2ef5cdc376a401d3638cee1fb43cb7f706a4e3976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 09:35:10 GMT
x-content-type-options: nosniff
age: 549018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6943
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 16:07:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 08 Oct 2022 09:35:10 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ED8F 2 KB
2 KB 9ms
7ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 14:19:22 GMT
x-content-type-options: nosniff
server: cafe
age: 13566
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 15 Oct 2021 14:19:22 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame ED8F 295 B
319 B 10ms
7ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 14:31:09 GMT
x-content-type-options: nosniff
server: cafe
age: 12859
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 15 Oct 2021 14:31:09 GMT

GET
H3 200 container.html Show response
b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FC8C 6 KB
3 KB 15ms
15ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9132 11 KB
8 KB 22ms
21ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

0b3f31053a8dcaa33f1803fa1150192da86bef77300c95ab8e21a3f1942a9b99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8448
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 1F70 12 KB
5 KB 6ms
6ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 830D 783 B
534 B 16ms
16ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

820c110e108bda5b52f9dc984d798c7d5af896d583788d1ad3d54339d52dd500

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BnT9j/XVJtXjGcxH9Gpakg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:28 GMT
date: Thu, 14 Oct 2021 18:05:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-BnT9j/XVJtXjGcxH9Gpakg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 204 csi
csi.gstatic.com/ Frame 4A2D 0
17 B 193ms
99ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kur95uut&c=2233482178640&slotId=1116741089320&qqid=CPGtu-O-yvMCFTKIOAod8eQIdQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 4A2D 15 KB
15 KB 7ms
7ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 92028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:40 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 4A2D 15 KB
15 KB 8ms
7ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 17:27:37 GMT
x-content-type-options: nosniff
age: 261471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 17:27:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A2D 0
20 B 43ms
42ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Cbe61Z3FoYbHeM7KQ4gHxyaOoB6uB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTjAU_QQNRzxuGb95w1Kn9qlAZyt5Wp09_IiRMgg3B-iT_ixUsA40M8N2vcuB6Ias9yauZlQ4cJgjzMpGwq9Z0BiQtOUjqYV-znGuv0au8o8t-1WFFrqdSP0evuZ09pIZP9W4hydeuKA358AD_QLvTgsAon0U07VW4pqTHqcq62rjckeZ_08_9UcGQlfDcVgk021C1VIM-yTf3aXwL0lV9hB917uA4m2okhkvTRb_R-F7KfJsEyydI9zEWjTvoc2aDltE6m7SN0GY8aJFJuhZxDuCHqAaahEDkYb4l5mL8e9xjti32rwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB&eventType=clickstring&clientTime=1634234728569&ai=Cbe61Z3FoYbHeM7KQ4gHxyaOoB6uB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTjAU_QQNRzxuGb95w1Kn9qlAZyt5Wp09_IiRMgg3B-iT_ixUsA40M8N2vcuB6Ias9yauZlQ4cJgjzMpGwq9Z0BiQtOUjqYV-znGuv0au8o8t-1WFFrqdSP0evuZ09pIZP9W4hydeuKA358AD_QLvTgsAon0U07VW4pqTHqcq62rjckeZ_08_9UcGQlfDcVgk021C1VIM-yTf3aXwL0lV9hB917uA4m2okhkvTRb_R-F7KfJsEyydI9zEWjTvoc2aDltE6m7SN0GY8aJFJuhZxDuCHqAaahEDkYb4l5mL8e9xjti32rwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB

Requested by

Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 4A2D 20 KB
12 KB 55ms
41ms XHR
text/xml 64.233.167.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-CoWBTryDwWZ_ywgs9wylMNwfmMmNjZ-64avGOYrsudKjBVOOCFBqcuf3yGQvYHxwyLGAkfvLypc1kok8NA4snLfQiJIA&dbm_d=AKAmf-DfpIhXafrjhyezSRsikliuADuV2LdGLjmrv3YjJXeNLH2nSw7xk9L_eRhXY1e4ISBRlf9jQGYlZE-PRFTdag27YIRes3pK_Y3XueV1coF6VqvrhgA0kxuEHoHP3UYeKoTcfBoNRCtWtEE0EgMxO3hvDETwOAHdZeVFTPhpE79tT5R_mGFCmrbMQlWa7lgk2vzapR7Zz3fPmQ2kDmjo4dRNGMHmq46p4_9EEXJebcdt4oEHrmxdJ2yDGaG-NPh7oOCV3IgRTEBaQLUmdSycAg7Yru1jH6jr6iDeYEBLqRS2jcJf7KyjcuGhWWdABD2W1W6OjUyP67bjtbiLjbKykyvftVov1-f0KpFS8ZmofTHcDeyLtTiogT7M41mFk-HuciXO0BPV3Fdc-X2-CGjpnQnThScG51wsRwXm7DOWyf4Si9Cr_uBr_GZUlFqcoZsWlVT-lJvulVvGjSAr8xuiund1tVgvUmL1rV0PpUqgmx2pC47ARhJq_57dLjfSPPpx5A4tX0easQ3ZNgSc2MLqvMlIh8jqbTI4G2LImj_dHNOyHndlkQpVZS0SRaX7ngEqfQ5VNc1sWR86pL64ebLtcD3uicm38Ph75xCkrjB620pZyHTj3TisYydgG2f1hPXRitOc24w_aeTCbdmucpsRi6RWT0mZ9_mCc-u3Z0VAysx4ALmdjDCOBJf3C8PyJfv22VQVRRwmOMQNYovwTTvBVeo_kJa9pcPTDUXF0zve0p4mWcvXJb8RH8daLXDGKUCuJVYgWPq-AK1J3d2BwLMA4taZfVGvFVajgLCEgxtquKa4wll9C4HffeMd4rdXAe-tOyQqnb2N_T3Q5CcBKBu53yZ3gwFO4cgUgG5mFWDSLy7uvgyk4nlpwNhMbx4ucFo4pdQyOe22UoQuihyqgGESm7SwrH70YAGckw6MA8ggl_2lPoDu63fA4wDdj1igxcxXo65KG4nkm1vIReFZeSoVH7GM3b6EwzIT7aaHzbjB-nERm4t5TQTJ1V40Gg6BpONVIR_K5YWTi152yQCzTP0ylNbEK09jbeOSyLQNM7wIgrqLWhQfKyaCAPrXPeRc7Y2hVdTph6PHl8PBYhCDRmDconJ5cKefDe00sXedsip32oPg1Wqcm2uIEJUy218FDE9akhSmyXmnhyOMAnIsaYLrvjedeggU1xwqo7zFwz9pm9aAtxA82HwXIzGdusKN058A6QImNrhmXc8GtlOrnGgxhaoYEaJ5hlRCJevud3I5a3fWkJ0GIFyW0LyVbHUXluYbvfn7JC6m6BdO9Jyc07CoIG-CyDMqDKUBvaPE3UjlWo9mmUqXJsKzDoI2Eaa6Btg7jF2Z-rDcsTsT6WnZmKecljurGZjJpsRgz0tvRi4AHixt2W3wQ9MKLHARppmZsjh_GSk0E_FhD410GqNsS5zLEcubWSRLFMcPwDe_25VfDh6gwM_0OjIS_r07Gbr-xK42wXZXyPnV8mAMYvnSEivl8V8lfKoUQw9RbLcb63w9pC0RG2n24TWHtnw1VlbONqr94YFbGbPdFCY2A-92FZgiTWj8SLU3Ipb7-rGnzNpEvmqjIy2ysUGRvymps2M88zQzCnTUKai8hEG35y15Jvf9PNvqGACToiuCZhPPF-vOlrY-YoaAqTmXpLuTOglwc8ns0A18Uuq1DXKy6QpRwPrhBiT1QKM6f-azuHG81oW2TpCqa_-tZISo6RX0JQl-h1bO5b7jgebR2Gud_b_hHew0W350Gk05OCJDnjOIYr1gETqJf_rum_Yv5KDgnpnakn1xYtdzfxgZcZsFAr7LqWOKWDqB3hvRtCoXVgmTWC1cnMOLplYvQbYN7r2lsPxAN-1-cBYXB3UnsoaLfh-0oLL5ERF3WtQP8fENG7rymNNtGT9bI4bT6iYz8h9T--bgxxLK0gCsuXH-tShG1Co0u9yDIuP_HG3TdTUf-Vnv4VVJnIxvmfTe_5Q8TnwnCqJMZUmwxbKfbfJr-GlZk0lWqEtkH1KkIEJIr_XV23Ww3RH97sdT5jfqGjtLdYeztRc5sW3jutI1bFrZp3czhO6Ks_ZA18hhwp9iNTkz4aW0arE2tOUyctgKVxSENUO9nadZDyXD6UiLnoN-nBxdS7YwLpWqwb3L3BLZax1Y1MmjUyvJx3BOAYLnjNEW2lM0lfc234BHup7zLxpT-s2qU0bEc-2rHtbe3xL1qQwopgVylboTOzCrNCFA4hYrdJC6LJTFkdV7ASDwr36HXVpfMZxaZt1MCGzDX7UIwEpWMIPo0_wMuM0peCW-sQtm0fQ5vBQa8jIRr8-KgKB1tI9gXuMXP3EsSTJMcE1D72QgF670yyibUSudvH9VnW1X_4sFNrCItqOTas_k-fakAQp2zXN0beAECtPd9MMyEXx8D3pksEd6HCnQgryJpD3DcDxSQYDySlestQSA8ZlatZJ7SAnie0DHeTncIl_G3Rh1tNqplFWDxYvuJH3MfdmcMjKxMn4rrokJkgPKWIJi4UyzJg3Ax9hyxlqMSBhwXAl_nox4K4XBQtuRiYqoBenRg80iT-G3phq_bnrHbTkU7o-xnPZYNeyzCnMR-KuVWe2YDUKWXWGh2L2fAnvlPXK_HlIiFDfIEJODkE4PceYfOt31L9QQyM7LP8pMQ9GTojNaV6u8s_izphg5b8FtXEVI29alkFDEPCtzIBH_4XamOXBHkuHQ_ZFbT_vJUVst4UlJVvnyi_RXam6dtpuxISR4ZMTR1wDL5B1dSQ1NYm4B2t-PizOqPmEnOdewYioQvMWTBP_W3IaZONyDEEl7cV_CysiEHdRo1uvs7szM7NcyWcQFHUevabMDfWwH7GX6H6Q5g94Jw4sxZxqAvikiWdYPhTHTH6Ee1LMa1GOYm9WlM3I4qF1QmZ5sOHMkXDycAvgnIvPS5mDDKwl_Ah319ML-46Z_cLMlPP-g4gJeheEFCGj_y-bemRD_YbydEKOoM0-vG7EJhKTBSRrFt8bfffDP7OcOIKgTLSbbMXpZveWbqeIB7CJJy5IqWatjn00yWxEatB8rVjcCDv2U-IayMkNjZskH2HOI5cR8jJYUsUdbrzkNOLijaHAIwkumLD3W87CEeWg9CwuNocXWQ8WP1r-0FuKUBS-INbuLI1Q6U_5cCb7ikudOfeO-a2Rlq2OIcZ_7iPUCi84MLCAk-rquIpAM4al3J_W7sJfNFOia-RtfqDaZc-FbRpqdyBOB8nCiHofo4dhFyDtQ_MssazlWaocjTF6eoUoVgKUw1qNbW9qb&cid=CAASFeRo8stHkH24n6uY2sTzUAcn8wrnCA&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.167.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f154.1e100.net

Software

cafe /

Resource Hash

17030c257c351a99a03a598b79399f303bfc3954fc1d674f8ee4b30b00b32803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12590
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4A2D 0
0 43ms
43ms Fetch
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-ZLgZ3FoYbHeM7KQ4gHxyaOoB6uB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwGqBOABT9BA1HPG4Zv3nDUqf2qUBnK3lanT38iJEyCDcH6JP-LFSwDjQzw3a9y4Hohqz3Jq5mVDhwmCPMykbCr1nQGJC05SOphX7Oca6_Rq7yjy37VYUWup1I_R6-5nT2khk_1biHJ164oDfnwAP9Au9OCwCifRTTtVbimpMepyrrauNyR5n_Tz_1RwZCV8NxWCTTbULVUgz7JN_dpfAvSVX2EH3Xu4DibaiXmTbiT8ZjiFbBilupBKmfAxRGGz3aws8FBpULvnp30wl9COvz4wS9msD_LteUQR-8eCmFWAY6xsY0_ABIuQndfOA-AEA4gF6ffJti6SBQYIAxAFGAGSBQYIGxABGAGSBQoIIhADGANIx-JfkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAfAxbrGAagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwDyBwoQw8JbGNXhhacB0ggHCIhhEAEYHfIIG2FkeC1zdWJzeW4tNTU2MzUzMzI1ODE5Mjg3MoAKA8gLAbAT7s_1DMgT4NjICdATANgTDYgUMtgUAdAVAYAXAbIXHgocCAASFHB1Yi00OTAzNDUzOTc0NzQ1NTMwGKv1eg&sigh=76ox9NGCVgk&cid=CAQSPgCNIrLMn3J6hCVIwfHbrE-HCOQV7nxHXdjAUc9JASLggRUnnMTaYEJYqA92k3Dy5ZmGXHFQQAFWQ6zv-K7P&vt=10
Requested by: Host: 8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
URL: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 4A2D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea71eb8aafa4dbdb3db16ae597758727ad48d0b0795b1baaf71c7f973d2a1784

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame B68E 41 KB
15 KB 8ms
8ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 11:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 08 Oct 2022 11:24:01 GMT

HEAD
H/1.1

200
OK

file.webm
r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame B68E
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sign...
https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,it...

0
0

103ms
18ms

Fetch
video/webm

173.194.188.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0B88535CE7AA74A6CC2EAE2341702677EEB4D919.4AA0C99D39CFBE07FA1C663901C41F6FC7A280A3/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:28 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1720309
Last-Modified: Fri, 08 Oct 2021 15:56:24 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/webm
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Thu, 14 Oct 2021 18:05:28 GMT

Redirect headers

date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 646
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0B88535CE7AA74A6CC2EAE2341702677EEB4D919.4AA0C99D39CFBE07FA1C663901C41F6FC7A280A3/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame B68E 0
17 B 159ms
99ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kur95ulv&c=4141617371549&slotId=2070808685774.5&qqid=CIOsr-O-yvMCFQyuewodPyYL6g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=757&mt=video%2Fwebm&vs=854x480&ulv=1&cll=0&vmfc=19&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C46%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=44&vsrc=doubleclick_dmm&ple=1&ape=1&met.4=videopreviewvisible.rn
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5C90 6 KB
3 KB 15ms
14ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3244 11 KB
8 KB 22ms
22ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021100701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

981297c0128fe053fb1b9feb8d6af4c3a4c295239d65b1e559bb5b2dab38c6b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8515
x-xss-protection: 0

GET
H3 200 container.html Show response
fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6A23 6 KB
3 KB 15ms
14ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame A1A0 72 KB
28 KB 113ms
19ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

9d95be8c77455d049fd9b1b0cf720b8bb3529a03fe60d71687ce2031d6d85c10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27658
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952273750605"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A1A0 11 KB
8 KB 20ms
20ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

21472738e0cce864a814b7e7b6f641bf274f2878e1375f0f691a2061d65f4eff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0

GET
H3 200 container.html Show response
50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A47F 6 KB
3 KB 15ms
14ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 18:05:28 GMT
expires: Fri, 14 Oct 2022 18:05:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C6DB 11 KB
8 KB 21ms
20ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

59616c4308ae547e3b70ba9b6d64292db1a5daf10fa32b8b85bb3a1e18ea1fed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8558
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9132 17 KB
6 KB 36ms
36ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H/1.1 200
OK 57264042 Show response
unified.adsafeprotected.com/v2/774604/ Frame 4A2D 22 KB
5 KB 61ms
61ms XHR
text/xml 108.128.225.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/774604/57264042?mon=57264043&omidPartner=[OMIDPARTNER]&apiframeworks=[APIFRAMEWORKS]&bundleId=[BUNDLEID]&ias_xappb=[ctv_appid]&blockedAdTracking=https://googleads4.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjsv5CaXqFMTxVL58Kjv9MgL-5YAJkq8PywF9o0vV-XzZlMmlocKWyHOjzcdrjqcxC1hlgvPrABCRWu35oCwKX9iBuS2Ke9NJWkk6Rs9gkda6uv1UA6D27LOncvpBmA%26sai%3DAMfl-YSCWKoMC_gb_xT6943AGzg1zVvpk7eQCBJLgOQnrgz9PHNHDht5sb3sOtyuJ7OKa5B5ByrLgIgr0O8JD9Z-c32j9rcyHQy5YjCLxnU%26sig%3DCg0ArKJSzHX759gCzY-VEAE%26urlfix%3D1%26vt%3D13%26adurl%3D&redirectedRetries=0&originalVast=https://ad.doubleclick.net/ddm/pfadx/N286407.1972103DOUBLECLICKBIDMAN/B25684492.302338137%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://earnme.club/airbass-z1-tws-from-boult-launched-for-rs-1599/%3Bdc_ves%3DdGltZXN0YW1wOiAxNjM0MjM0NzI4NjIyCg%3Bdc_cid%3D159304060%3Bdc_adid%3D508738722%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.225.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-225-113.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 32dc7ca53ff5277a73c4a796535c94908af27d1dd6645fd9b547258e227ae180

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:28 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4620

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3244 17 KB
6 KB 25ms
25ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C6DB 17 KB
6 KB 40ms
40ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A1A0 17 KB
6 KB 32ms
31ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 18:05:28 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 4A2D 41 KB
15 KB 27ms
27ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 11:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 08 Oct 2022 11:24:01 GMT

HEAD
H3

200

https://gcdn.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sign...
https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,it...

0
0

25ms
14ms

Fetch
video/webm

173.194.188.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/306F222EB974C5801524B04CF9B7D1FF46F2F97A.690D02880AEE7E5E1BBBD8C230EFF01ADFA5DEBF/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1720309
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: null
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: null
expires: Thu, 14 Oct 2021 18:05:29 GMT

Redirect headers

date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 646
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/306F222EB974C5801524B04CF9B7D1FF46F2F97A.690D02880AEE7E5E1BBBD8C230EFF01ADFA5DEBF/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 2495 0
17 B 102ms
102ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kur95v40&c=2731041728284&slotId=1365520864142&qqid=CO7NwuO-yvMCFYyv3god0i0E8g&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2495 15 KB
15 KB 7ms
7ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 92028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:40 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2495 15 KB
15 KB 8ms
7ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 17:27:37 GMT
x-content-type-options: nosniff
age: 261471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 17:27:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2495 0
20 B 41ms
41ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CP6aUZ3FoYa7-Oozf-gbS25CQD6CS7eNlj_7CqbwOr4G649cCEAEgvszXamDJBqABgKGcmgHIAQWoAwHIA5sEqgTyAU_Q3uxj0KKbA34JJKquKgo_fvZ_apPt01XVdU72oBIOap72zcRl4pJ1_7tVyM0tUnXB4OYSvGUOCT3X4lLqytJoRoL2_3ewgJoSp6VXHbPWngrOzob3f7nvwjaRS3vvu2J9VPqBAs_J4g_Z_FSPeSz8KA_luDXRGaMG4ONNTPAISFC7VaS0zBSyY1k8_pFx43jmhPQ58CtCA98uAZOTxA-x6LhM6btaBN-e2mcduzpdOZjLc_Tirme0xj0J242KdDlKqdJZX_-8ev_pZ3u8cll6e2VxWjmwNExKcSAMYkHTCuF7rmnwGuQ6l0ZMHTHlcA_iwATKhrKT5APgBAOQBgGgBnaAB-je4-UCqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAYBABGB3yCBthZHgtc3Vic3luLTYyMTY1MTk5NDE0MTA5MDCACgPICwHgCwGADAGwE_e18wzIE6KQnt4D0BMA2BMKiBSZA9gUAdAVAYAXAQ&eventType=clickstring&clientTime=1634234728901&ai=CP6aUZ3FoYa7-Oozf-gbS25CQD6CS7eNlj_7CqbwOr4G649cCEAEgvszXamDJBqABgKGcmgHIAQWoAwHIA5sEqgTyAU_Q3uxj0KKbA34JJKquKgo_fvZ_apPt01XVdU72oBIOap72zcRl4pJ1_7tVyM0tUnXB4OYSvGUOCT3X4lLqytJoRoL2_3ewgJoSp6VXHbPWngrOzob3f7nvwjaRS3vvu2J9VPqBAs_J4g_Z_FSPeSz8KA_luDXRGaMG4ONNTPAISFC7VaS0zBSyY1k8_pFx43jmhPQ58CtCA98uAZOTxA-x6LhM6btaBN-e2mcduzpdOZjLc_Tirme0xj0J242KdDlKqdJZX_-8ev_pZ3u8cll6e2VxWjmwNExKcSAMYkHTCuF7rmnwGuQ6l0ZMHTHlcA_iwATKhrKT5APgBAOQBgGgBnaAB-je4-UCqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAYBABGB3yCBthZHgtc3Vic3luLTYyMTY1MTk5NDE0MTA5MDCACgPICwHgCwGADAGwE_e18wzIE6KQnt4D0BMA2BMKiBSZA9gUAdAVAYAXAQ

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 2495 30 KB
14 KB 42ms
41ms XHR
text/xml 64.233.167.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BNOs3T-7lu3baC98-rYXNhyakEeKKpkWzKtjtQRgrT1Omg5gKsNR1PwebRmIhECLmvtt9Cb45MvONJ5BN3bQZOVa3K3A&cry=1&dbm_d=AKAmf-CncTAJrwdvnbCo-m6wIBdR-hVxRzqgC2jWA14pEKn-LylRrWvjhsrbGmYQmgiXMjsIkRiq57Lp_h58LkOv3fZQRjCR0CGNBvnidaukVXAIkbnfxbIKmtT8aeV-g6Pj-gfy0ZWjW4IvP59XMGzs-ppVAc1rWUdQjRbV-7kQ5EwtLoAfuwoZyTk5mHGqYerFxI00-xkCVyV7XqQBShw9rBBZu9d6dtTDakXKXufg3cPn5zbRRjdu4nT2gw3_9X6hh7bxVOI-Lnvt96Nzn4WDR9Pz9jHIwRIj0TghUS4XKmiEXgIkqFUIrndHHuVdOfQ95XPw0rK_2xAn5fqPoKLJ4Ak6wtwI4OKXZAKm7W-Z7wj8JTFcg-CgZd8SzBJhibEASlhVasAWTHuC0S7lcrJkQ2xgUQ2cllc86CAiHPB-QHHsdyvbYXDpFlKsgKN3qQaNFTJW-aiG2YLCxTAIn7yyBU2pKBvYhT1IBEoaNDCoxc0H0x1GBPpUW8OP3aFStPr3WR7XueeaC2GWoTWxGD9jY5sep7OMJ8dHSWD6rBNfsn1_yT5tC8NGMb-pEDwlFTJX7epmBtrhsE6LHPc55jKM3MqkpgM2Q21UP6RbP5TfN2cM1Lbds290jr3SbZRQMOQPY8vMYbwcNusxchMaoHx76loUel3_PyBbB2UH4txWks7Kxx-1W4CMrvh3_Yqen9kZz-j-SS-ARwR5e-F7vu70Z9hxNcpeoa9k5oGvov7kUzPBLecHxi8Y3M1sGezKbZKRfBkvD5g3WXxh3iatyvLU295CnTZTrwLaZPQsoZRiNPSH8mAgLynU4rILPAWLVvEoki7uNoOGydw5T-lSuteicKKE-EkipK7H2OpSRbJxCHTUYpUFJ5E7Slv7gjgZ7PIOiGWBj7dCTvMEjZyFzbN8hfp4beBGIO-LwwUnSGGrACfIQM3EvL_xMrdZtqN-MHxihQ3qXDILd-0IYIGOkTWUgbtbg7ZkoF2EY1KEFkbj7AwucwozX80rHCnQU4fepmVnKaZVH2b1p31JoxCXQ7T6GLWO1YfRtn_G1Wpy-NYdeQqTFx5AyJ9FqcFtuyCUij0jLCU_ULNayW_PXpYqRrHaW7JP2XrEXj8eLYkZm8jiECadMIsTMTwyEXj4zz-TNkQh7z1PdA4QiaAgI3yVckctHbM3zFj_gdGECbc1PFtztBwMRUQX8y8XTEZO_gH-JuaWa3CU5BJa_gS17bmBdVPVyqTfdczugeQaxA46qY2ytD6KKI3Zzk4DaqddvOl4ug_qQICS6dA0aSiOVGMGpQRfnRzmgQwL1XULhTN49ysWqewfqpGzR59bV1-U9iixDMULBFUMvwsQyQl8XVsD3Ex7Y9XlDtQcX5XslkZFy_-qozT1B4Edi_L6-qNYRS5s7bTrSjr5SiCdRZXbtKzv9ChqHK25aAchv2XVS1Z1Z7byS47BbZ6alOz8t4uJ01cTWzGFXIQ7HWSRvacu9LdWfsI6cjn3tUhVrtpq93sBXs1G3ZdPvigA46Ob6qJDVjVOmVohRfG788QyvTkcqvA0QA6bRWI0pzeTu40YWvzXRioLdWz6cYgdpjrftG-3fTnOF_p7j67dR9IREd0dt-bvs8ALtzwgXlSTX9xu76qh6cB_yJvz_NthkfYEUhjU4n2EfaHckOErWyTmlJO-R4Z1vMmg_jbFoS0HA8NjEcffl5zqhISgAEqRs8Ku2IWZVkLOs8kNRyug4Cl6qWD7M9Wb9P2GNPQdG7az4DxHgYkfHv9lPoaorMTPeMxuKKmgDO6Fyj-ZG0NjcWXskiBVnVZ-bEKyyOeiDMqOqSW5aXzAXnQAJ0jh9MBofgdPON9XeYwFR5FAlNFWmhdm1cAXQ38FFC1gokT6_XYleDJakpxN90QrN8Zie16EPCoCbKiR9Gg9SpHQIJy01EV0ttAAXQ5UVnjhnAipNv_Jl8f73ifMKmONWuxpZotHvJYF-N5z0zojtyknqUsAagEJ29MGYkhnyVRz6zBc7ZD97qqoMspWVPLzI0sAywE7jobWcmbZv_lmLuzLI5gm482MQlI3HRfdOR-V1zK7ULqdRW_bKqpI5OyMYJX7z9GJlXKxfde-r14-cqDyBKnGU0huz4feh1KAY5QiRzlx5KqPkfSJrBoFaktjwZoj1YMyUMEFClHy6sz8xAIayWWj-XHK8jEtRiZzV2w1kDvPi7UYm3RGRXFUcOviVZ4YmUKo1OPJycsI4XI1ZHzkVc038wuV0LbF3rtZFYB2cusjy_J414dl-XG6xUx9OwiV8COGIvKWLk3gN435o4kXoucoPefub1iJaZBxBfNQGvRIFY5kbSGlxL6zaygCKRMj0Z1_8C9fJygcosI-eGxv8GRYBWR2XLn_PEsNihOVoa38qT_R2DClfNkgbe7J0vE619ezwKpEzpleMjemNXE-y2mT3e3a4dYnItQNFLhh3BM2EqwU5_nbtqro5_g6n_YsckuIn_f04a0_YLa-GbBJ1DfOW6wITOmr1omsWvEGOgzZFLPfOT_09DWmXRnQtUVdbxAEDjW4wURor6OdW8i0XbkFgqDJxnuYiqe--yJb9OiXFQsPlmQ9HIKY_tR5KLW8MaGOCGvoe5aMD7jGbHENs7gkF7Hl1amycBi1gKkrU0oDaB5dWoKG1Ln76PQmFTtDYYy2Td4LLJL-wlnbLCQwxUy2zCMElISQTCjcWpE9eoPH4jQn53h6kkl3-x48lwH7wtsIus1s0RUZRN8JTVFJ7W68A2f2dUBT3dzIHRb2Po1CpffIjF3hp5A75kXJsRqf1v6H68zaQasb_qYFTvshUVcfvpecz9bwjwBTuwKF6ogIkFRfd5hjTufCF227Gtm2jyAJyfT-vceSP-DfKhTk8388i0xM0i0TLvsC6Mbrio7mp6PvMGlzHENHLPQKBBrGGMu0sUo4usY1kX1anBOBW0Ia8p6Z4YCAbInIdM-MIqqkx5Tvmd-nca_2aWYXngro35j03ZGzlRFbkOpc0xTI4hniVe5xOtxIFtaaVxv1q5k5V_kko1LIpcgDhordRq4woO2p9wKrMhv8GC1MKpy4WkltuxFu-aQUZ2NPNXNM0sVdLcXLztC-x2KgkNxmMz8t-Wom0zujQXY4R4qZJGHSK_CVTXa_sYC0ZxeOOApF-YB5A5x_Mtu0maizf2I6EZKx6jc7msxCVkergusWYtlQplyDezyCIU84fP7TntDtvA749RYyv45Y4N7d_XQazaKWvMFcrCtWYV3ogbFZ-0POpDzdWi8hkfH6J7u591Lb-BjrAE5WGjJP5EYlRk-MBhViluH1Fc9M9OAHRqde9tCoUbco54n9ZGTztFxjqn1iVQV7YWDU40r1daAE2JWxxNmeRQgJPDc&cid=CAASPeRodPLY_dEuaKrBIVfPqkmeeHsvqyowgKg_Eu2PHiLSesJJcHRREIiM9kkh4p__J2PCxnVG_SEGbRSV_Ic&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.167.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f154.1e100.net

Software

cafe /

Resource Hash

3e6a036b5d73ef6d9b8b573ef41dc3c7e65164939600200571ff3da79ca55a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13810
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2495 0
0 44ms
43ms Fetch
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAJ56Z3FoYa7-Oozf-gbS25CQD6CS7eNlj_7CqbwOr4G649cCEAEgvszXamDJBqABgKGcmgHIAQWoAwGqBO8BT9De7GPQopsDfgkkqq4qCj9-9n9qk-3TVdV1TvagEg5qnvbNxGXiknX_u1XIzS1SdcHg5hK8ZQ4JPdfiUurK0mhGgvb_d7CAmhKnpVcds9aeCs7Ohvd_ue_CNpFLe--7Yn1U-oECz8niD9n8VI95LPwoD-W4NdEZowbg401M8AhIULtVpLTMFLJjWTz-kXHjeOaE9DnwK0ID3y4Bk5PED7HouEzpu1oE357aZx27Ol05mMtz9Lqv_UFVr09JJge7A-9mp6XTgEf21kmUURypR2dx4XhzIVbQ2DWKjpV2b8u6WZCEySGA8BaP7_TKC0DABMqGspPkA-AEA4gF8rmurTaSBQYIAxABGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBnaAB-je4-UCqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAPIHChCXxQkYwPiGtAHSCAkIiOGAYBABGB3yCBthZHgtc3Vic3luLTYyMTY1MTk5NDE0MTA5MDCACgPICwGwE_e18wzIE6KQnt4D0BMA2BMKiBSZA9gUAdAVAYAXAbIXHgocCAASFHB1Yi05OTU5NzMwNzU0MDM4MDI2GMbdbQ&sigh=Q9sCVj702q4&cid=CAQSPgCNIrLMiJRMsvBqbSN0BbKOVplrQ6y57abKyuSePBTFaCQeqIcz0TZnP-YKuZKJ5fzzKdV-QlG1lJN4ZG2c&vt=10
Requested by: Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 551F 23 KB
9 KB 8ms
7ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Sun, 10 Oct 2021 10:51:41 GMT
expires: Mon, 10 Oct 2022 10:51:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 371627
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2495 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7a0d3463205d1d17297ee1e6e49c633fce6a99b5afce9a8bda3195339540eea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5B16 0
16 B 34ms
19ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLrYRBC9x2UY4O39iAEwAQ&v=APEucNUeWYkOEFAWSWnCCWRdgGhFOyrF3OVDLRdmzdME1YGAcovdIEhU0oMP-SioqTdu5vPjMauTASC-B_Vf901lSPnhmbt9cA

Requested by

Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLrYRBC9x2UY4O39iAEwAQ&v=APEucNUeWYkOEFAWSWnCCWRdgGhFOyrF3OVDLRdmzdME1YGAcovdIEhU0oMP-SioqTdu5vPjMauTASC-B_Vf901lSPnhmbt9cA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUki-mMTijwRslMpRLZQW5f9o-2ai1cuxV0c8eNhe2wAsjOTP8nb7Bzf0ZTffPI; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 14 Oct 2021 18:05:28 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FC8C 54 KB
25 KB 55ms
42ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-De24_mfQqxpS91E9VrTROpUofqCZe8GPOg9S0djC0jmvbOCNpBhevjkIk-F7qYH7weENAjXTXLdUiBgU_cAelIS0JXjXw5Ip_R3yNIcLiqjqOB_IXHvMlLOJHwxv4kl3INPdJT248H_0bQ7WBf3ACstA8U6Q&dbm_d=AKAmf-Akysi5187fd5dWqEs6iuwp8TqyN9ZrbMTdnbA_0eL4J_wM67__mbia6-sEw0zrcfP7JCce6WqcRYV-6ZgFQMPLBAl7hZvmyCequ9ApICBVpgPxiIsQuMFdUTBRsDyfLNulMd_Xl6CB9yLExMPkN6DCVSYCi1CQzSFh_UTfKTXaaZx-kZTC6IiMRBl1Y2EJNjMD3ZZC1Aa6Tusz0E6KkcMH9bMwj7wdEGS0fHAOr12y-dNBj6OEIYSzf2X_2-5cKyYZuMdL83gORWUAqqcg0uEbKqJpuYmD_v-gYoxmX8rX5BX0XFaGByw9iAIfw3ERF0rnV6nnEHDnLl2agh_sfjtjgJWyURin70hWCByQKNBTLq-JwYLHeqsdpshYe5Pukj_vygBLtyB44YWo3gcA9ytu3FN0T7l2zwYmOQNp-3XmTq5NkFB8NIFYJbeBB5rCep-19oHDCV8cFo5wyFuNJNc4O_HbFymAWBOtHXPYZQkT34PlR9j4WVkU-Na0T33Ojd7YfCh7ewFR7oFcT1wiIgED1Drc82Y7IJrrdKtoA3NuP2Lbj0wNSVqGP1ftt3MZJFg5XZUpCfe6DWTlrbN8yNOIGBLfbgQKF24eDhhiorKFEjbrkMFiB5AKzNOIpL_sn6CJHUfql232MQwyDJGm0I7sL3xndwcqYsItsh7hi25m603k1YsGL2PQHlLCQLNIL9NtQsu6IfiTcwhtXBMFV8mK8vlwwKHp0xdYEjIeyq_cUiA1jGCQjBrOo70S0lko5DjCEwYbVoTGz9SDFYGmY_oEDEJNQH6Oa7NwUpTVFYwKP3MN1CmTxH224xu_sto-xZM2SDxZdyfSLKHr8kWJeuXZbTzjeRmfnVRmUe2uh0AzDBTCWL_g84p0sVeKb-_vODI2TDJpHfNPdbV7ixw44UdldsMbVbTEZPa69h6cuMHccnvxCjecyHVm7WwIoDFadWDPVBMh9sd0_0HHhFw1VqBFlspX9buazs3nDl8iDJnZIJvTHFBHv5IsMZLWtmb17IvpqV3oWqnOjz5VXaqHqaWiKNry9uGnuA88SaYbMb-KXhY-EPhQVwHZS6WZ0a5_49oZvNFBFfPABVxkaQPChkukihLG_7MZOqKGQ1UTaQt0tOjtThW7ueVdMwLJjuXc0Gx8SRoG6VRulrj57ybmwtky6JQWOaB4LGeneLPJfUSRbBkqtYD0c4v6IETmLVJPbMG9sTBf6goPD6SU0LjZdi2R4rCxuAePHt8Zj5-cDPCb7CjMzeUSoTFHkK9rrzvHsAaAjeK4ZluNkz23iyGKaNuUwap81YLqWOXKvhBr_erAydbQi59NE6HUgJl7Flxhge2-KU8KrxB_1e-XRcftF0b_hddzK6FJTGyi1GTBxo3pHOYp2EVb1rBnjfB6y8hh1tPCbkZGTNz34wP9l6k5l_YH9dprWvltRTyqKixc-smmpDXfaOJDeSdWnZ6PciPwHJWDdv9RwskUXz-ZlCV_vN8NYOVrsLTMvq0XEUj-Y_Cpu5vJ2s_uTPBRK5QuS3EX-22y2Ub75VBSCkgzCQGdrTnjbOUD16KEhKhliwzwCvtyrWjdEHRxWI3BQS2r-c2nItWNRhQBGXuA7J3JoOe3jQKF7n1T6_jt4-rCls2sTBiE5fnI202ysgBI-tkj8JLvtKEsQlaGRmC2XehF6eIdvFPXZKMEjap71YSYdxDA61zxexy4Jexk-2bhRUcY28AwqM122iRCgK_MdKX4ahwb6Z9Zagw_-f13B1nu5Pi7jzsAZchtC6mtQHFm-K9c-t_6bxm75HGFUN7fdsMpJf-_rE0wzKgjD9K1hNJIG-nhPQF8PzctXvBgrqEbsQS1Xqxmgl21Wjyo9UmBE8M0eblYpNNFfI5Eco9DLI7KG0_bqzqF8a0x9nvPI6c1vG27ySJ1r4iaVcVwIVDHmhaaGsRU0vZl9aOoLXPDq-iG2AZkk11OpOGg7WQ3nXRn-4Uge-Y3vUUIYa-NRsQayaowvfg47z7fsY_tT4MoXE0JLLFdcykkKFLpfx84WDO2RxS_Ms5Fu43NPLMwaR5tXf_riQA5qvshyk0IiLIsdwCOw0GhOQBp06eJ50vCezayNCQ8IEJi-jUJKXLy0lg5hnRm8z3uXdnRAqfQA0sEpFJ7vKQEk7vdjb-ppuumLOqPB0WEjMtfBfT2JT64ORQY9_aYGwrN8zEP8qLCVxeJxnh2nisJy1qyv29FJAq_yiFsHV6Z5SIGl6JAN9I7uNUm2NquFbTwY77BXb24dqPrxfkGs7vyiJnnDW0bOM2VsOOUo9U3DckIshLtMa0fybw3IwUobBKzbjxA2RvCU4GGHHmJDqLlWefpLFuC5FZakwXMAu2ETcBbQRyXGBTIj-mCS1lpm36zjmH2YSHr2NLeiz3O0hyMbKzK4SpdyqfU8wH-VclRvgnUnnxKCXZ75HMYFagAtoZfdSjCWwvCIXTazkes9YcwYlRyb0Gaycl5P8VAykefQpCZWw7NlFOEcZbyjnklg7M2eu1ilD41KVt0mG1XvYV1kad2sPFRYhsuoYAbI5P6K_tNUEc-GdBICjSE67E_G7hX3uoutd4z0-KUycknnq902njn8zPxDcCLMBgMmSt1A2be_WMX99-ZrT9i5SjgxY2XNVYEcw4zZCcL0kSYVseg9Fh-AcvOzBWcq22sv4R3X-2BYXzJDCYqDs39LPo2y9563YzfTKz8LNJNxMENd1gHbTr2Cx7MdFqkgo0CAEceAvzBNay_S8IcB1-t7lspUUlNR1EakcZneV-0geQAU9AZpuS-70VGdymmiKEhd-x_0LtAasH7ztBsutUZj5otXi01RvTxN-2vQClN1mRaSiIsPjE8Ljy_g5ghaXSHN1eF4brCO6fPGlfGgl8jj4r_-RA702F0dTW0pC-zCsn7f8-zxfZjt-tXHJkM9A7i4aCwbYbH9idNrNjGkBiQ5SpHUZu38-9aByyhRGIwnQeXQSNDyv5gnX0c6LJ_vsX1ZpGc__lFrMfIP-VQrJXNs7h9rGdWK9m8IJ75XvVhF4UkO8GVGIQUyvg4zMMWjrWUNEme6q4p8FYE1FLdsmpq1qqjKvw58Dat4j176Kk23thdaX9XLS-ahl7HOe0&cid=CAASPeRoWo3Upi2DCwZbYrxT_RKcbVnHlU3PGWg9He-rOf5D8q3cLiQ4ZOg8fa72vTePJf5ZWA1biU3449SsLGA&rfl=2%2Chttps%253A%252F%252Fearnme.club%242%2Chttps%253A%252F%252Fearnme.club%252F%240

Requested by

Host: earnme.club
URL: https://earnme.club/?link=MOJjz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

1f67a2117ec739fda23e6088534bc2826f5002e6dc6aa2f5d50ac15b093292df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25730
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FC8C 42 B
63 B 40ms
40ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AiTJQ2LuFL9_p8EpnyOY2yxS_VOUsX2xKPIeaiHsQydXWZkJprjwAVN7Npceo3znyV0THwTdXzMpJ_RxZC2NicBuYsB6-ZXmjHmw4d2sXEKviMHWk

Requested by

Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame FC8C 3 KB
1 KB 7ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:01:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FC8C 123 KB
37 KB 265ms
243ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame FC8C 14 KB
6 KB 7ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FC8C 0
0 14ms
14ms Image
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSzeUw286edTw5DiBo8jxFlaSfixPjd4VHxwhd9NCm14LxVuLGCPN1HNuKOvatYBLPMFRQ0
Requested by: Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame DDEF 12 KB
5 KB 7ms
6ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 54E5 783 B
537 B 18ms
17ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

7947cc709130cc0cda4f3927d3d4b15f7c437cc8fc4e596e6709fd1ccc189385

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-65QzGLx96JzXdkzA3lc3Iw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:28 GMT
date: Thu, 14 Oct 2021 18:05:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-65QzGLx96JzXdkzA3lc3Iw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1348 624 B
297 B 23ms
22ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaQJxCz3bABGLDY7bUBMAE&v=APEucNXvwEkbon1lanceFKfJsN_CU0OGO6x1-dnd2B0keNPBiDCKyGPVrHTpo5lveXJ_rgStjug421pB7eBSekJyiyp-Qg-DNw

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJaQJxCz3bABGLDY7bUBMAE&v=APEucNXvwEkbon1lanceFKfJsN_CU0OGO6x1-dnd2B0keNPBiDCKyGPVrHTpo5lveXJ_rgStjug421pB7eBSekJyiyp-Qg-DNw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUki-mMTijwRslMpRLZQW5f9o-2ai1cuxV0c8eNhe2wAsjOTP8nb7Bzf0ZTffPI; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 18:05:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5C90 72 KB
28 KB 50ms
49ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AdCsy_c9jFkIZH-m4HWItCjCC1yUO7m2GrcOcJMy6AXJ9j2NgIcl0OissmGhS-_qSYRHhNDL6JM_3xloOf38MmK4ghQKPUtIPaEa98THjX0HC-uoq64B15UiTPbmFZkMup6yNOgtYoZz4K5vTsqFnCU3CmzA&dbm_d=AKAmf-CLYzuOOwmK9wlkGFoYExK8R0IbYq6jpn6og03HdXGSdvzb7GQGrMmFgNNyW9v_2mJmrKazOEq4O2Ssd1QUdUe0mMb7mfkW2OY4aBS8QNyApYbacfUXzx6KMwtivxWCrq020YLabKLNjHG1aX2F8dBvZzm4cxLjmTE8K6NVxp66bknyVRj4DZbA0CGLf5Mg2Kw7LVj1-qSs1zrioCwFW3A7_ohtdoqXyVQOO45C172Mg5XJTOaZridWBKSoC1AwKQPUFLsPIaFr9GbhDOqQvHxzm3rrtKqkBySYGJWiIpnkZZF-1UBFLt2SiU7e3i2R-Ay5XRh_wMetq_GPYp31W8PfgWDpAaZxef4A184DEUQAbRuQ_wb4iq9Smi_XhaloDsZrZUs3Tr2A-X0W2DEqG8DtmQMpniFRX-h7SHRuuc6kdvSQ0zknpLfqqY9efJ_Lh-NsiEiIhJIYtZW_2fg-OnNkPZ5wvWPaRd7R3IcBGRjXe6pHzV_BNqFWnYCiO4kUoQvORpNDwytgPROhrMazJcovqHEaFwba1FLU7Bu4EY8pkgkWTJoEswYbN9p-ZXjXINy-pOYt1bNlueKBnyGG5FXozAEuc8ANExGdGwAm7Aeznr2eyxuNHKpt1huqaP4UZD2IJTwmozMu_FVc0d9MIHmKotQ0US9msp4PCu3yWNoiAeKtBh-fLHiollhQF4vdBgG6RZj6MGLNMA9M-YcX7NQDkl-CTRVlCjTbAh-w5k1aL-o6wbrV6jtaRxw0FHN7Fu18sf4lfn2Q-Wq6b3uZge0AWVQRp3Og0F1WsoQBbUnLiAuJFOy0KBtDohunHl5CiLuCEc3yTTCQragwLpypblOsMu3K-FkIUXtoUR6D1vu9e1c1Kv0ypmhdSr-sIewoQfcplutL4eTGsUMquGAUUlKmcADkWlQMM0FFNTTIkmhOPi5odrBdjTj-exNuN6-kkFqoGpJEiVN7hgMkEBoe7eU4cYp54523bCNTnqRKw2qbboEFdTAOAiYlgcqvcKLRo-EiaD8iOwVUHhs-ZUCRz5DbDK9VQ48-rHb-mIyrIp-iwNrsqfxFgMrGJuXM_OeQEanAqIXh9F7rhS-ERUryUzEl4PqI5KlhDrrZx0wuE60cOaTOsR_DQu7ds3OI6fdzdQyHKhoXAzWvHxDl0_5cq8xS05DfwQvOVOwGBKYpn3GQLmhtIOubiBWSj4vLFY-oAHygwIh4BGl1i-zo7cjAQtWGbO6WI6ZfRt4UFSD536om5QrvQY4ufC8js8cCGwBWLNyz3gvCV9fL95-5D9kojIxrUb4MIBp45uIcc40ZYPBkjGgFVH811b9zIQ6xaaCH3FVzcoQFK-2Yhya37eVgR-GkKO8-Mew8mu24E80xc1VKyqcpC4e-wvWFHXX_dSNF1picp4kZvXuHyExMjULAhHyDWbudDfTB48iJqXh0wwSyINZOOXB42xBvT6Uqa2c6BbqwaFLpIAbJm45e4TfD8JFWjEi1jE0f3vu_qPpqNPK8Mx3M4SxrtHdbvdGvE5NJmWtroOIkn3BvmuySOltDODP6Y0J-JIgFfmGezU83MKNKyjQQTcf32Z2Ufuqcsyf_TRr3P1wbXBsymmmCyfYJ6cH8O4dSaAz9J26lGHVGGQ2rBEBIOC-kHYn0NM0D1m12BxbcWtDewTx6dts1IbMZsROjnSEgffTrESBK3ftiRDxz3mXNEoAt3uUuIIqMKNxW0jhlb0WK5GZlNmp7Poc6KXF3AKGceuxWAhNCLY3TsMzg_TGvh4_L8HQ2z3amwGIxD3gq6rI0MSzENhmPxDyE1j-7HI2TNDOQmLLLqGaILg-I4Rq-elSM2lDWkwfKe-SVXP0dH6NqZhOJYiKLb2kN8gK7vsQ_fgW668YaV5M7LnzMZ7umuB5XQiSrneYv2NgIr84zrjWemebSOHKkIUt7s_9kEy9qLkgwoLhCAmqvDEjFIKu0ZymmytQgpr84eWahZSYJzfrzFCOeHzSFhmouwf5cgMWkNhWHyaT-17tAjLjbKmUbNU0jIPnGQuQYZhQ7fPbEllGBJPTPX8IKWfLdGNvd4gdjqsWui_sdGynN8bVl_lnfhBha04HyGoW-VJeO-prwSdumZ9P7OzS13QAFha6z8oaY_Faqt_KDDhGWKkSfeFABgFLVWD2kRUI6uMzYt8cH_WaKVrxsyF6t4atvSDTd-BSk4v2jtwI4D-N0_8UCqxAU8xEdLjM763AWgX6eysSKgNl2pwYVzpzFZAoX3TZCyiH-VWvXrVV4IPcqPhLBBNuGc6rdGRaIuYg24vWjZNI7g9WVNGcSegL922Nbx9Oxr4t_VC-0cDQnZqV-ozir2pdg_Ds2kKE6bQggt4FsC3SZ7wKMaS_gKXdeZ6FTjayfHN7UZ2P-DA0ECpEUKg0CLLPy-CMUhMM2ywgBZPYVx7xS83IjZan0zeVSJuGgrE7YiVo6RcZJB3yhU4Qkc89KRBjsWH3rc3KRaVe_PjwJS4UEFC-rSAxooIyhwD4H78jo5G-RaDVKXYCk8ls43gOVtzFTTbh7uKUXn6GDQlq_s61-n0kcpHulZEpjUUUVJj2iUsmMhpXX75oN3_ExDuRM7sykpAY4OAf6xyHObFgzdsMGEvg0f-k6UjMEZRaW9SvGNOQwgkqQYV3Jilh_G5cdVaGvkw08g8Dw9NR4VsG1btk_2c_UoRLRV6V6mcpsukmffYsZmPlHsgmyJP68DnFbhmSQv97DuobNc_iNsvA2RipXaLagid37IzoyEC-7mwWek2nYsb5jxA0IxiczpaRhJF8TqdNQxhK4K4UafxjrmPuZEAPlOfhs4EKNLKv9WiLRTHZ7Vx15QsVCkSteA6hSkVGxwnu5L0L25V4U5xTOv2xrjpo9oYZHBkkXe05IX5K-sRQac_Wv4h-lj2kGXWQoX2DAm0QJ56N-OglLQQS1ozN0-qYm4bGQM0EE8j-xbzOvLtgQN_LOICY8jecObAy24l1SBzofQY5PqWelyp_Xv04IbQIzUCR0Zw5BDLyJ2bHSJZxO7IGWD6sJNXzE4QtpHuY28a4io9FbbbskOXNukl8LfRwnERLYmVd1eAzQLS4jU5xfqcAQXs2KgVVbO0WPkZyZr1I&cid=CAASEuRolHDS54RBQh8aw240WgAhNg&rfl=2%2Chttps%253A%252F%252Fearnme.club%242%2Chttps%253A%252F%252Fearnme.club%252F%240

Requested by

Host: earnme.club
URL: https://earnme.club/?link=MOJjz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

6e476ba4505860e47ad8b78c6ed87b0a467f23dfaaa06825e289164aae77e7ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28973
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C90 42 B
63 B 41ms
40ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CACrugOsUN3ajjxYdl7s_5wXLFMkhuX3WHvhm62lqYl7qe5oIkZcTRKVXenUSLsk86FmI056LfIorrF_89HV05RzXTs5T4EJaAk-JNH81fPwM4wjc

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 5C90 3 KB
1 KB 7ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:01:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C90 123 KB
37 KB 230ms
230ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 5C90 14 KB
6 KB 7ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5C90 0
0 15ms
15ms Image
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSWsG5SvJrYgFZ1SoJvNlYdoZBsN_8NPyeWh2WblYSEX5mz6TKknwp2lS7xTPmUEsYqjngt2m0bZBeWoM-EiSqoTVshTw
Requested by: Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 6A23 18 KB
8 KB 7ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite_fy2019.js

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:05:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6A23 8 KB
715 B 20ms
19ms Stylesheet
text/css 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f138.1e100.net

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 16:56:51 GMT
server: ESF
date: Thu, 14 Oct 2021 18:05:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H3 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame 6A23 14 KB
3 KB 10ms
9ms Stylesheet
text/css 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.css

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 18:33:21 GMT

GET
H3 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/ Frame 6A23 352 KB
122 KB 10ms
9ms Script
text/javascript 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

9af2a8ce32fd1a1765ee52d154940f56c2388ff1927226dc71570584202d8e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 12:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125117
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 10:39:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Tue, 11 Oct 2022 12:52:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 6A23 14 KB
6 KB 10ms
10ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6A23 0
0 15ms
15ms Image
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTPt6vlc8PTPfet9x-8xB4TvWAgmaWc2u9VXXuY5uJuRBEX0AyvciYEAG1CnCkaWiqaiSvP
Requested by: Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D8AF 0
16 B 23ms
19ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLrYRBCZ6FgYs93VjgEwAQ&v=APEucNVx-VTQM6ze7By-gQRhMPt07B3QgfYqgSerP277NdAxmNc7Ohjut7bv8JJoArKaSXdjWl2Ayol3IeLja3IM5mpvdlSHaw

Requested by

Host: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
URL: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLrYRBCZ6FgYs93VjgEwAQ&v=APEucNVx-VTQM6ze7By-gQRhMPt07B3QgfYqgSerP277NdAxmNc7Ohjut7bv8JJoArKaSXdjWl2Ayol3IeLja3IM5mpvdlSHaw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUki-mMTijwRslMpRLZQW5f9o-2ai1cuxV0c8eNhe2wAsjOTP8nb7Bzf0ZTffPI; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 14 Oct 2021 18:05:29 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A47F 54 KB
25 KB 46ms
40ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DsWA4NaJqj9KF8mLBj5z4u0j_udjceGnMxZjrXsMal7Cebwx4siXSxxWmOM7PPbAfBOI3Vn1CHD9UTKrZeMZcn4fDVvl18hwmLTXVpgkTiKu2Z_vUTa5x1x0CDj5j-sGCPcjLMXpZ12DcJtLNBt7OnBrnmwg&dbm_d=AKAmf-CMiBzaG7owRvyXp04pLr6IVHnbd9mmieJ7pa7P0i544iwW7WVGusWN-EHFt6udw2UBW_lc31BBzdMRl0UuiosxzQFIVBAjZKexVZbw5k9OM8Nbg4rIyWJCSyh15UMrkG8eE9dF9wME5QZWgO5tpxYocRJooO_pDTk24_WmRE_U2_bJuR60hxwnIC5Ta-SdLlZVh6-vfjiXQCr7s47xxJuVm5UtEnDQr_HrFWDRb-mrvasGRn88PLJkKhcZrxAjWiOtgW6KxWERNbv7ZEumGFbAvJj1AdyT4e-qNzyfTd6wJkY2uE2qXiOXm2JUJ9Di-glHxxvzYGwZtlfZhxf1kBHycVj9enunsrvcDQh_v5RN-UWTAIT9eZMHT6DfjPwImTATAZjsALFh7MmUnU6-kQYcDWBR_MwncmRXofCPcOswUlNhNjgFezXmz5dvG0uCQSknfzsvQ-310hjr9ZKwSpM_oZuou0o8UCPyI8eL_x6gxaH6XP1g2NLYtiEbE0nzGjXhJdJegXMwaZmAgULoPYLUU-naSE8oCPzFMZqFLZ01p13371lJcePHG1uNimv678lSK6Ph_iU6auEQ2l8zIEwhsJLf_yiVOSH0Anqvx_lCr56gwlyVHakbYPQ5D37SOG_tKd3k87_Lb0sV0Cop8CyciH0PXqnM0iWuqDZnAZQCzJMePTr9v-aU_OLWj9IOC5jqwKeVKNg_HLasS3QjLhCl2NMMmlA3v2_iEVd3BIi4uV79JNYNnKf1PP4tmJpptxusdOt9Uf-VkrED0xnFRKZZcv-eP1MNsuYkVtK4C1-38TNxH_G72hJwjou6Kk2PghO3oAeK6s_r7Ek95N2rEgVLnS3f06LNbe50-zWcrMXP86Ud88Q0pv6syiaVSn6JoH6v2iqbi7OpHKCqCHHdDxOHx_xSL7LaV59kjP65v1mHit9l8TezPVbRbJh2IHRXZBd_taAZQf9tJqzLOrnKRzWZe2p-jtYf5NgyNzEDXrj3Qmky7bjk0lnHfcjrfHPWHM0RklFLNlWj6YrDTJfHuGGXFkzlJIlck495Poz9O1koVfoiXUFBnRoXM-XUI8F-QaSQNPHB34EvxjO5J_qxR4DnOmFgCVYpBTq2jX5PfHvGyayBG2SVst2Z4HjfvvLkRwojSaL49Lbn8lkkSRVpT7HSxt2e6eLZv0lMVpC13VMAFv8uAcqFeriQ3Y8wyPIrBIusaNqxewQW2AgAYHPEJFLJrPZxktpnjXb0H5cWR_nmoWVs0jjDx93WExJzrvo1ZbcmUr5ubM8LUop_5vQEaUsH7GTczVS901F1mTKWiWWVh7CWFsrrDVI-bR3_vOWgoYCiCG8bI1LxoYMDkjvayHRwExWSUUBE4MLWXik5PdtDQcuhUTrGI5GozMHMZoHYY1CNYklAHdhJNQ60FX8F1mgiwuNsGtx7exyz0znbdPdYx2x4PEKAIOw9ZZ0y3PLUKjl_Q-JI7NPQ10RNfX9v3c0J6_hbTo5CWFrw2Aa7IDyKix7bbQw5MW70Jh2VVZ1BbZyvsx2MZQlKiGCP4sGHzERAN8LdOkkkWlCTpibakIibOs7ukee0wemV9nV7lqZvS-um8eM3ZWRCnX9oR45Sngq082VYKbsek2A0aVMFcsWXW_W_IVCKikiEQPn3Vn5gycwaM9CgwVIBkgrbyCBbjbDOViTHeaYDjL1PiMQgXon7tEhVwMezZ3s6q-Vfplg1KMB_BE6ATFr3ZGo83GURS7JNTQ99UWK9E37dMMUYTE9RZ8eLq-yJ-ulR2sCZ4F-o3YKpUe4TiXFzvzeYDd-gLL8MKhi1VM9ChZUV0Cr1w7yHxUAC57QbzrTNpLxKAffAb5LvEDtEsNcG9fnwqcp-_Aq_mBEDeDz4Y8QazyvWE85GBXZNI2_TLQ-u7GgTXkULtN-6-ATJCOpU8FUwF6JanEMXZY12fksFT99RepHXbjMGTVaReKrZbt1gWI4B30HamS0Wx_e7sgDM-mFbpLRyWWfUg_1ErkJYeRXQY6eHHZ22r_Ueemgd2Vfvo_pe7F83_LdS-9h2kt9ZLcMK-q-8mVscRbLThX13rLbSMSbT9zL2VX-oSCZ2z95XgAmaaJQDJcLRJcacWa0SDhtz9gAFqbReXfc_F9rcXgXdn6rZUFa7CiyBUOCMa50GGIY_r-k_CMTcwOo0DAySfDNbTJK0KKYCf5dAd7FFRDfP7RmAe--VficCXmFzwV6fbBcFuVeH6yiuWYakyH4PNsTJgmWfW9FqLoKGCcUXZZWxJGQgyPGTOpoQ_E06I0XSyMpacL_NYhlm8NFx2qIm2EKuQOBoREENJXKKsuy5MgcJ8lztxQ97yktecJzqDH0lyglLduRP7JtyWeLcsmmH4DAXMPbmS2_H88j6h4z85DrUQCUKhwNKrvkPYm4oxGsz5bq5TUHOAzlNLEhvyWiWWiNDH_8Qk5pkecnf9UTf5jbyyaklWsMtynGmYDiazybAI3ff458EbPNhm4F-h2Ax8FRAzzzWCRcfPC8QcMTO6nSmAV-M2P6xRyigSJCBpLncAEEQXbjLDv6tccWC8aBh5C9YbSb0JTn0ErTzJytB9JJNjGz6PPkgc88unA-OPL__Nxdcw53rWdR_d5YVRNKjS-dCwlA19jVZgJN-Y43zVUzeFqg0ys6Fz8r_xAXuga0ognxeuQaQLIyo0QZTa-BSweEk3PtVumuPDkX-ujf7H4G6FkOzU0Yeyb5iMPFH_1RNdd1LUthzELahKi0bmSiMK1_5VORhmBSHEtd6f8gehOCwVKOkNd84GW96lH9RbVn3xRhyVYzXW3am7jILZhIkVO7Fu5uHLxkea4nm9EM3K2UZ2xZlwZItm7MJUxB6PTfSsVMViihjg1yZNEVw1z8TEAwyN_Zfq2_79T0de8on9iihsAmq8R18EO-_oFj1L3XSMHoXjhs8KBkG4Xr4IW7wdKs06P-_K_8C5vUZ0X7T7Yus3DfKnZ0TLIOqoKGpHmpZT-V5CjbcY6wNI-808_xwoRAtLEHfLPxSSLr3wXyeG_Ljs-stl-r1EjAiqAuh2qiTnD7CTDkW2PViNcogLjqI9byONzPf4EIpSKC82lyHaBlPSOGvAVkfTpEDU7_CdPTU1kHXLDdr4_5imhaNip1zmzG7yOizuM0JoH4sBd1squ8e8MTQH7kcVUeCR9gF5uFKbraZJYPVVoRfdNdTapAojtN_KO8nTDJVcXMr0Q&cid=CAASPeRoUttleLsY7NgqpKlQ520-OzLVHbGNTLS1jZe3G047cD0IgOM1XX008zmhc8MJdhYI_MPryZveo2tSb58&rfl=2%2Chttps%253A%252F%252Fearnme.club%242%2Chttps%253A%252F%252Fearnme.club%252F%240

Requested by

Host: earnme.club
URL: https://earnme.club/?link=MOJjz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

f473b7497ac9e479b025c12adb9dd4eb09b5224be1bb1fb8e43ff1286c3f11de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26041
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A47F 42 B
63 B 45ms
39ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AbwObhdVGgRwlLR4LVRnvKIM-jrlcQPi1TU5KpzfdS7Gm9AlrUh-Adt8u04Nz22GMSAUZFtPrgF0ZqcJeD0atKIzI_rJ4376adUXmMvN0nD8nFUWo

Requested by

Host: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
URL: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame A47F 3 KB
1 KB 12ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
URL: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:01:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A47F 123 KB
37 KB 220ms
215ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
URL: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame A47F 14 KB
6 KB 10ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
URL: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 18:02:47 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 2615 12 KB
5 KB 8ms
7ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1DBB 783 B
536 B 17ms
16ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

b61a9245e1e83ccc28c93d9c1834bb204262aaeda86d519606259d3a15d68385

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7GUkKMAFr6U5MxVailYwfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:29 GMT
date: Thu, 14 Oct 2021 18:05:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7GUkKMAFr6U5MxVailYwfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 2495 41 KB
15 KB 7ms
6ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 11:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 08 Oct 2022 11:24:01 GMT

HEAD
H/1.1

200
OK

file.mp4
r2---sn-4g5ednse.c.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 2495
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r2---sn-4g5ednse.c.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

88ms
18ms

Fetch
video/mp4

173.194.188.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5ednse.c.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/122A11DE37CDB7F32ED17D2D327C3C53A9E927B5.48679BB8F8BB2B60699D9B0AB7E57349DCC29AC6/key/cms1/cms_redirect/yes/mh/lr/mip/216.131.114.25/mm/42/mn/sn-4g5ednse/ms/onc/mt/1634234338/mv/u/mvi/2/pl/24/file/file.mp4

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

173.194.188.39 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s31-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:29 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1980427
Last-Modified: Thu, 09 Sep 2021 20:06:33 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Thu, 14 Oct 2021 18:05:29 GMT

Redirect headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 644
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r2---sn-4g5ednse.c.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/122A11DE37CDB7F32ED17D2D327C3C53A9E927B5.48679BB8F8BB2B60699D9B0AB7E57349DCC29AC6/key/cms1/cms_redirect/yes/mh/lr/mip/216.131.114.25/mm/42/mn/sn-4g5ednse/ms/onc/mt/1634234338/mv/u/mvi/2/pl/24/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame B68E 0
17 B 100ms
100ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~kur95uvw&c=4141617371549&slotId=2070808685774.5&qqid=CIOsr-O-yvMCFQyuewodPyYL6g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=757&mt=video%2Fwebm&vs=854x480&umsem=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fv2%252F774604%252F57264042%253Fmon%253D57264043%2526omidPartner%253D%255BOMIDPARTNER%255D%2526apiframeworks%253D%255BAPIFRAMEWORKS%255D%2526bundleId%253D%255BBUNDLEID%255D%2526ias_xappb%253D%255Bctv_appid%255D%2526blockedAdTracking%253Dhttps%253A%252F%252Fgoogleads4.g.doubleclick.net%252Fpcs%252Fview%25253Fxai%25253DAKAOjsvERamocrzFxWc7tFQ0Z_vlBMXkcLKvDHNk6ZGjj-RCGcCu82oWiKin0HqhQAsBv7oyojE1IKI3i_WsHPBKPhzJIynRXG3c8dwnn-3c8_RqwSkZ5nMaq70y2qMiWg%252526sai%25253DAMfl-YQP7xjB1yACDzKVWA7Aej5pYaUTFatEmm1Rz1uimldrgEXUKK7FQF5nfdHu50878DXnZEZaoKR2xZrm9GghXnyDqG6ElRaxxSS34SM%252526sig%25253DCg0ArKJSzEN1LXnN_w2xEAE%252526urlfix%25253D1%252526vt%25253D13%252526adurl%25253D%2526redirectedRetries%253D0%2526originalVast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN286407.1972103DOUBLECLICKBIDMAN%252FB25684492.302338137%25253Bsz%25253D0x0%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttps%253A%252F%252Fearnme.club%252Fairbass-z1-tws-from-boult-launched-for-rs-1599%252F%25253Bdc_ves%25253DdGltZXN0YW1wOiAxNjM0MjM0NzI4MzM5Cg%25253Bdc_cid%25253D159304060%25253Bdc_adid%25253D508738722%25253Bdc_vpaid%25253D0%25253B&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame B68E 0
17 B 100ms
100ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~kur95v7u&c=4141617371549&slotId=2070808685774.5&qqid=CIOsr-O-yvMCFQyuewodPyYL6g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=757&mt=video%2Fwebm&vs=854x480&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252F9e9713475dcc5709%252Fitag%252F44%252Fsource%252Fdoubleclick_dmm%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F3778156587%252Fsparams%252Fid%252Citag%252Csource%252Cctier%252Cacao%252Cip%252Cipbits%252Cexpire%252Fsignature%252F5DAAA61FDF543841B3070A19214226ED8F783703.A9BDCB3900394248F5CBC3BE2ABE5D3279A6A1E2%252Fkey%252Fck2%252Ffile%252Ffile.webm&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9BE8 12 KB
5 KB 7ms
6ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7AAD 783 B
535 B 19ms
18ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

198f05b9806c4b25a50aa0dd8040c85f4c58705da82ac51092296c5e72103b8b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RA4onJRmFS2NkzD4dGbyqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:29 GMT
date: Thu, 14 Oct 2021 18:05:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-RA4onJRmFS2NkzD4dGbyqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame FD8F 12 KB
5 KB 8ms
8ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 15:25:23 GMT
expires: Fri, 14 Oct 2022 15:25:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 42A7 783 B
534 B 18ms
18ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

5aaf69e298b8aa684834cff21cbc0b779eb8c6623dd81743960c8696adb74875

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Vc0xWMnEOfVtgt0yOLRjqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://earnme.club/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 18:05:29 GMT
date: Thu, 14 Oct 2021 18:05:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Vc0xWMnEOfVtgt0yOLRjqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 42F4 23 KB
9 KB 7ms
7ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Sun, 10 Oct 2021 10:51:41 GMT
expires: Mon, 10 Oct 2022 10:51:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 371628
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A42F 0
0 48ms
48ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101301&jk=2897545899839513&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 830D 0
0 47ms
47ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101301&jk=933717603646843&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame FC8C 23 KB
9 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-De24_mfQqxpS91E9VrTROpUofqCZe8GPOg9S0djC0jmvbOCNpBhevjkIk-F7qYH7weENAjXTXLdUiBgU_cAelIS0JXjXw5Ip_R3yNIcLiqjqOB_IXHvMlLOJHwxv4kl3INPdJT248H_0bQ7WBf3ACstA8U6Q&dbm_d=AKAmf-Akysi5187fd5dWqEs6iuwp8TqyN9ZrbMTdnbA_0eL4J_wM67__mbia6-sEw0zrcfP7JCce6WqcRYV-6ZgFQMPLBAl7hZvmyCequ9ApICBVpgPxiIsQuMFdUTBRsDyfLNulMd_Xl6CB9yLExMPkN6DCVSYCi1CQzSFh_UTfKTXaaZx-kZTC6IiMRBl1Y2EJNjMD3ZZC1Aa6Tusz0E6KkcMH9bMwj7wdEGS0fHAOr12y-dNBj6OEIYSzf2X_2-5cKyYZuMdL83gORWUAqqcg0uEbKqJpuYmD_v-gYoxmX8rX5BX0XFaGByw9iAIfw3ERF0rnV6nnEHDnLl2agh_sfjtjgJWyURin70hWCByQKNBTLq-JwYLHeqsdpshYe5Pukj_vygBLtyB44YWo3gcA9ytu3FN0T7l2zwYmOQNp-3XmTq5NkFB8NIFYJbeBB5rCep-19oHDCV8cFo5wyFuNJNc4O_HbFymAWBOtHXPYZQkT34PlR9j4WVkU-Na0T33Ojd7YfCh7ewFR7oFcT1wiIgED1Drc82Y7IJrrdKtoA3NuP2Lbj0wNSVqGP1ftt3MZJFg5XZUpCfe6DWTlrbN8yNOIGBLfbgQKF24eDhhiorKFEjbrkMFiB5AKzNOIpL_sn6CJHUfql232MQwyDJGm0I7sL3xndwcqYsItsh7hi25m603k1YsGL2PQHlLCQLNIL9NtQsu6IfiTcwhtXBMFV8mK8vlwwKHp0xdYEjIeyq_cUiA1jGCQjBrOo70S0lko5DjCEwYbVoTGz9SDFYGmY_oEDEJNQH6Oa7NwUpTVFYwKP3MN1CmTxH224xu_sto-xZM2SDxZdyfSLKHr8kWJeuXZbTzjeRmfnVRmUe2uh0AzDBTCWL_g84p0sVeKb-_vODI2TDJpHfNPdbV7ixw44UdldsMbVbTEZPa69h6cuMHccnvxCjecyHVm7WwIoDFadWDPVBMh9sd0_0HHhFw1VqBFlspX9buazs3nDl8iDJnZIJvTHFBHv5IsMZLWtmb17IvpqV3oWqnOjz5VXaqHqaWiKNry9uGnuA88SaYbMb-KXhY-EPhQVwHZS6WZ0a5_49oZvNFBFfPABVxkaQPChkukihLG_7MZOqKGQ1UTaQt0tOjtThW7ueVdMwLJjuXc0Gx8SRoG6VRulrj57ybmwtky6JQWOaB4LGeneLPJfUSRbBkqtYD0c4v6IETmLVJPbMG9sTBf6goPD6SU0LjZdi2R4rCxuAePHt8Zj5-cDPCb7CjMzeUSoTFHkK9rrzvHsAaAjeK4ZluNkz23iyGKaNuUwap81YLqWOXKvhBr_erAydbQi59NE6HUgJl7Flxhge2-KU8KrxB_1e-XRcftF0b_hddzK6FJTGyi1GTBxo3pHOYp2EVb1rBnjfB6y8hh1tPCbkZGTNz34wP9l6k5l_YH9dprWvltRTyqKixc-smmpDXfaOJDeSdWnZ6PciPwHJWDdv9RwskUXz-ZlCV_vN8NYOVrsLTMvq0XEUj-Y_Cpu5vJ2s_uTPBRK5QuS3EX-22y2Ub75VBSCkgzCQGdrTnjbOUD16KEhKhliwzwCvtyrWjdEHRxWI3BQS2r-c2nItWNRhQBGXuA7J3JoOe3jQKF7n1T6_jt4-rCls2sTBiE5fnI202ysgBI-tkj8JLvtKEsQlaGRmC2XehF6eIdvFPXZKMEjap71YSYdxDA61zxexy4Jexk-2bhRUcY28AwqM122iRCgK_MdKX4ahwb6Z9Zagw_-f13B1nu5Pi7jzsAZchtC6mtQHFm-K9c-t_6bxm75HGFUN7fdsMpJf-_rE0wzKgjD9K1hNJIG-nhPQF8PzctXvBgrqEbsQS1Xqxmgl21Wjyo9UmBE8M0eblYpNNFfI5Eco9DLI7KG0_bqzqF8a0x9nvPI6c1vG27ySJ1r4iaVcVwIVDHmhaaGsRU0vZl9aOoLXPDq-iG2AZkk11OpOGg7WQ3nXRn-4Uge-Y3vUUIYa-NRsQayaowvfg47z7fsY_tT4MoXE0JLLFdcykkKFLpfx84WDO2RxS_Ms5Fu43NPLMwaR5tXf_riQA5qvshyk0IiLIsdwCOw0GhOQBp06eJ50vCezayNCQ8IEJi-jUJKXLy0lg5hnRm8z3uXdnRAqfQA0sEpFJ7vKQEk7vdjb-ppuumLOqPB0WEjMtfBfT2JT64ORQY9_aYGwrN8zEP8qLCVxeJxnh2nisJy1qyv29FJAq_yiFsHV6Z5SIGl6JAN9I7uNUm2NquFbTwY77BXb24dqPrxfkGs7vyiJnnDW0bOM2VsOOUo9U3DckIshLtMa0fybw3IwUobBKzbjxA2RvCU4GGHHmJDqLlWefpLFuC5FZakwXMAu2ETcBbQRyXGBTIj-mCS1lpm36zjmH2YSHr2NLeiz3O0hyMbKzK4SpdyqfU8wH-VclRvgnUnnxKCXZ75HMYFagAtoZfdSjCWwvCIXTazkes9YcwYlRyb0Gaycl5P8VAykefQpCZWw7NlFOEcZbyjnklg7M2eu1ilD41KVt0mG1XvYV1kad2sPFRYhsuoYAbI5P6K_tNUEc-GdBICjSE67E_G7hX3uoutd4z0-KUycknnq902njn8zPxDcCLMBgMmSt1A2be_WMX99-ZrT9i5SjgxY2XNVYEcw4zZCcL0kSYVseg9Fh-AcvOzBWcq22sv4R3X-2BYXzJDCYqDs39LPo2y9563YzfTKz8LNJNxMENd1gHbTr2Cx7MdFqkgo0CAEceAvzBNay_S8IcB1-t7lspUUlNR1EakcZneV-0geQAU9AZpuS-70VGdymmiKEhd-x_0LtAasH7ztBsutUZj5otXi01RvTxN-2vQClN1mRaSiIsPjE8Ljy_g5ghaXSHN1eF4brCO6fPGlfGgl8jj4r_-RA702F0dTW0pC-zCsn7f8-zxfZjt-tXHJkM9A7i4aCwbYbH9idNrNjGkBiQ5SpHUZu38-9aByyhRGIwnQeXQSNDyv5gnX0c6LJ_vsX1ZpGc__lFrMfIP-VQrJXNs7h9rGdWK9m8IJ75XvVhF4UkO8GVGIQUyvg4zMMWjrWUNEme6q4p8FYE1FLdsmpq1qqjKvw58Dat4j176Kk23thdaX9XLS-ahl7HOe0&cid=CAASPeRoWo3Upi2DCwZbYrxT_RKcbVnHlU3PGWg9He-rOf5D8q3cLiQ4ZOg8fa72vTePJf5ZWA1biU3449SsLGA&rfl=2%2Chttps%253A%252F%252Fearnme.club%242%2Chttps%253A%252F%252Fearnme.club%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:56:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 17:56:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame FC8C 8 KB
3 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:55:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 17:55:42 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FC8C 0
394 B 97ms
82ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssFSCZiduefbv9ynEbzn0F8SKLRAs7GHvwJeB1u08ht0i8LcLtbiAiMAKrCzJl521yILCvcVydMRUWkXTsTK5gwTvJ0WHrE7VXLQ6ijvQqgwzPb5Jcl1ikhktVCDDTB3wcj24bq56ewHOcZ_XMTmczx8DfZves6uUwkSukiBxJfkpnJfl6xe3bF2EzEYg74YiuKTm1-MIOYDPTxzWuW563KMyk3H4_VSRmbbZEs6XrCLnJ1psbAlS3Lj_lptiAoMQyw6sGDjA24XhOGoJDKQxTWc3MQM74pBZgc3twn6ZSpVlmvDNxe4R900NE2ppEq9mxWUcd_DTx723NOXdDJn4WZ-krcOM5CYVDkGp3k0haod__DoXUsltWzyUryWOoVEbvvUdSU3VZU7B1AycB6zZL20V4JjbEH3ZhIiqkWDX2TysCrcOvsri1Bw7sHAorRuu9D8VsteZ2v3USYhmgomGbuGBxI9CBTL7eWGAuujmn4ay8KaDkKgrc_yJdk6x7hBxdF_Ii8hQdYz572kdWp7VLSXavNpP-Q0wVmy0Ut9vglnaw0Asb4qsVfHmWlF5qGQHUnygejbsw4Q-64O0IxQ8AHmKSI5kTR1lEwowaS7vHiR1DZmT04vwmGnTc-BBqMVilnIl3iMrOKGG8IqyTW8OKn-lvzK0KlgV8g4BNWybEpAtIuV_CM8a_ID4_d7EA1Lcl3_ipRl1tFqi0tV0cRZP4_oa1vsB6KEV22LCV0Vied9DZJ9RGQdyLSH0l-gWrhrAqIH5lsX4j-O1XtETVqh2_1uiew4ad70uhnV2TqHLwQrIdiiPypjrN-9VZrCSYVy6IrOimZfdnUaoo532aHhBxfRvWDJVVT_HczO6QYd3Y9BlTdWbIIQAznqNKpssJLE1nPl0qwUmFXAJM1TUmZuZojIcx5rWVJdEwAKjSAxCFhm3h0LmAFGAtpoqrLoSt2rPhN5c1EGWb0iThAtycwfABVqs_elZhLDkz--qsxomK-BIPvi3QsuE8kljpO1N7-Z4HQxMTI74yoXpwsBGNKIeHB0Pyck_bc5mB5jJ0IHhPAPrggBLjtDn-0r1yz2vT3h19sjWl99iTS-3ICOYb2Owbcy_L0F3GEHTUCBRAYiSZq3EiIbYyoaUVQ574yhRoYQdUWpIGbxCj-y6yrKDTo7b---qUjULnt1uP9jYauZ_nHjGNYU_sNaaO6Tt7JVaX74bJLdylLiwxd4cZbRw_8Cvg8i3PF&sai=AMfl-YQN0TAg2YgciU274RwzhTa4s5Tj_NlZAidopG21Qce6Z0iV0Fyr02pgXFjC1p-jdj1BZX03F7zVGUGNgqUWT5NEjQYOfE6cb4GM8qlAeAJLVmRwE1SDkMTq2vasY_3PNid8Wd-SGtDnIOtqROK3dwfbMKJxqeA-lcxRM1u_hhbQVVthu3i8dNbQVIEf3WAXTldnM9y1VPUm1Zadhf0Gn17ouJ2Z8kyEISvNLtiTtw&sig=Cg0ArKJSzDjeh5YNJ2pjEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211011.51744&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 18:05:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FC8C 41 KB
15 KB 7ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 PROSP-Q1-2021_DOMAIN_INTL_300X250_IMAGE.png
s0.2mdn.net/6629020/ Frame FC8C 102 KB
103 KB 59ms
19ms Image
image/png 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6629020/PROSP-Q1-2021_DOMAIN_INTL_300X250_IMAGE.png

Requested by

Host: b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
URL: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

1b18bd58aae8c3a729ced4ef75be3bacc679d526911765299f4b05d1f73702a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 10:33:20 GMT
x-content-type-options: nosniff
age: 27129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104782
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 18:04:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 10:33:20 GMT

GET
H3 200 file.webm Show response
r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame B68E 342 KB
342 KB 39ms
39ms XHR
video/webm 173.194.188.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

2c277265caa1ddcb86b6cffbebfd66d8e80309d9cd4291cdc7e5db41c15e3405

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 350000
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 5C90 114 KB
40 KB 29ms
5ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: earnme.club
URL: https://earnme.club/?link=MOJjz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
Origin: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 11:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 11:05:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 5C90 8 KB
3 KB 8ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AdCsy_c9jFkIZH-m4HWItCjCC1yUO7m2GrcOcJMy6AXJ9j2NgIcl0OissmGhS-_qSYRHhNDL6JM_3xloOf38MmK4ghQKPUtIPaEa98THjX0HC-uoq64B15UiTPbmFZkMup6yNOgtYoZz4K5vTsqFnCU3CmzA&dbm_d=AKAmf-CLYzuOOwmK9wlkGFoYExK8R0IbYq6jpn6og03HdXGSdvzb7GQGrMmFgNNyW9v_2mJmrKazOEq4O2Ssd1QUdUe0mMb7mfkW2OY4aBS8QNyApYbacfUXzx6KMwtivxWCrq020YLabKLNjHG1aX2F8dBvZzm4cxLjmTE8K6NVxp66bknyVRj4DZbA0CGLf5Mg2Kw7LVj1-qSs1zrioCwFW3A7_ohtdoqXyVQOO45C172Mg5XJTOaZridWBKSoC1AwKQPUFLsPIaFr9GbhDOqQvHxzm3rrtKqkBySYGJWiIpnkZZF-1UBFLt2SiU7e3i2R-Ay5XRh_wMetq_GPYp31W8PfgWDpAaZxef4A184DEUQAbRuQ_wb4iq9Smi_XhaloDsZrZUs3Tr2A-X0W2DEqG8DtmQMpniFRX-h7SHRuuc6kdvSQ0zknpLfqqY9efJ_Lh-NsiEiIhJIYtZW_2fg-OnNkPZ5wvWPaRd7R3IcBGRjXe6pHzV_BNqFWnYCiO4kUoQvORpNDwytgPROhrMazJcovqHEaFwba1FLU7Bu4EY8pkgkWTJoEswYbN9p-ZXjXINy-pOYt1bNlueKBnyGG5FXozAEuc8ANExGdGwAm7Aeznr2eyxuNHKpt1huqaP4UZD2IJTwmozMu_FVc0d9MIHmKotQ0US9msp4PCu3yWNoiAeKtBh-fLHiollhQF4vdBgG6RZj6MGLNMA9M-YcX7NQDkl-CTRVlCjTbAh-w5k1aL-o6wbrV6jtaRxw0FHN7Fu18sf4lfn2Q-Wq6b3uZge0AWVQRp3Og0F1WsoQBbUnLiAuJFOy0KBtDohunHl5CiLuCEc3yTTCQragwLpypblOsMu3K-FkIUXtoUR6D1vu9e1c1Kv0ypmhdSr-sIewoQfcplutL4eTGsUMquGAUUlKmcADkWlQMM0FFNTTIkmhOPi5odrBdjTj-exNuN6-kkFqoGpJEiVN7hgMkEBoe7eU4cYp54523bCNTnqRKw2qbboEFdTAOAiYlgcqvcKLRo-EiaD8iOwVUHhs-ZUCRz5DbDK9VQ48-rHb-mIyrIp-iwNrsqfxFgMrGJuXM_OeQEanAqIXh9F7rhS-ERUryUzEl4PqI5KlhDrrZx0wuE60cOaTOsR_DQu7ds3OI6fdzdQyHKhoXAzWvHxDl0_5cq8xS05DfwQvOVOwGBKYpn3GQLmhtIOubiBWSj4vLFY-oAHygwIh4BGl1i-zo7cjAQtWGbO6WI6ZfRt4UFSD536om5QrvQY4ufC8js8cCGwBWLNyz3gvCV9fL95-5D9kojIxrUb4MIBp45uIcc40ZYPBkjGgFVH811b9zIQ6xaaCH3FVzcoQFK-2Yhya37eVgR-GkKO8-Mew8mu24E80xc1VKyqcpC4e-wvWFHXX_dSNF1picp4kZvXuHyExMjULAhHyDWbudDfTB48iJqXh0wwSyINZOOXB42xBvT6Uqa2c6BbqwaFLpIAbJm45e4TfD8JFWjEi1jE0f3vu_qPpqNPK8Mx3M4SxrtHdbvdGvE5NJmWtroOIkn3BvmuySOltDODP6Y0J-JIgFfmGezU83MKNKyjQQTcf32Z2Ufuqcsyf_TRr3P1wbXBsymmmCyfYJ6cH8O4dSaAz9J26lGHVGGQ2rBEBIOC-kHYn0NM0D1m12BxbcWtDewTx6dts1IbMZsROjnSEgffTrESBK3ftiRDxz3mXNEoAt3uUuIIqMKNxW0jhlb0WK5GZlNmp7Poc6KXF3AKGceuxWAhNCLY3TsMzg_TGvh4_L8HQ2z3amwGIxD3gq6rI0MSzENhmPxDyE1j-7HI2TNDOQmLLLqGaILg-I4Rq-elSM2lDWkwfKe-SVXP0dH6NqZhOJYiKLb2kN8gK7vsQ_fgW668YaV5M7LnzMZ7umuB5XQiSrneYv2NgIr84zrjWemebSOHKkIUt7s_9kEy9qLkgwoLhCAmqvDEjFIKu0ZymmytQgpr84eWahZSYJzfrzFCOeHzSFhmouwf5cgMWkNhWHyaT-17tAjLjbKmUbNU0jIPnGQuQYZhQ7fPbEllGBJPTPX8IKWfLdGNvd4gdjqsWui_sdGynN8bVl_lnfhBha04HyGoW-VJeO-prwSdumZ9P7OzS13QAFha6z8oaY_Faqt_KDDhGWKkSfeFABgFLVWD2kRUI6uMzYt8cH_WaKVrxsyF6t4atvSDTd-BSk4v2jtwI4D-N0_8UCqxAU8xEdLjM763AWgX6eysSKgNl2pwYVzpzFZAoX3TZCyiH-VWvXrVV4IPcqPhLBBNuGc6rdGRaIuYg24vWjZNI7g9WVNGcSegL922Nbx9Oxr4t_VC-0cDQnZqV-ozir2pdg_Ds2kKE6bQggt4FsC3SZ7wKMaS_gKXdeZ6FTjayfHN7UZ2P-DA0ECpEUKg0CLLPy-CMUhMM2ywgBZPYVx7xS83IjZan0zeVSJuGgrE7YiVo6RcZJB3yhU4Qkc89KRBjsWH3rc3KRaVe_PjwJS4UEFC-rSAxooIyhwD4H78jo5G-RaDVKXYCk8ls43gOVtzFTTbh7uKUXn6GDQlq_s61-n0kcpHulZEpjUUUVJj2iUsmMhpXX75oN3_ExDuRM7sykpAY4OAf6xyHObFgzdsMGEvg0f-k6UjMEZRaW9SvGNOQwgkqQYV3Jilh_G5cdVaGvkw08g8Dw9NR4VsG1btk_2c_UoRLRV6V6mcpsukmffYsZmPlHsgmyJP68DnFbhmSQv97DuobNc_iNsvA2RipXaLagid37IzoyEC-7mwWek2nYsb5jxA0IxiczpaRhJF8TqdNQxhK4K4UafxjrmPuZEAPlOfhs4EKNLKv9WiLRTHZ7Vx15QsVCkSteA6hSkVGxwnu5L0L25V4U5xTOv2xrjpo9oYZHBkkXe05IX5K-sRQac_Wv4h-lj2kGXWQoX2DAm0QJ56N-OglLQQS1ozN0-qYm4bGQM0EE8j-xbzOvLtgQN_LOICY8jecObAy24l1SBzofQY5PqWelyp_Xv04IbQIzUCR0Zw5BDLyJ2bHSJZxO7IGWD6sJNXzE4QtpHuY28a4io9FbbbskOXNukl8LfRwnERLYmVd1eAzQLS4jU5xfqcAQXs2KgVVbO0WPkZyZr1I&cid=CAASEuRolHDS54RBQh8aw240WgAhNg&rfl=2%2Chttps%253A%252F%252Fearnme.club%242%2Chttps%253A%252F%252Fearnme.club%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:55:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 17:55:42 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 5C90 23 KB
9 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:56:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 17:56:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame A47F 23 KB
9 KB 8ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DsWA4NaJqj9KF8mLBj5z4u0j_udjceGnMxZjrXsMal7Cebwx4siXSxxWmOM7PPbAfBOI3Vn1CHD9UTKrZeMZcn4fDVvl18hwmLTXVpgkTiKu2Z_vUTa5x1x0CDj5j-sGCPcjLMXpZ12DcJtLNBt7OnBrnmwg&dbm_d=AKAmf-CMiBzaG7owRvyXp04pLr6IVHnbd9mmieJ7pa7P0i544iwW7WVGusWN-EHFt6udw2UBW_lc31BBzdMRl0UuiosxzQFIVBAjZKexVZbw5k9OM8Nbg4rIyWJCSyh15UMrkG8eE9dF9wME5QZWgO5tpxYocRJooO_pDTk24_WmRE_U2_bJuR60hxwnIC5Ta-SdLlZVh6-vfjiXQCr7s47xxJuVm5UtEnDQr_HrFWDRb-mrvasGRn88PLJkKhcZrxAjWiOtgW6KxWERNbv7ZEumGFbAvJj1AdyT4e-qNzyfTd6wJkY2uE2qXiOXm2JUJ9Di-glHxxvzYGwZtlfZhxf1kBHycVj9enunsrvcDQh_v5RN-UWTAIT9eZMHT6DfjPwImTATAZjsALFh7MmUnU6-kQYcDWBR_MwncmRXofCPcOswUlNhNjgFezXmz5dvG0uCQSknfzsvQ-310hjr9ZKwSpM_oZuou0o8UCPyI8eL_x6gxaH6XP1g2NLYtiEbE0nzGjXhJdJegXMwaZmAgULoPYLUU-naSE8oCPzFMZqFLZ01p13371lJcePHG1uNimv678lSK6Ph_iU6auEQ2l8zIEwhsJLf_yiVOSH0Anqvx_lCr56gwlyVHakbYPQ5D37SOG_tKd3k87_Lb0sV0Cop8CyciH0PXqnM0iWuqDZnAZQCzJMePTr9v-aU_OLWj9IOC5jqwKeVKNg_HLasS3QjLhCl2NMMmlA3v2_iEVd3BIi4uV79JNYNnKf1PP4tmJpptxusdOt9Uf-VkrED0xnFRKZZcv-eP1MNsuYkVtK4C1-38TNxH_G72hJwjou6Kk2PghO3oAeK6s_r7Ek95N2rEgVLnS3f06LNbe50-zWcrMXP86Ud88Q0pv6syiaVSn6JoH6v2iqbi7OpHKCqCHHdDxOHx_xSL7LaV59kjP65v1mHit9l8TezPVbRbJh2IHRXZBd_taAZQf9tJqzLOrnKRzWZe2p-jtYf5NgyNzEDXrj3Qmky7bjk0lnHfcjrfHPWHM0RklFLNlWj6YrDTJfHuGGXFkzlJIlck495Poz9O1koVfoiXUFBnRoXM-XUI8F-QaSQNPHB34EvxjO5J_qxR4DnOmFgCVYpBTq2jX5PfHvGyayBG2SVst2Z4HjfvvLkRwojSaL49Lbn8lkkSRVpT7HSxt2e6eLZv0lMVpC13VMAFv8uAcqFeriQ3Y8wyPIrBIusaNqxewQW2AgAYHPEJFLJrPZxktpnjXb0H5cWR_nmoWVs0jjDx93WExJzrvo1ZbcmUr5ubM8LUop_5vQEaUsH7GTczVS901F1mTKWiWWVh7CWFsrrDVI-bR3_vOWgoYCiCG8bI1LxoYMDkjvayHRwExWSUUBE4MLWXik5PdtDQcuhUTrGI5GozMHMZoHYY1CNYklAHdhJNQ60FX8F1mgiwuNsGtx7exyz0znbdPdYx2x4PEKAIOw9ZZ0y3PLUKjl_Q-JI7NPQ10RNfX9v3c0J6_hbTo5CWFrw2Aa7IDyKix7bbQw5MW70Jh2VVZ1BbZyvsx2MZQlKiGCP4sGHzERAN8LdOkkkWlCTpibakIibOs7ukee0wemV9nV7lqZvS-um8eM3ZWRCnX9oR45Sngq082VYKbsek2A0aVMFcsWXW_W_IVCKikiEQPn3Vn5gycwaM9CgwVIBkgrbyCBbjbDOViTHeaYDjL1PiMQgXon7tEhVwMezZ3s6q-Vfplg1KMB_BE6ATFr3ZGo83GURS7JNTQ99UWK9E37dMMUYTE9RZ8eLq-yJ-ulR2sCZ4F-o3YKpUe4TiXFzvzeYDd-gLL8MKhi1VM9ChZUV0Cr1w7yHxUAC57QbzrTNpLxKAffAb5LvEDtEsNcG9fnwqcp-_Aq_mBEDeDz4Y8QazyvWE85GBXZNI2_TLQ-u7GgTXkULtN-6-ATJCOpU8FUwF6JanEMXZY12fksFT99RepHXbjMGTVaReKrZbt1gWI4B30HamS0Wx_e7sgDM-mFbpLRyWWfUg_1ErkJYeRXQY6eHHZ22r_Ueemgd2Vfvo_pe7F83_LdS-9h2kt9ZLcMK-q-8mVscRbLThX13rLbSMSbT9zL2VX-oSCZ2z95XgAmaaJQDJcLRJcacWa0SDhtz9gAFqbReXfc_F9rcXgXdn6rZUFa7CiyBUOCMa50GGIY_r-k_CMTcwOo0DAySfDNbTJK0KKYCf5dAd7FFRDfP7RmAe--VficCXmFzwV6fbBcFuVeH6yiuWYakyH4PNsTJgmWfW9FqLoKGCcUXZZWxJGQgyPGTOpoQ_E06I0XSyMpacL_NYhlm8NFx2qIm2EKuQOBoREENJXKKsuy5MgcJ8lztxQ97yktecJzqDH0lyglLduRP7JtyWeLcsmmH4DAXMPbmS2_H88j6h4z85DrUQCUKhwNKrvkPYm4oxGsz5bq5TUHOAzlNLEhvyWiWWiNDH_8Qk5pkecnf9UTf5jbyyaklWsMtynGmYDiazybAI3ff458EbPNhm4F-h2Ax8FRAzzzWCRcfPC8QcMTO6nSmAV-M2P6xRyigSJCBpLncAEEQXbjLDv6tccWC8aBh5C9YbSb0JTn0ErTzJytB9JJNjGz6PPkgc88unA-OPL__Nxdcw53rWdR_d5YVRNKjS-dCwlA19jVZgJN-Y43zVUzeFqg0ys6Fz8r_xAXuga0ognxeuQaQLIyo0QZTa-BSweEk3PtVumuPDkX-ujf7H4G6FkOzU0Yeyb5iMPFH_1RNdd1LUthzELahKi0bmSiMK1_5VORhmBSHEtd6f8gehOCwVKOkNd84GW96lH9RbVn3xRhyVYzXW3am7jILZhIkVO7Fu5uHLxkea4nm9EM3K2UZ2xZlwZItm7MJUxB6PTfSsVMViihjg1yZNEVw1z8TEAwyN_Zfq2_79T0de8on9iihsAmq8R18EO-_oFj1L3XSMHoXjhs8KBkG4Xr4IW7wdKs06P-_K_8C5vUZ0X7T7Yus3DfKnZ0TLIOqoKGpHmpZT-V5CjbcY6wNI-808_xwoRAtLEHfLPxSSLr3wXyeG_Ljs-stl-r1EjAiqAuh2qiTnD7CTDkW2PViNcogLjqI9byONzPf4EIpSKC82lyHaBlPSOGvAVkfTpEDU7_CdPTU1kHXLDdr4_5imhaNip1zmzG7yOizuM0JoH4sBd1squ8e8MTQH7kcVUeCR9gF5uFKbraZJYPVVoRfdNdTapAojtN_KO8nTDJVcXMr0Q&cid=CAASPeRoUttleLsY7NgqpKlQ520-OzLVHbGNTLS1jZe3G047cD0IgOM1XX008zmhc8MJdhYI_MPryZveo2tSb58&rfl=2%2Chttps%253A%252F%252Fearnme.club%242%2Chttps%253A%252F%252Fearnme.club%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:56:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 17:56:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame A47F 8 KB
3 KB 8ms
8ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:55:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 17:55:42 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A47F 0
61 B 86ms
85ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfMuVURQ8qlL4YjHhZf6Y_YbAtsFBbh1RB7rs-iyN05c3KSX9Sc-Up72xBfm9lIo13zuvqhCJZ1nR7srR7IkqAQpchWS3aKJtipb1g4fQAQXzLecxXbHHzIfS4JRouiyJ66j3Jp0n2eK8cF-wTXgVdwWQ7mZqxxWS4DtZ8RsHtO1gACg6Nseo5Up7Up_KeUt7HNXlLtuCaVu87H_uOeDk7__Yte0ivJLZdmKooMTWcZHyr5Kr5FO98hj6CydiXxXVfQvjiNPOcAUimnhDQnJePNpLeWEucsB-SqfCcqrU4bqtDrfTLJVVaZA2FidNh_iDwxxRNkHxHt4omxUgw9Wtyesr1Nn92buIbaengIweGwotPBuFRMNRDvveOIwzvM0EOnuZ7CPUBQeIC9MFK0Aytp-8ZDbvEMemIMynz7Y44XIQF4loHmq-wgVz3oZsoLRjYGLU5hGVN4wm77XQ1Q94N1iUKnMVo1NwWWST0MdCr8oF4c6qpnZEO4Hr1HhNk6PVaDzD8oUsirHMpRxvm-LDx80ECsfSAhL9kFMRuTfxSDLP_hKRncLzRxH9i9DEc3eAvExjTblioK2WawSdLMy6VgnuxUeMehYwnKnzlnzLw-Idif8KWy_1DZOeoAKXRQa4bIalbaNlafnOBOwPv-3ED1Bpc_ZnwKnKvf84A8Od2ke-VggtTe02ghZpgFxEw9sKicvwDd2ph69i3Yzdm8nHwEltzdqu3ZZbhCOEkcwfgCWgvcU1nn-p34WVMg35k1mjLEFNG41r_J4GL2JrlnVYZr5l7ShqMX2sDdqcUMod57PYrj1gqPzfNixDL22eMpfq1l1oc4p23Ilp82PJUxNTS00e6iBIcq3mQtqYa4FYhDk9881r57Z4qgP7AVCzf7g9TvtrgPhkDf09IYRf5quXg0AF5B3dvsfLI-vBz6dAmPt4cQGew8xpx6CoKgHZ6VQZe86cd8nJj37HxgITyVTk9HmMHD8_ht9kj1GJbf7Kavmb0lCFTyGJZU1F7NLAldqxrhNjnl8bMjhJIaAutLGwr1V0dYo4iogzWoa7PAgVfrcdgIQyJLWT1lv0IAndTRhIv0e9Etv7BTdy2PR3MlytcHam49tV3FMYTXCzO6OqF9tuVLAyVS77f6xjXo7VCr0pT_1QXtKiRxQwF-bYu851fU2zfCKtgPwMNu8zkgtLPRM8WO80Vb66RCwFP9yWNFx8ayhOGRyG3QWXV4vWRTFKpg30wzHbBgnk&sai=AMfl-YTu4jjUvdedDEjxbfS6qbJmG6zgbA-QEkrbRd7_0gfKYT1_rpE7_FIS5L3BKSCHWWtkse3PMoLrkxU3k7a1V-V-b9ptOtjZ6wvbQFX_iJHSwZDW7L3q7nQoCy3jjDYFn58OGE1BJVwzPQq25Ex3Qf4tCPf_hYk_OM3HOi7JYzQd4TjzAZjfdcFZ_3zbfs4XFH6_wkYv1ZUC2poQUB0DFWvz6YEW6mLFhGtNEJcpeQ&sig=Cg0ArKJSzECaM84rqZSQEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211011.66863&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 18:05:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A47F 41 KB
15 KB 8ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 PROSPECTING-YOUR-SITE-YOUR-WAY_HG_INTL_300X250_IMAGE.png
s0.2mdn.net/6241250/ Frame A47F 30 KB
30 KB 48ms
48ms Image
image/png 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6241250/PROSPECTING-YOUR-SITE-YOUR-WAY_HG_INTL_300X250_IMAGE.png

Requested by

Host: 50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
URL: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

c8da252e9894aed11df11b015087a9d10526abbebb5ed8c61831cf2b7aae475a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 12:09:32 GMT
x-content-type-options: nosniff
age: 21357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30440
x-xss-protection: 0
last-modified: Thu, 10 Dec 2020 20:25:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 12:09:32 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame A86C 23 KB
9 KB 9ms
7ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Sun, 10 Oct 2021 10:51:41 GMT
expires: Mon, 10 Oct 2022 10:51:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 371628
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 2E14 35 KB
13 KB 13ms
12ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 6A23 0
17 B 105ms
104ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kur95vdo&c=4859605075056&slotId=2429802537528&qqid=CLuCxuO-yvMCFdzYEQgd3-EO6w&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 6A23 15 KB
15 KB 9ms
9ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 92029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:40 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 6A23 15 KB
15 KB 9ms
9ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 17:27:37 GMT
x-content-type-options: nosniff
age: 261472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 17:27:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6A23 0
20 B 42ms
41ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=C8G2eaHFoYbuuAdyxx_AP38O72A7xjKOGZfDeo5qoDuj_6cWPDhABIL7M12pgyQagAby90pkDyAEFqAMByAObBKoE9QFP0OBOsyO6aZ7hZ-3ezZFG18iDNi5KrhH8T0eyVZuaC1vCsmYTmIjM22oeKJZ3VHqmf5royDCkVAcyvO3AfPKG3qTjE8Qyr54HloZbn7kh46Pum4h4r5kR2C2f9FeIA6LCuTB0jxuTppO-jQhzzSE6k9MU-iOs7arEnpaA4k_Wldz8evI63uqPpn6dJ9pwUSvT5eEuhfYIfsL-sd-e-8iXSLJRm89M7iDyZxMB6DrwAm6HYEo54QNNMnE7MESxkHWfduCgAjc92vjoqVpcqCj6OOlck13PIJ9gdnA6KLNvhL9jH9zBmVff0vuariWiDsrUqGjtCMAEx7nviZoD4AQDkAYBoAZOgAeswq1mqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAYBABGB3yCBthZHgtc3Vic3luLTYyMTY1MTk5NDE0MTA5MDCACgOYCwHICwGADAGwE_uw7wzQEwDYEw2IFEbYFAHQFQGAFwE&eventType=clickstring&clientTime=1634234729249&ai=C8G2eaHFoYbuuAdyxx_AP38O72A7xjKOGZfDeo5qoDuj_6cWPDhABIL7M12pgyQagAby90pkDyAEFqAMByAObBKoE9QFP0OBOsyO6aZ7hZ-3ezZFG18iDNi5KrhH8T0eyVZuaC1vCsmYTmIjM22oeKJZ3VHqmf5royDCkVAcyvO3AfPKG3qTjE8Qyr54HloZbn7kh46Pum4h4r5kR2C2f9FeIA6LCuTB0jxuTppO-jQhzzSE6k9MU-iOs7arEnpaA4k_Wldz8evI63uqPpn6dJ9pwUSvT5eEuhfYIfsL-sd-e-8iXSLJRm89M7iDyZxMB6DrwAm6HYEo54QNNMnE7MESxkHWfduCgAjc92vjoqVpcqCj6OOlck13PIJ9gdnA6KLNvhL9jH9zBmVff0vuariWiDsrUqGjtCMAEx7nviZoD4AQDkAYBoAZOgAeswq1mqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAYBABGB3yCBthZHgtc3Vic3luLTYyMTY1MTk5NDE0MTA5MDCACgOYCwHICwGADAGwE_uw7wzQEwDYEw2IFEbYFAHQFQGAFwE

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 6A23 28 KB
14 KB 43ms
43ms XHR
text/xml 64.233.167.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Caj0xo7FyFuaGhwm_0PvGxrfRzGPmjuJ-9OC4cDYb72HEwv7A5rUnLlrkB3Q6B1LN4iE1oFSZmFWytA32crFvbC_tbhg&dbm_d=AKAmf-CNAyxZChcrTuu8OSaH7qRLlFvUMuKC1lgHJcgOEnlEx3Fl81M7YcLEJmTdXcSh8WNkydcKXG5q3Wks6qQ9IDhPJTKE8rPoGPE0QcMI3HoFHqx4HkRUy-mL5G_pUT7tz1gDzsb58vgwaLmKInHgtf27s5QOpqS4K1RIEw9AnZE06wrnIvKPCi6ZDQ9t6L-6_vEEcYyX8itup08HHksURc1bnbhCRfzFNEOb2mVmE8Vyq3BdY5AEI4eUOOsdsIixTEV1BEA_SHYLVGDCxGaSncIXi4P7GFjbge0wxhaXgJAWfdHrJveZTzVFpPkBum_Nusl60coQ2oltmp2bjdrGr1oB1LNOBSXoW-6L-lDl5XAGcP-hl5pK1E2gyDrwbYUbDKD9uW3rgPa45oiTzSVEmKftN-oq-ne03TBX8H74_LIYc9KwLn0P0X8VFz0L6qjvv1KITA3YJlYIGXvZD_H0G5wsgQK1SM4PuwcycS4CLPsBfKSu_MyzmtRDekTsVIm51f5Q98KOI6Gpe8vlV2P-a26K-9jSw3K7bXnHD_eZJHsJaN_1mVjH8PnKnaJZMaka9f9w4rbD33_7iEFvycfzFddF_NWmVj9DsD0bkQ5JlGjO7Y2_Vag28EBKPKP0XBTl7vF7HGtxVkPcMS0g4QSN0pqC5ET_RO76lMBmsiwJReOtKF6-iA-dV4ZjECsfNuL_G8_52C6yQfDVJpsByAx1jS8LXKX74uLIxG0XTpVYBw0W-fJgIvKMWM5XZh9C8DTqWSd2kvhgNWIf-udzpqLaMEq4ZuXunEMFawUi_dAzwu2YXVaQg_VBbHDQT7sVn1nq4BKMwypcwC_WXW5fVBKOQnIYQ89xlg9daQXpZcjYflKRIlmEiHzXxYbmQHf9iiSkoPPVAuiNw6sC_YvzuREELZsQ9kwR-SXqB-FuTdZzZkddq-t6VomadNEBhnXmGSiqT5aSltmSdGAWdBIU5sBTrBCy546LUXbdzgNyzb4ymMpBzc6ATun8yL8XYp0QNJpjNISogdlbtFmp-C11ROFRKMRTvvGLN9IIxOkN1AW5MpQaxvFpa7pRY9rGUxU3osYsDRrwTQ3GDdX18UVj5N3DCISfA9w05FIij_hFbS6T7F4v8VcZUetelc5Xu_nftKsMCqv8dFZCtJZ_xi2rhY6v1uCFG90RcUn8YqLpuy75Z29zH9TLhkVZ-GBAV0HJ1dZWJpZW59-IrjHDSvU5jfHH_anEU5zDdCRQm6eObqckxJgYbdGA9A1yajerEXVi7-nN28N1hdg6AHfSfIk9eIUGyyDFmUpwZU-oCF2ULsXUXkNIQI-GT-PGw6BeV8l_y8GUlTLKSZ0c2lTBicGV0XDAy7Lq1YfciSguw6Q0gSRo3K7WLYBTnHKA9Ke-2Vlf8gvrtLEC_cWaumCG5FeIJvlO2uivfDEBhXyZwSO5WXO8-YJAPBob9e-sHlKJVGp_DNqKg3uGkAcjsh-2b2HnO5VGXWlq8YIOgGfX3a_smRHIGxsVN5AR7-ioxm7_jOxibsfYYSuj9qUUWSwwJZvEJVQxOxvGpIUfloN-npSkGj4y2i7ESHsSRXHAQYLsLa3WlGDrtuLKpt-vI1j2xGuOmlGODlCCtEDehM_hHYAlskakv9EP4mxW2rb-M5ol61BQgCIrTVbuDNs2lOpfW1idpXtCtVVOkD_d0A0Cqfcr03pquwnTCfPFfA0wYPgqjUQIwYf45nJJ8Nvc7XneZMQyy0_5n0vqDqan4LPrzp7bQTprGMR6jIkD_4lC7Ng95ore7dfkHyAX-lqZIL25ApDkD0nvoXzDkvBRVp9b9O6Eckvevdj3L82uhs0ahY-dOJFSNqytVhmBwX_UCu_hG9udDJbRsEgbd1giEM25W8BLMqZaYujgy95vKkssk6Yr1Wog1S-DjQGNoDmXWIrJ7S49v0D1tZiKV5yvGrnZ9r7eEl6a48TDJsKpbmKBiuUqS_3D-aB7TBbPiUyrYdizUIiRdzEKM-_2_ARpQm5-4tdQ87zOukMP--LFSns2OXQaoe5mIbq4PYrO5RzmhvDI86CVeMWbT1jwkwIB0zuOsVh64wZ7OlHqz7ZSVTYCMJbkER9ueHvvUqP3E0cFZXZbMh26BHfjph373iBfJuQR5nFcSigKrQFaV1IFggNWvQTORAulGga61TVuqXV9yAm_zLwkSDxyjBq9md1cXRodibd3zy5RxLprUnmfNA_TpINwfg2eoRv7KJfnVf1Fof4T3m7rA1v13PTbRHIIOsSEfrJ--B1yAC1XkIwuX_jnkd_yqoVb7asOlDpOljGmuGTlPV-jj9bt0T0URtRwowRW-tbQZpyktVVoUpUZtUO2g7osEcei4TcP2MPXWeTfbrVGa2LPIXy7S1_U2zBFk5bo9-wa1_9wXWXYMIkfXyIbRUXj8g6Of2AMWtlMltKrKwSjzTR5jI7CXr0PtYdbXj0WdgApup7wMcGL0RZ5_0xW8U3rVMoSggnlCsv0gGBjmevzkBWlF2KkYwChDXcgkQVSCfvuiUi71tBgJaPvLx_0mADdj8FNv_DecT9wK88c_CUlqHQeAaj4HAuY_CG9BWc6Y7hliKtUupU2L8xiqYWljwJp6rN6Sf-gdQC6Pw6PUy49TISTFyaQZ19JUGdPUQ9uPU_tBrdsp9gqGr3z-xyHEY6Z-sQSjiB0DYgCdaH8wIjXfR9k8erH7ndQJH6hHLPZ_eeOtGwGCa_EYe2lZw1bazGFtrCmW7cl21ElzTy7R1zcQ8e901fUPAqrv3Czv1Or8aF1Va8ix0Si0bIKelIIEOMTCmKUKoRSqsFiPP6KvBzSAjuCQEdZOMpObegyRh-wBSlvv6HYR8n6zlm3gJaHpI8-JwwE_tcZGcuMR_LusRwMo4t6BbdaS1sjLS6LJHBWkT01iar4hrWSRqEXrIB22MQtJlPCAQj2kRiTscs1kyvYpuy3ycYiihROIX_8DB3lKG8-Azt3Vb6Wm2KzlzLbLH1I5cjCg8_dlv-mKGGZV5RKvX2dEnHdqPnpsnkJGGALgekTM-DCwI8KC-lf8rT6bUEF1Lp8TvmqfSpSrSqueUebj5iXal0zgSAMDUZ--sAIKpU8E8CQj0vH1PIuEMTivrSPyl7JAZe_7gRYjLAqEx9ovEkR5jyCaRpJdGFb7BXMmW8KAoidfrFbGFVJv-59qC-fsH76ZQ6ZHNnBT_gjdZJ4pkIwv212eqVcKOIlMUEeDfq3I_C3axb25W3MyY_p0j4kjC4ty8yqlh9jmEvK&cid=CAASPeRodmQBdq9PKFqgcmCxA1jE8H0ZJ1f4x6SfzouyQtA1umkz_2SQhdD3jDXfRDV4S-R5gKVPL2cxHcmnNF0&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.167.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f154.1e100.net

Software

cafe /

Resource Hash

8bf2c3c3842d050e7342e12dc43dc3549662c9e02ea83d7792d04d534ffad56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13924
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6A23 0
0 45ms
45ms Fetch
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1a8zaHFoYbuuAdyxx_AP38O72A7xjKOGZfDeo5qoDuj_6cWPDhABIL7M12pgyQagAby90pkDyAEFqAMBqgTyAU_Q4E6zI7ppnuFn7d7NkUbXyIM2LkquEfxPR7JVm5oLW8KyZhOYiMzbah4olndUeqZ_mujIMKRUBzK87cB88obepOMTxDKvngeWhlufuSHjo-6biHivmRHYLZ_0V4gDosK5MHSPG5Omk76NCHPNITqT0xT6I6ztqsSeloDiT9aV3Px68jre6o-mfp0n2nBRK9Pl4S6F9gh-wv6x3577yJdIslGbz0zuIPJnEwHoOvACbodgSjnhA01qcKHF1yPW51-ccv7JpVILcMhx0ks9nriqd2aNV3Mqtniy_ZRqIfsCq00HLwYJdwd4KImCPWDRQIpjwATHue-JmgPgBAOIBd6Hko4qkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAeswq1mqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAPIHChD02EUYjKiJrgHSCAkIiOGAYBABGB3yCBthZHgtc3Vic3luLTYyMTY1MTk5NDE0MTA5MDCACgPICwGwE_uw7wzIE4va0QjQEwDYEw2IFEbYFAHQFQGAFwGyFx4KHAgAEhRwdWItOTk1OTczMDc1NDAzODAyNhjG3W0&sigh=rvOIJWIh_9M&cid=CAQSPgCNIrLMkAK45UbJEu4jnbiEsObSsiRU2FGxwScY65BcwHabhcmAXtfdWb7ik32tPEvCU-4uF3p_AZGKBATL&vt=10
Requested by: Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 6A23 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07b7aeaa3d85ebc315bf325cefc0f10bb5d307f7494a3e32814e20c7cbc7e173

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1348
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1&C=1

43 B
894 B

13ms
12ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaQJxCz3bABGLDY7bUBMAE&v=APEucNXvwEkbon1lanceFKfJsN_CU0OGO6x1-dnd2B0keNPBiDCKyGPVrHTpo5lveXJ_rgStjug421pB7eBSekJyiyp-Qg-DNw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 18:05:29 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:29 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1348
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWhxabOmhdBDuKxLat2uzQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1

43 B
894 B

16ms
15ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaQJxCz3bABGLDY7bUBMAE&v=APEucNXvwEkbon1lanceFKfJsN_CU0OGO6x1-dnd2B0keNPBiDCKyGPVrHTpo5lveXJ_rgStjug421pB7eBSekJyiyp-Qg-DNw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 18:05:29 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1aCdlrfJ7sVFcrX7J4dBk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 1348
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMU85QnziDnRCrFTR9MPqoA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMU85QnziDnRCrFTR9MPqoA%26google_cver%3D1

43 B
1 KB

13ms
12ms

Image
image/gif

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMU85QnziDnRCrFTR9MPqoA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaQJxCz3bABGLDY7bUBMAE&v=APEucNXvwEkbon1lanceFKfJsN_CU0OGO6x1-dnd2B0keNPBiDCKyGPVrHTpo5lveXJ_rgStjug421pB7eBSekJyiyp-Qg-DNw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:29 GMT
X-Proxy-Origin: 216.131.114.25; 216.131.114.25; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8f3a6253-8513-4883-959d-b607f5745eac
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:29 GMT
X-Proxy-Origin: 216.131.114.25; 216.131.114.25; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 91870c91-0e4f-4276-afb3-d7601b5d2473
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMU85QnziDnRCrFTR9MPqoA%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1348
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ2NzY2NDE5MjgzOTQ4NTI1Ng%3D%3D

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ2NzY2NDE5MjgzOTQ4NTI1Ng%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:29 GMT
X-Proxy-Origin: 216.131.114.25; 216.131.114.25; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b1cbd1a5-53d5-4b3d-aabb-a22292902532
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ2NzY2NDE5MjgzOTQ4NTI1Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F70 35 KB
13 KB 10ms
9ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 file.webm Show response
r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame 4A2D 342 KB
342 KB 13ms
12ms XHR
video/webm 173.194.188.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/306F222EB974C5801524B04CF9B7D1FF46F2F97A.690D02880AEE7E5E1BBBD8C230EFF01ADFA5DEBF/key/cms1/cms_redirect/yes/mh/7v/mip/216.131.114.25/mm/42/mn/sn-4g5ednss/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.webm?range=0-349999

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

2c277265caa1ddcb86b6cffbebfd66d8e80309d9cd4291cdc7e5db41c15e3405

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 350000
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
expires: Thu, 14 Oct 2021 18:05:29 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 551F 35 KB
13 KB 12ms
11ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 54E5 0
0 51ms
48ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101101&jk=580715759903413&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 6A23 41 KB
15 KB 8ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 11:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 08 Oct 2022 11:24:01 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-4g5edns7.c.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 6A23
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r1---sn-4g5edns7.c.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/acao,ctier,expire,id,ip,ipbits,i...

0
0

83ms
16ms

Fetch
video/mp4

173.194.188.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5edns7.c.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/1D49D1C091E90C08F862B9A352905A35F6A07940.4CDB6E10C1DA09F25A627862AF668F16EE6FAACB/key/cms1/cms_redirect/yes/mh/0D/mip/216.131.114.25/mm/42/mn/sn-4g5edns7/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.mp4

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

173.194.188.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s30-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:29 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2180903
Last-Modified: Fri, 25 Jun 2021 15:03:48 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Thu, 14 Oct 2021 18:05:29 GMT

Redirect headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 646
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r1---sn-4g5edns7.c.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/1D49D1C091E90C08F862B9A352905A35F6A07940.4CDB6E10C1DA09F25A627862AF668F16EE6FAACB/key/cms1/cms_redirect/yes/mh/0D/mip/216.131.114.25/mm/42/mn/sn-4g5edns7/ms/onc/mt/1634234338/mv/u/mvi/1/pl/24/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame FC8C 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8d7e3df2dba59564c5d687ba6f4fef8e103834b2717488d0d951da3a2af9f93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A47F 0
23 B 51ms
50ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

impression_pixel Show response
t.myvisualiq.net/ul_cb/ Frame 5C90
Redirect Chain

https://t.myvisualiq.net/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i
https://t.myvisualiq.net/ul_cb/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i

43 B
573 B

8ms
8ms

Script
image/gif

3.125.90.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.myvisualiq.net/ul_cb/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i
Requested by: Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.125.90.12 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-90-12.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Thu, 14 Oct 2021 18:05:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://t.myvisualiq.net/ul_cb/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i
Date: Thu, 14 Oct 2021 18:05:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 200 L2_MSFT_Windows11_V1_300x250.html Show response
s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/ Frame E1F3 8 KB
3 KB 42ms
15ms Document
text/html 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

6b604cbfa423fafdeee03a3123b88204949be062da6f080704c47bc18458c880

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 2669
date: Thu, 14 Oct 2021 12:11:16 GMT
expires: Fri, 15 Oct 2021 12:11:16 GMT
last-modified: Wed, 29 Sep 2021 18:11:12 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 21253
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C90 0
24 B 91ms
91ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv8aEZw2RaGNZVtS8UZaDTqgnEKdr3h0lowogZXvb4ACsYfQq-ZFT0ci92aKprLuDHHcMTOa9sOVCGNSOej3LqJveUJGt-xatiL8eQ9jkiWiujBCZepEBwm9wW3hnvhC1EdHSb7q8MTz2tSOZAsP-lRmk1Clm2EvbAkTwAhnIBWmYjxyeodNN7QG_Rq0T0_0PTkfl827pIq7mCyCE5bTZU9ZRli4NzzAWLY_G9t6gXgQ0_UBK3oBMNlIccw0gOq75vgpXZqCTMTACKVaTsvkiDDVnHaq6DjIWw4HyHHAwvD3-mJo18Qw8EFryPjnWYDAz3QWHbLC36Z-YxGMo7hpTx8Hiry40ZSSpHaVM20wgqQ4S8GpYZHpaNRxGzjQm1T24muzLiZg_grfZioNRir5rf_g9in_gprCbmSpqtawoJFCYfdz6VrAc9J6zXTF8K9EvWI9QWJ7qySixmPHaUwUZe8fzVF8bcXoGJg-fow8oGs-pHpmQnFxnX2YjEgjym1dvxWFyK6qNqifjcKtGr4dBdCsB8UUXlBLPpvBA0Qb8NYTzCoO8UhpllbxkWXzsAoeCzH-wBC1C9Rs0q5QnEWRE3lGfs_mptFeRYXJEw2n8Ll5xR16X8EFugKguh2Jpp-DhZGoTHYtk08fs03-R0So7PZOFhHwPsNveh3tZfVxZm609Jj4h2MaSmxV9usutST1NGBYHJH7E_CqjzSq-9Xmw5a2Lr1kQV9o2H7nkXVYLzeMeKtrko4w4xDiU-2ZxZmXIkoTO3FOoPgnFjEPPq34mkG7axmtOvrcVOHDbXyyoZagDgJo5XJtSM_X8-Gndg8GHgLnyYHj5POio-Ejct9ookZ--awrZj7S8PpPEF4gEJ6At2WmDHLyz7s5LXOUpQXRNzhTler810h3KbWNGZZKJhJC4VArdfp2N2JvETnx2t_3P0LqcIooi0Off47spBQvyhc_2JAW1sa7S_PvVX0mpbaT5fiEArh2Ak1fR52fYdZhCetr9b3NuPZ2htW4ZFDzGCwmagDN8kbT7Ma1WzTAl30OEjQvsjpqtO1yKIuS2VILAznE5sq-tTmyxl2NKJCgd1unFDLvYlW6wq3MqghTAkvEo4uEHCnr4fgWXNGWLU70hHWpJ_ypT7gjY6AsCAjFj2LFVxYHKF9TDHlh67IIL1PaZPjlkb31qViopP89M01TeyJ9koZtg6g5H7b0ayGXxYRw89RlLHGJIw&sai=AMfl-YSIRqR9gqpjLAgKlhRSykryAgPkWwk2Rj9lHI9uzzuqkqJUPjK7VGnzowt1q22K6A3gxo-_j8RJ0259PEj7e3wd-wEgjG0-3wpXmLP7jZep_U1iJP1p7mbPaRk1Q51UroFwhCZjxlBYZGYiT1TTef9ke3x9ag&sig=Cg0ArKJSzBjD2solzxDPEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=232&cbvp=1&cstd=229&cisv=r20211011.94707&adurl=

Requested by

Host: earnme.club
URL: https://earnme.club/?link=MOJjz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 18:05:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

sync
t.myvisualiq.net/ Frame 5C90
Redirect Chain

https://tapestry.tapad.com/tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D
https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_aea50768-3c1b-4778-9dc6-ed1b440cb393

43 B
296 B

15ms
7ms

Image
image/gif

3.125.90.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_aea50768-3c1b-4778-9dc6-ed1b440cb393
Requested by: Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.125.90.12 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-90-12.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Thu, 14 Oct 2021 18:05:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_aea50768-3c1b-4778-9dc6-ed1b440cb393
date: Thu, 14 Oct 2021 18:05:29 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1DBB 0
0 56ms
56ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021100701&jk=272788335596595&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame A47F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 483bd7b7240fa6e5d628476a395c6ac71587e0e87de179dda7ce780ce7ec0cea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FC8C 0
23 B 50ms
49ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3B3E 22 KB
8 KB 11ms
10ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 74181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7AAD 0
0 47ms
47ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101101&jk=2066361545737926&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 206 file.mp4
r2---sn-4g5ednse.c.2mdn.net/videoplayback/id/e2c87a8925614ddc/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1665770728/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 2495 2 MB
2 MB 17ms
7ms Media
video/mp4 173.194.188.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: 8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
URL: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.39 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s31-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

ebe4aa3b3e1e7ce80c31a7e465a69f914d4a1c5329e2d8071e93a82d17bfc7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1980426/1980427
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1980427
expires: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Thu, 09 Sep 2021 20:06:33 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 42A7 0
0 51ms
50ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101101&jk=2359724945446046&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ Frame B68E 0
17 B 100ms
100ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~kur95v7u&c=4141617371549&slotId=2070808685774.5&qqid=CIOsr-O-yvMCFQyuewodPyYL6g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=757&mt=video%2Fwebm&vs=854x480&event_name=first_play&asset_bytes=204877&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=2&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=msms_oso.17w~lvlcl.1h2&msms_mime0=video%2Fwebm%3B%20codecs%3D%22vp8%2C%20vorbis%22&msms_cs0=350000&msms_ns=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CF50 22 KB
8 KB 11ms
10ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 74181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 42F4 35 KB
13 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame DDEF 35 KB
13 KB 7ms
6ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5C90 41 KB
15 KB 7ms
7ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 01DD 1 KB
749 B 10ms
10ms Document
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 75554
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5C90 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ca4765e596c410e733be895b75dba5cb1a4b6b92ce3022b4d6fb68cd03eeb81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame DDE4 23 KB
9 KB 14ms
14ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Sun, 10 Oct 2021 10:51:41 GMT
expires: Mon, 10 Oct 2022 10:51:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 371628
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 2615 35 KB
13 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 9BE8 35 KB
13 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame FD8F 35 KB
13 KB 18ms
17ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame A86C 35 KB
13 KB 15ms
14ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6019 0
20 B 42ms
42ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101201&jk=3143325445286147&bg=!mJulm9_NAAbGFvHlxhY7ACkAdvg8WpN4hyD2wAiVD4EA6HXaFNDZ4-HpwWX4_ZYUiD3m6XMRKXwiyAIAAAMfUgAAAMRoAQcKAJDQV7vIuVp8yun9ytpqO9PKu9K-dD-50JaGEpcf5OwWwZFZEMRwGbI9v1Li1AswdDoNshYdmjs-4WtMswKNrRymkPUjrDm7iH-mJZH5rm_9UpNnyIjxo2TvScIc3D1X77FBLYiecCAENpcFoC7OV2NMCeJrkYb12QwfkNOm5nlTU4q1P50LIbs7Y_47pMQ2_huZArknYUOf2roht6AEdpX5fhL-prB8DzrSheC-vbb9-7Zq8FFbrU0_9ppCdOgjdE5WeibrE8LrddeuxW_4dlw_FZh7bCiaDKGCSJCahGmTygbfDWrZFmmbBjKvz9fQbiR4QsyHFPM1tLq2Br1qk5GNOkqv71pKiEhwVZne6sqLnTB1ssbvyklLMim7-5yIkTUFWSXlytmqPUYQTAfHA26q25OAJVH1gz_J-t9BRIzoXVM_r0c2gwVsDOb-TRJ5HaBTXBHrZ1wWbi7OJ0IU8VhIAusytlnVISFCl8YpQBOK55nSIulUhOA1j3JJbM8NTZYauOi76IhLh5hlOvKtCPfWFkQHRur3Im7SAtvNTLV7udl36rmD3sw9ncbIR0I6HVE2c6Uh2J-HLYaY_d3U8BMZgx7uia4J5o2WSkrTIQEtg35bsBPPYH-OpyA84vGUwP1dkDXoAYdsny3HaB8Pf3AThUiT2zQW-emMzPG9pFUNr-fJ2oTP_RdSfX1czCKqu0F-7oIXrmPlcZRrOzdlGXg4B9qrMLelVQzCefawnhyHnHxdGmS3ZhSyd7z8vjfL-TEc6Jsus3BN3vUKkTj6PgbiSuqeWp2ci1Mkj0rX9NsDX1kK3johAichh03LiBrMq5SFm6P36oBD8MoL1kbrSJXuK_eTugNklUg-DPD-DLoDv24Dw7Ndo0STgeRAHpdoRIXV5HIdUGRGX7ToWAo5cBMWDsWxzI4vhxgJVITefBmJYAToSG49yjA7SaWQt4UF9qBi0qGyECQMWn1ShotBTLMBy5Vczg4QbBQhS9b_1jCjQ8vSm0Da8y3bZFoIWvKZYZFrtbNND0N9kE1UzwUxRTN_9ofg-3UteIStWIDFjRLeb-4ynMyW3o4m5omf9kjSLFrchMjX_PvIUNafp0VnJWcD2ElszZjtatzvjiPU

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,...
ade.googlesyndication.com/ddm/activity/ Frame B68E 42 B
107 B 67ms
43ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15036%26vmtime%3D91%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1634234729838;dc_rfl=[URL_SIGNALS];ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B68E 42 B
64 B 18ms
18ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ColTQZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTpAU_QwGk4Fo37ZKBSBTXLW71GF2bkbD3dMrq0y3DxHpiK7HTBg_4CFc09WUXNb7tgcjGyEg0nOhxhH46WxT7zOxd2O-AEmc-BHEed4TeFv5oz_qOeXqQTrg92rspQEgtWDEdAJ3yI1X0RYSae2UwfODcuHAL_F-bqrkPxH-NGXOwXnXmJhAWeQXAqexv4SE5gABI1yMl0VBrMwb4HLw-9s0ZPycNCNsB_FTxDCnFRXbkJcOXwvPeaSzCP52VAnyOCR2QTQaPuTDO3w6LCa91yvcnoyChyDi3SZQ6Qv8onDRTIb5khGPYbGvWrwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB&sigh=4-OaAfm8Wjw&label=part2viewed&ad_mt=92&acvw=sv%3D20211011%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15036%26vmtime%3D91%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1634234729838

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame B68E 43 B
66 B 15ms
14ms Image
image/gif 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:48:57 GMT
x-content-type-options: nosniff
age: 47792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 04:48:57 GMT

GET
H/1.1 200
OK pixel.png
unified.adsafeprotected.com/ Frame B68E 35 B
174 B 35ms
35ms Image
image/gif 108.128.225.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiU0VDT05EQVJZX0lNUFJFU1NJT04iLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vYzdkZTg1NDQxMGUzNDM5YzNlZTJhZDRlYzhlYjkxOGIuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS8ifX0sImN1c3RvbSI6eyJjdXN0b20xIjoiIiwiY3VzdG9tMiI6IjIuMCIsImN1c3RvbTMiOiIyLjAiLCJjdXN0b203IjoiNzc0NjA0IiwiY3VzdG9tOCI6IjU3MjY0MDQyIiwieHNpZCI6Ijc2YWQ2ZjQ1LWMyN2MtNGYwNC04OTEyLTQ3NmU4NjBlYzhhNyJ9LCJoZWFkZXJzIjp7ImhlYWRlcjExIjoiRENNIiwiaGVhZGVyMTIiOiJhZC5kb3VibGVjbGljay5uZXQiLCJoZWFkZXIzIjoiW09NSURQQVJUTkVSXSIsImhlYWRlcjQiOiJbQVBJRlJBTUVXT1JLU10iLCJoZWFkZXI1IjoiW0JVTkRMRUlEXSIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2MzQyMzQ3Mjg1NDQxNjA5MTEiLCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX0EifQ==&key1=ROKU_ADS_APP_ID&key2=$APP_STOREURL
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.225.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-225-113.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 18:05:29 GMT
Connection: keep-alive
Content-Length: 35
Vary: Origin
Content-Type: image/gif

GET
H2

200

skeleton.js
static.adsafeprotected.com/ Frame B68E
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/774604/57264043/skeleton.gif?xmtp=v&xmapp=0&xsId=76ad6f45-c27c-4f04-8912-476e860ec8a7&blockedAdTracking=https://googleads4.g.doubleclick.net/pcs/view?xai=AK...
https://static.adsafeprotected.com/skeleton.js

17 B
17 B

465ms
12ms

Image
application/javascript

18.66.248.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:35:57 GMT
via: 1.1 6ee47dd27ca379a812104b559e9a5a23.cloudfront.net (CloudFront)
age: 8587774
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: GPBQHVvTKuj49CH3mQxxgfC2vq6Em1RRKDedrcOvUKokHr6Weg-Ozg==

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-server-name: app11.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B68E 0
24 B 92ms
90ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuafXomL7wweftp5xmztpAxe703AzeP7Gx92fRmcbaWd8957w2ed19rMh2hBFXpoCrDOFzOEZLfF_GQYTU0UFAOdo1S0qXy8_EDxJdHIrCiQ3SG5jqupJisO1BMntF1m7JfXEpvpgdJkwf_24jLT1opO0pKyq6uLf4fyp8X3Yylyw8q7coTJBhyri5L4TuRCJ7U2U4q7V9V5b6WY5nBKDVawMQcYLOPqQShGQ9QUe80686mRc9U319pH5SUQVw7-D7UKtwjiOZ9XilOxjNyDYVfKVDXoUef8eKJnP4UpF1WHmz3GUyVVmYlgo4Sc9e2mjBVSgOSNtqZQkRSj6G2K5cWTOS0XLeFpNWHf5ntDqLzPC1Sc8pLgF9V3pGK0lSKx-DUH8OOOlAvNhYwkwhUj47Uqj5Y31mrYn3U-5ogT_eQdVIkNCWweYVuKpPVMnsPoum7WkjPOt9W_nWCiV8dkoI-OhS8BXzcomA4aaW5vINswD-iHaLdljJgKErXichlu6-EjHn4FZzWIvlTcF_-GxNsfB38eECkCk2m9gA67tAVOlhl8u9gF3n439lbbNuqI7uEzU7FILI8UcnxYmCEpDKzT3miY_GCKqYnLjQ8Rm0Wo3UEr84zzrpqHBxKkFjOXTIdNJjXA_j7FXs-XCbQt01nNDXpoX-Cqg_a8pnSDAeumCemhe09ZcsNqXLIRkdr6tupJ1FjKdsbN42WvDT4yN9q1BvgRZuJv2bcVZJy_hZmBOuNbAiGgQgYDcUNQtzQMi02kaldDuoLwkgEYrUc6Y9FiTmKzRaEBI53Z5Tv4N7ORIZAS66RpSo1s-Y8tbVRb9JG60pEFDyup742KpTz1nrG92xEMVQhohnQ3F5frAz2UX6y452AViGli9Wvt51F8zhMNy8l4I9LqlQdFpHeghBmAb_4zSJjBUSPp0Dyd7j_FTroFdqJfmVGC1XvxMiPa1j_YUClYM83FMGkgieLEo235fVtWUm_RLGdAp7zla5w6435m0WOXz41kqi_WCqYRan7vfBa8m_kLy6V2Qt8FSwmLwvFQ_GJg9e9OkKBF_jnlwdlW8z9sEv4qaNR9RN-e-9-cP9mX-XpxKbmW_e-cXq1_iYzhzS1_MLxu60R5LNvQ3B0_3B4UGA_4__ogvEw_abrMSGWGR0tlfhoDcawVLIvWWKokVCkKAgbQA&sai=AMfl-YTjFzDSyDpUHZiYTSTzPFhoomad_Co7S2yp8y1XMBqOldW1bcVHftL9DhpKarqruGm8e41HZ74r-LlXsrYd0Rp_W9PD2pwtSc_h2u-nO76BwyOsDS6rbiQ6w-mYFXhmn2sbY1okZzH3xsSNFPoYiiv1GgRXzKX9rlf4U-4&sig=Cg0ArKJSzGrpmI6ExrZMEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 18:05:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B68E
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=COefRxCA_O0CGNXhhacBIAEwAQ&v=APEucNWHEqecKLXv5uEgjC6tIn8dRQcaF2wfCgTfGXxiMqblKr1AO6XV_ECH4UNALLC-TIOygTt_U9PWRspDdThVgdtsKQfgyA
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBjc5Vje-TSxdrvQCjiRvWg&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEBjc5Vje-TSxdrvQCjiRvWg&google_cver=1

43 B
180 B

20ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEBjc5Vje-TSxdrvQCjiRvWg&google_cver=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEBjc5Vje-TSxdrvQCjiRvWg&google_cver=1
date: Thu, 14 Oct 2021 18:05:30 GMT
via: 1.1 google
server: OXGW/16.217.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B68E 0
20 B 45ms
43ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0...
ade.googlesyndication.com/ddm/activity/ Frame B68E 42 B
515 B 64ms
42ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15036%26vmtime%3D91%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1634234729838;ecn1=1;etm1=0;eid1=200101;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B68E 42 B
64 B 44ms
43ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtXoMttdC_wbce2dpobe26GSYFtHBJrKQ8I1_QoYIvOMfMRSGIuSoAqae6zk2Yn7trEjALVCGkLaX-DP9oA_AugFQg_kyPjwIcGFlmq5xBib3bpko&sai=AMfl-YQAGVhtooSyq6G41uHSPJX-FL9ojq_UCvAHnNfy6gIKwiNH0mVQRGFqFaeyZEZAe5dvzIs5Z9JPItgBYi3xsNJUOBWzOjiTkG2cLFZSFEIDB-DrSD9rBBwHy9bBd_7a&sig=Cg0ArKJSzKniqPPI4lvREAE&cid=CAASFeRoBKjRL3geTkFMR2cZKsIKALa8Qg&id=lidarv&acvw=sv%3D20211011%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15036%26vmtime%3D91%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1634234729838&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B68E 42 B
64 B 20ms
18ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ColTQZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTpAU_QwGk4Fo37ZKBSBTXLW71GF2bkbD3dMrq0y3DxHpiK7HTBg_4CFc09WUXNb7tgcjGyEg0nOhxhH46WxT7zOxd2O-AEmc-BHEed4TeFv5oz_qOeXqQTrg92rspQEgtWDEdAJ3yI1X0RYSae2UwfODcuHAL_F-bqrkPxH-NGXOwXnXmJhAWeQXAqexv4SE5gABI1yMl0VBrMwb4HLw-9s0ZPycNCNsB_FTxDCnFRXbkJcOXwvPeaSzCP52VAnyOCR2QTQaPuTDO3w6LCa91yvcnoyChyDi3SZQ6Qv8onDRTIb5khGPYbGvWrwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB&sigh=4-OaAfm8Wjw&label=vast_creativeview&ad_mt=92&acvw=sv%3D20211011%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15036%26vmtime%3D91%26is%3D18%26i0%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1634234729838

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame B68E 0
17 B 103ms
103ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~kur95vli&c=4141617371549&slotId=2070808685774.5&qqid=CIOsr-O-yvMCFQyuewodPyYL6g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=757&mt=video%2Fwebm&vs=854x480&dm=15000&met.4=ff.1r2~videopreviewstarted.1r5
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 4A2D 0
17 B 100ms
100ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kur95uux&c=2233482178640&slotId=1116741089320&qqid=CPGtu-O-yvMCFTKIOAod8eQIdQ&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=757&mt=video%2Fwebm&vs=854x480&ulv=1&cll=0&vmfc=19&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C46%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=44&vsrc=doubleclick_dmm&ple=1&ape=1&umsem=1&met.4=msms_oso.15p~lvlcl.1fs&msms_mime0=video%2Fwebm%3B%20codecs%3D%22vp8%2C%20vorbis%22&msms_cs0=350000&msms_ns=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r1---sn-4g5edns7.c.2mdn.net/videoplayback/id/157bec254ce3ec2c/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3769081429/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 6A23 2 MB
2 MB 17ms
7ms Media
video/mp4 173.194.188.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
URL: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s30-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

271bc14db828439b0a59fd25bd65ca448b676b12ead46bb231919abcec106158

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 14 Oct 2021 18:05:29 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2180902/2180903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2180903
expires: Thu, 14 Oct 2021 18:05:29 GMT
last-modified: Fri, 25 Jun 2021 15:03:48 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 510C 22 KB
8 KB 7ms
7ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 74182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E1F3 236 KB
63 KB 25ms
25ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 18:05:30 GMT

GET
H3 200 L2_MSFT_Windows11_V1_300x250.js Show response
s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/ Frame E1F3 68 KB
15 KB 18ms
18ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.js?1631922210406

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

04fe3f8228adabe346683eb77382e9bb2f93ca0eb6313fc0f6ddf87ae8f3bfe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 06:56:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14868
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 18:11:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 06:56:36 GMT

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

1733b02e387e9393a6d6cda3f65edc42f42bd4d5f43ca3d36c3c3bbfb5e3c082

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:30 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 350000
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
expires: Thu, 14 Oct 2021 18:05:30 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 01DD 35 B
463 B 301ms
10ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEIvHHkL-xsFWXQMz-9mgvD4&google_cver=1&google_push=AYg5qPIFnJ2mYZunwOL7rGeogZoROzNQ3xdcJ3jKiQob3NBUSJcCY3aksyC24quC5yTlb_X081LZGI69S7MvKie14urr1t53k4fs

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 01DD
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHVCzYcIxVjNUUbNK2WPAyw&google_cver=1&google_push=AYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHVCzYcIxVjNUUbNK2WPAyw&google_cver=1&google_push=AYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ...

43 B
440 B

193ms
184ms

Image
image/gif

104.18.12.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHVCzYcIxVjNUUbNK2WPAyw&google_cver=1&google_push=AYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.12.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69e2bc7bcb921f3d-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 301
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69e2bc7a38d11f3d-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHVCzYcIxVjNUUbNK2WPAyw&google_cver=1&google_push=AYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJBjwesA64KGL4Oo__wVhcYqCyXRW1PhWJwoS3PAZel5r9x_EXYomq91F-SGPioxpNI4P9pTgwLqjFZO2EwQ2HSPWZzNRQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 01DD 70 B
265 B 330ms
38ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEAimvh-yAgGYW5nbZbvQq5s&google_cver=1&google_push=AYg5qPIRHQg25-X20od4CtJ_89vsGi6vTIBVuQoQU4HjcGo6Y6g4Ca_pcjXd0pU3oabgkTzVNXpFXGCIC1f2eEIRt5mSszAzzOY
Requested by: Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 01DD
Redirect Chain

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEGx5-fWrbpmrqld34JyPnvY&google_cver=1&google_push=AYg5qPJUh7tm8yT-9wMJtpdB38p_dHjp7rSg70D2tI2OsMzOz0YyfdbZwEbkqHFjbG-d3...
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJUh7tm8yT-9wMJtpdB38p_dHjp7rSg70D2tI2OsMzOz0YyfdbZwEbkqHFjbG-d3ynDCVucLcPAKJH1KfD3JdHyz4nA9lTx&google_hm=QUxBMVB2S3dRbEpyd2oxd3pl...

170 B
188 B

27ms
26ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJUh7tm8yT-9wMJtpdB38p_dHjp7rSg70D2tI2OsMzOz0YyfdbZwEbkqHFjbG-d3ynDCVucLcPAKJH1KfD3JdHyz4nA9lTx&google_hm=QUxBMVB2S3dRbEpyd2oxd3plWjdxU1E=

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJUh7tm8yT-9wMJtpdB38p_dHjp7rSg70D2tI2OsMzOz0YyfdbZwEbkqHFjbG-d3ynDCVucLcPAKJH1KfD3JdHyz4nA9lTx&google_hm=QUxBMVB2S3dRbEpyd2oxd3plWjdxU1E=
Date: Thu, 14 Oct 2021 18:05:30 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 01DD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEIKomR3F4ICoft1rmciZd0&google_cver=1&google_push=AYg5qPIamdMF6aY5ddXv5ElSKb6dwMSu2J76vYK8vq3JZI1k056RkPuxDjqryhRJqn7_0Por7hm...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VSOTVXRkgtMjgtRlNGRQ==&google_push=AYg5qPIamdMF6aY5ddXv5ElSKb6dwMSu2J76vYK8vq3JZI1k056RkPuxDjqryhRJqn7_0Por7hm9tSrzBrToSBEzYAaK8AGKC1os

170 B
188 B

26ms
23ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VSOTVXRkgtMjgtRlNGRQ==&google_push=AYg5qPIamdMF6aY5ddXv5ElSKb6dwMSu2J76vYK8vq3JZI1k056RkPuxDjqryhRJqn7_0Por7hm9tSrzBrToSBEzYAaK8AGKC1os

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VSOTVXRkgtMjgtRlNGRQ==&google_push=AYg5qPIamdMF6aY5ddXv5ElSKb6dwMSu2J76vYK8vq3JZI1k056RkPuxDjqryhRJqn7_0Por7hm9tSrzBrToSBEzYAaK8AGKC1os
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 01DD
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmc...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 01DD
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://sync.targeting.unrulymedia.com/csync/RX-a898ea19-5848-480c-b90f-4245fd88683f-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ7kcFLSfvBrfnxminKu...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ7kcFLSfvBrfnxminKuVy0q-9PcYGqI87-UY2GTmS7nod_3JBdjzmxUwK47o8UQ-Ari2s606n4ZR3ZwtNOAL05L0SgA_x-&google_hm=A6iY6hlYSEgMuQ9CRf2IaD8

170 B
188 B

22ms
22ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ7kcFLSfvBrfnxminKuVy0q-9PcYGqI87-UY2GTmS7nod_3JBdjzmxUwK47o8UQ-Ari2s606n4ZR3ZwtNOAL05L0SgA_x-&google_hm=A6iY6hlYSEgMuQ9CRf2IaD8

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ7kcFLSfvBrfnxminKuVy0q-9PcYGqI87-UY2GTmS7nod_3JBdjzmxUwK47o8UQ-Ari2s606n4ZR3ZwtNOAL05L0SgA_x-&google_hm=A6iY6hlYSEgMuQ9CRf2IaD8
date: Thu, 14 Oct 2021 18:05:30 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXa898ea195848480cb90f4245fd88683f003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 01DD 0
12 B 22ms
21ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kry5uimn1S_uv4W3KzC_U5tMoG4C5SpKmExd4syPaGZvytd5aShbzIflDdbeHwoqc_LBnx

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 3B3E 35 KB
13 KB 8ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame CF50 35 KB
13 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame DDE4 35 KB
13 KB 8ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C90 42 B
64 B 51ms
47ms Fetch
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsttrswNuDhpaD60xT2VIyWw9SZ4E-QXvTb2OQSS8Cie6QSjMxMC1KvL11HW4bVLwj9BUHjh06-PZGbYVyudLMhm34wKRL3zBFLLpF4mHCaJhJd-tIo&sai=AMfl-YTXVprsYXc59Tl3xnyMXKHbf-bgL8qvslbOEmmEsodnKtizSR2omoe51R35DgOQ-x9fvk1D8HitHqyzKk116PsZxE9yo5wU7hpARvjfCYgOdhF36wptzjzP3BQ&sig=Cg0ArKJSzBirilIHfPPlEAE&cid=CAASEuRolHDS54RBQh8aw240WgAhNg&id=lidar2&mcvt=1105&p=0,0,250,300&asp=193,632,443,932&mtos=1105,1105,1105,1105,1105&tos=1105,0,0,0,0&v=20211011&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3685389058&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634234728625&rpt=979&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 L2_MSFT_Windows11_V1_300x250_atlas_P_1.png
s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/ Frame E1F3 62 KB
62 KB 16ms
16ms Image
image/png 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250_atlas_P_1.png?1631922210317

Requested by

Host: eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

e929b883c321b329d2c87699b04e2185c0d25cfc6ac80a2e3226d62fd130c84f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4471185/1632939072952/L2_MSFT_Windows11_V1_300x250/L2_MSFT_Windows11_V1_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 05:59:52 GMT
x-content-type-options: nosniff
age: 43539
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62987
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 18:11:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 05:59:52 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C90 0
23 B 50ms
50ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: earnme.club
URL: https://earnme.club/?link=MOJjz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

e8bfc0838d1127cefbfcbcf7a0e541c205217353c5be64b55f61a180e7641292

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 350000
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
expires: Thu, 14 Oct 2021 18:05:31 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 2495 0
17 B 100ms
100ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kur95v45&c=2731041728284&slotId=1365520864142&qqid=CO7NwuO-yvMCFYyv3god0i0E8g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=854&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=17&vhc=0&msm=1&aits=0%2C17%2C36%2C18%2C22%2C37%2C43%2C44%2C45%2C46%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7362 0
20 B 42ms
42ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101301&jk=2897545899839513&bg=!TU6lTgrNAAbGFvHlxhY7ACkAdvg8WuoC4L9ue9KtxC_8N35HLQdi7fgfQK-4cHAcQoNGF53YZ7jgjwIAAATMUgAAAP9oAQcKAKKkkuUat8mY_se3VVl_qA8cy4g3H2BLsbUGG6osRL-cbG1cDl9kFacjt9X3mUfBfAaj52lfUSz0gGcnUrhaOSAyGGX2jQ9i5wrSSKIIlsc16USMfaDa79KU7i7n2khcdjGBSG5mqrLF_n8XcFkzZ1UEWW3rBKQAeO2A0WO4m4fEgsqCXpXVWsTNzrvqtPv3CkbmDNZbuD9CWbp_JOBCWRmQxZSZAsRfKBwNgj1icEbC6RQiePC031eN9E5PLuAjE6pHXDqLQBe1eYzm31wStEpH-S7FAYNV3ap8bukt___IaFklbxyx5ZTKqbGo7sZhbTQQQpFAbP1u98SfKVfPynzgJbDDAOHsgu1ceJ4B24dqLrwEc8JJ-BUtCRic3gEJI54zOmkLOS6MhnE2-a6IEnU8z8y41s3QOgyVry0JCvakRyOOacbN1fin5MqTIKiMpU4PzP8FFzX_2rCd-iUXfGWea-3W-UB6oSliaqeb-TKdv_HsfsIVsZiHjpoE0Z8ANyPFF7lGHyheRJ68q--N4xp8xIURBvTHBMLEBxw-mBa25B_QDSC76i6gJqqkpfkJ5hN9gHZj02-_ethXXvasVRSuuZTVeV9z4jGp_Gmlpq4Cpw59NdYIy2G9D7bd7n6CBKX3W_PXfJXvbkZJvnaq1V9FdibMUXhPd9GmyoR_Z15WCZtlldzbtVOTxTrusP1k27PG9ld-jjkwTUD9vcoDdPCrwZjC6wM1vHfI1xXZqlNJRXJ728Gc9qx73iv3oNnUpig6LBS2kH5brdS_ZRF8VS1byGiS49w9QTssJPJ6yiUXEDubn4VmLLBWqCU_wX_SLW3U7LedHuV-5Ty6OWuC9_hF5Hy6VlMeR3XTrhCY0ojvGoW8uKsf5U61BNCoZCjsiqxBxcgAS6mdi8dc9tQO6cTVVFejnO2aJ79SYG8Eo_E1IIxDFRKef-J5tegjcbzbxINJPvRK7AGQwoV94SJedcaZcLsZ-CqMxyhabp6djcY2BO6DyaDglUP4_5ya_HAT-gycIR-44pJr0NRarf6Nm69ZiQ1F6hskgG1YMRf6eOBrc_Ip4O4osFBLX_emfSkoOZLI3nrAzpcIzEClQRfqN-vkTnFUBogimLpd2uHb-dS8MpaFHfdt6mFzkx5SR4rgBWB2X1wgEl-Sfdc

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 510C 35 KB
13 KB 7ms
7ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0J-uGr35fnBhcCBz1bhjI2ho5CXrt9wlcaTuMP0gbqs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:23:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13298
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13278
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 14 Oct 2022 14:23:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 692A 0
20 B 42ms
42ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101301&jk=933717603646843&bg=!Q0ClQATNAAbGFvHlxhY7ACkAdvg8WiUzzOpwQloCoJHU9QrKhYQqxEDiAD37YWevcd97QDpYxnUvTgIAAATSUgAAARNoAQcKAJpPsYxqvfh_qC8pcJ1kM8U7ZuXtkDGyOF0Fhx0H7bNN_ACXC9_63tf0hZMbOaO-YorKyREVpX5aslUlT-FFcsEB5StQXLox8U3iQMlEdxqcUd8Mis5BZfWbqFEPUKJTwhZZ5nGilO1kqjq7XI_WSz32nofQAdYtaUOGnaCr1RBInYTRBUgvl4hySeBPNXqF6kgxWvf2XSF7L7dsmQLVs6rWIgNPSn6lLKTy2lSPV4AAD6YI3QTeTV9vocG0LlGFFc0SBhkqjlr9DxxRVLD3Ivt94f1YCUXib8L88BlvXUagrDP_a7GwPsJCxh2j428iu7SThQT8TazK4FbmPcLAqYbQvYH4qJrS3uu5sb4say_zGCR6ewX0FsgzUbwUx1zsthN8cfBzikwt4MaGIbfW0_jyzMbH2HM5Xg6gAKvdaJXFLIWNDxMDehRRfPkDG7BQkCOhrNq93hM-nPgqcKvVkrtLLpAZD2F5IX092j2NISDM-0gqCYVmupEBkradWirB8iue-JNul_b-Y0NO0y_GBqnTzS238CUue0FULV49lt7jERSNNsNL-a_bCVJeJgfzahKMxVjPC-bhBJq05wQgU3F55PUWtB7EExjNAZMuaPPy3J1GIN6VDAXA6nNAJIGGCSn0rt6XQRf2llmg_B1_PjYpZiFa2xW8PmYjLeFxekOqe7tn1LIE-8elzafAgT0zqfnIXSw3Hko9ju6k_EO6NorKKdQZZfRUNXeo5gyF9YajfawQOdMvDZDSEZEwF79ZPnvtLLj3OOw79I4yAbwqJ4JmybMytS6_CFf_VtS_nvemYiWtLX4Td642WWkhPhs5gtei8EqYN_v8Vhs99VKP-r9YxUYs2xI0P4ujMt9HRRU96poebHLORgaMI43RqHHgy-OwhixV1EfImKa18LGxqnfMIElo4ynOGH49fXwMoZHaPs0WTLA8GSclldcmsREQKMA0G9lDOQMLz6-yaH0MNqenntGWuu_L-44voKAmVpOaJ2ynIh200toco6CyjEJ-vIOkqPPPWSbuPDCFeJ59Z9yvLLNvS-D9sRDKBFLG7Qo1-sclAlHE6Igc6ew7t0zCupwUabMcXRBPsqafo7JOd5xpYz6qLaLOi_KtvqhzeZ5wbyACYJwT7Bn2mGM3G2oMUIlIhXYUalV4qnpRMoxuKCRDyP0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

581495852f692996c526d562e12f0e91ff3de9398d604ae8c26344fd0e7ef29b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 350000
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
expires: Thu, 14 Oct 2021 18:05:31 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 551F 0
20 B 49ms
43ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BFPkeaHFoYaODFKzEzAaE44yABgAAAAA4AeAEAg&bg=!SEulSw_NAAbGFvHlxhY7ACkAdvg8Wn62S6S6AaylQ4e0_YgyUoX96aNhy1NngXT_ujJVKEFNo_ayQgIAAAWgUgAAARBoAQeZAxZnhQmQx8X8ZXt6HB2R7koKP5Is5FvOJOCc8Ov6_CP5OxeCCoCHvc2R4Vl7q6bT4Ux6OCnQqVegxOJqS8RDu2kPb87M_-pq7a-4HJ4_3V7g8HaPxys7OzHrI3Uye8XMr75EKFH5Y-5KtjhMJnct9N_znXDXYv3dbf5tPBu6NNN1NfRa2UCdeiUExv-Aup-t0h3yBd25xsvIrRzmuwVcOAQDAmutrM13sp9qWrgVPSxJAiFwdO34pRuQDXKuZ9BIoQafuaSZTK1YMYIfUCaxSqzcJ9ayl1joXlq8SQrMnsJAi4NUci9LCDxwhfk4pBudBa4oR0v7wK8xmd6866iAoSbn42pBWTNCSbdvoVc5Bq9QsX--WjGV8BdjbgaSWVTflEKLJCLwhW2DmF7QVQgUIxiEwhWPkR7C96tUbrh4I0K896qWPAO5o5Sx7Ch0Es8bMnRak9Co17Pddcjy6m2D9qOIakwY7Tu1THv5irs5NWTeeoG4SxA8JEnkxe1VOCRTlNAV-1MgPds0QVNII7DuMTgigtaVW6lN3KMOXy5_pyvCc3EXN7eFruOz58EalfUQlbK6g-Xy1TvI6MoGDWanbZQYVY-lOTNYA0GhAK1TfDND155zBX7jsKtnFyTGzgOZi4ToWj9YIi9wioruHdANm_V3ZiKb_SX4i4c1Ba6VbwscEUptzad-UIXtvCICFhN6xqT1lLF1rAelhRiL8uIjsvPEUPI_7Q6HZLafvUZUeRwmfkFTz5B-WRzUDScaX3ILLN3haumdYUOH672whkOBgopXnemD1pk8QTNItgP8nZLsGgiYBgCQ_CE3DA7af8mtbulcC-05DxUDmBz45UtEKflnE5uUZD-olWANX7JSCjPSm4A3JNZluaDiGpVuCWaRhPk4EbyoSMX2kGfZ4xnpiyodqc715hLoXdco3B0qGxLR2T6ru21iCOk34sLHMvL6Uj-ZvjUaESllCt2e9uwk6IbC7mCOBYyG1YyHa8RRSKiqfuEiNwf6iia9nKVfnPAOPBKCJE0eo3Kph6fBPI1JuUKEKYz02SQq

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 6A23 0
17 B 99ms
99ms Ping
image/gif 142.250.72.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kur95vdu&c=4859605075056&slotId=2429802537528&qqid=CLuCxuO-yvMCFdzYEQgd3-EO6w&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=963&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=18&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C46%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=343&vsrc=doubleclick_dmm&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1A0 0
20 B 53ms
42ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101101&jk=2359724945446046&bg=!DwylDEjNAAbGFvHlxhY7ACkAdvg8Wl6EiV6jsR2ggjuwunjP3wy7NLQgcXhvjyMKZ__Pq72eqChHNwIAAAWFUgAAALdoAQeZAr1YuAAUg9FfNL_eJlkakWoSq72-XZUKOld_-1_QPgGcj6Vk_oKDXKW_9zirum4d50s99cSWi2HhK9eum3YeR5dkrXksQAgDU7HbY_ktJuzaC1nF0qaPzG-2OPDXUIiOzqI1fcnG32XqOL7VaTvHdJkascpuzasB0f_QLBagsoON3y4dtG-7wBfSV831rzX0tDq84mOfsDMip9L_jsvODkMpjZ1KDtM3BpA2zm1nS2Q3cmX6cUcpZGNrh6q2A3jUp3bsufU-AIt1rCZ1tiTBoKoGIw2iZdqMeXDNaDQQ32X4nJpVtPDprZvQNYFsDDIqrdZLqZ8L4WNM7aZA_Me__26kr3uagvc16BSyHsu4B0PBCAqsTnjWZfUQ7FezEFcSAgw6_3pC7qUSIIrYw1ERaGSuEKFPNbB7Z_2xEE-Ski1cyLfpV4KMRzAnWvYNYf1aKxdHNS_7W5flb_cNYbBz-2_fijDsLB4AE-fLvGNa9sg6HPtB-QVnQwRIPCf_FAIq1xFU842s9cxkbtLXHvqJuJMmjtd7Jhy8EMf3KT7rycYXlgeVGYUiIqP3iVx1RKcMu_HJR3YuPdfNDP0MjktGVoGR2aqUu1IekXnN8_R_cBM2Jm_GZYJG_UHhSILHDGX6lGGj_dI8XILAMGqhnniRP1737N3g30n603Wd-NzFhGXNgFFS1LdC7jdDG-8is89XkQEDOEYbmoHXzBsJ5aznWusftbMl7qH8OYN_I7Te-8oDD2Ny_yuS6fbbUiPiJ3I56F808sAQoL7c--0ZCg6yvXF5G_yvQpn1aBGFkccs2QJtkyotID0zE1nxiDCsCsLxXNS0ado_A8PjL3qHIw2aRPcytIm_sngSjXTS4kpiL86ZVQPnmOR6Uc-8tbj5teuBi3nbgfbn3mcO9-sdfpxcvtBVvPFUozldj9DtlM_q5g

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 file.webm Show response
r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/9e9713475dcc5709/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778156587/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame B68E 313 KB
313 KB 9ms
9ms XHR
video/webm 173.194.188.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s33-in-f6.1e100.net

Software

gvs 1.0 /

Resource Hash

b019f959e30272e1458f57c8cf192fb7f4cc221154b274948c2ac2158b4d43ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 320309
client-protocol: quic
last-modified: Fri, 08 Oct 2021 15:56:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
access-control-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
expires: Thu, 14 Oct 2021 18:05:31 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42F4 0
20 B 53ms
53ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=ByYmmaHFoYYqQJfiGzAaZ_4rgDwAAAAA4AeAEAg&bg=!jo2ljcnNAAbGFvHlxhY7ACkAdvg8Wqbs87m6IqhAkfvZAn2iazllr0bLpHnuL7wMSSHjW6wME1KmqgIAAAXsUgAAAJxoAQeZAw1G86My7Nz7TMr7p0pW3vB-Q5zMRHg5d_KjgmLDLC-KSW4DN8VxX9mJBFVz4JSwbh2F5Edj6wifyHarfCNHNk6SJZyLZrTddQy0vGbCzIzyKpDqOBTxg8msTUM9y19oCgLGIFof6RDdre16WDwu-mMzZAER3iI8YEVu0vsbkw9zJ1TzEifqc-6_Bxu_QpRvR7cEDxDSeubF-mESkI6mT9gK5EQp9fRodlyP2NFaCMmM7ICDAnOtKZpsFaUunjpZRfZ3NKMZwIlV8t6C18r9sTebZSGK9nX23zNkrk7717aT_ZCsZqKk616cfZdf8ny_JD8zVIt27BAe5dMzqBvBzTZvaLjuvrvjPlmsVs92baDlgAOxMk5vRFB-IHR-xzYjsNYPG2Ii1beOfkti5HLO9Bc5GF6NIGCjCpTgnyzrqmnszt7bJw1PC7elet8YfqclfNy_Oo3B57MYjFmi70EnRWnAQqN0eUtd2mjyjh64hHq93iII31TEvwwzsabJfoURlVPl75CgWfLS5wKP6-pfqIb16CcZpuMoBh9m6manKi0gx_Y-j72jHgHGbL7w1_hslnTx_fIW_6DNVg9uafg9gaSo6UFknnUSVs7ooxHdp_f3DlcE1r-ZGTt-_Ixy--JQ2QKNRCU2cM_8PhkPwIMZWdi-WG8NX9iWnRQZdju2orQ6ZF5WbHvSjIcH7Z8aX7vcZDzW3m65jMadVi5c4WJ5CUA14T2bJPft3UPwom-6G_fv6dSVe3cLIVFKjBJJIsht24YSEJ8ZMYiHExmOtzEUxeOa29wkQsHzd606HqXh1hym7Mp64tEscaMn_PuMvcKqUpz3syEYsFJX_DfKtLtISA86Cwxe_ZrbNfE2pDcO_iBGhaljvtZQW52Vq6pnNup3MsGjrRwrfMf-AXUEFELaPKvNKX82D5GLJAL2xsAJvt5kewxUtH7CSXhU9CPAvXA5AFiYEEAULxkQc4QvNZ-Si4re3NyjA1Rnf3KXqbULNZd_cP2iCewPijF7N-zsf6bb_1HpN31l_BxtU8OvLyQW

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A86C 0
20 B 51ms
50ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BFp5aaHFoYajPOMSW1wbS4qPIBwAAAAA4AeAEAg&bg=!k5ClkNTNAAbGFvHlxhY7ACkAdvg8WpbWl8hfOqE64bkxEAhHpPkFrHacnLDzvOYmZOX0jF6dEcl-ZQIAAAVIUgAAAJZoAQeZAx5UlaZkFIOSdXf1IQA246_wldoxaqARM_fUYMghVtWywNucAZtOYO6ajUrJdZmGdqU9ISXpaShJV1p9LL8jZNR_MrO8_PT3QUyDyueWkAS9NYUzZhngFv9egm8wHs5DZuHTSitIMZfYHxY1_cN-5rfnWh63NpsfXgQdE4sY5XcLIwIVn0xRDWF0YZUgUidCuUfBPZaXd4C4eQLPmn5AaIZ1siOv1P4Qugvj0gYhUSQay9kJZMy8RoZD__mh4btYlmpPLQQLUVzv0GCdnq9OxlXkADhgLVT_QA11h1kqxxAwVz7NUsrT2e6kdD6nPVhK7UYZgtY3RqW-LtA4ibbLiNJ45NT9xEi6_6ZO6-hBRzQbRxJzxGsJkb5vzUxjEMbVGX8nsS4xPgYDOrsxeIzaNZ7vvvTBO51HZaFttRCOrpqH-5Dh_nyLhnuWvOgOU6hlymbZ9RuKd-l7djuRi04RKhzl7XzEzJ8jtsZvq2JmIwpEg22X_Xb1eIUgqNASm9DTasOxzRKEVGRn9HIRSta1UkdNOUcEl67FwA5ZC_kd6QT0bV4PsiDQugVwNtmo2lRWKUnjL0YxnVkcUZW8c0iL0HpKKj5TrIL3bVg0Et_Qn39llcoHU5eNUGd-pjTp1dkaduaqnwbz22_s9EwhiZ0QAsaDxo4Mr3PeiOehBTVXor-qFVUrJrpKWg_8OK_vVzh3C9qFkSmguM3QESQofWqgqcFrfWxPAKgefAnfgxJBreGoHe9ixyIb4btRl6dAmJBSGmXdAbrOebwInIauZOZ37hsOk6EIgYLWCVQa4roFFDZU-VW2K9VKhCebC7AKNCx4gGIzQVn-LmMB-_3cSeJn1wAqv9DTSJJ4iLYzaDRosQZOWD60yvLnypmB6ar_u27B3PZ2bpO3RTfPHDgvA5T75D_RnfSHyd-5yH2LHJhbm2a0kOgWksATrtpiTrIgWozD32a6c8pqKNBqLtlOcPXDLtwdBa614KM9VUlc2VfRSxdya9lc2KdBknt_PqT7IIeDmOxGNKeNfRsMmh34Nc0cCP_6Smei-N4NK092i7APkMw

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9132 0
20 B 48ms
46ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101101&jk=580715759903413&bg=!d3SldDDNAAbGFvHlxhY7ACkAdvg8WvEWNmNOGTeDpA0k2gfTbu-0pu49aQSMP-IPW7WPZKnOE9SeEAIAAAXdUgAAAJxoAQeZAtzkXj7DbCidCOXbsYY7i_d93YePCP4lRQj4oTh7Tqf5OfpKJicZyFOL5XYepn-sAp8x-UkSQp-utVy-_6wstYlKAJ8d_0H5kVen8JPQlZmLWXFGtT7-IU9QIGhNCYfaXjzTp1lHTYuS5r_zJ4QvM2O1A-kKFQRhr9AxbiDB9_5h_7J841-cMeJA-SnTFj-3jR-zwR9wRrYt6PEQJ5d3W9aMHFxUy8Do0LN-aPRTFxJMmApa828a2cFhBwvV2870UtjfnZNRg3A3eqPvFWcIWiWrPCKfKS34Nl2-hDsxf2jJCHEFgE6YPBLZSTJRpySJOpQjs9BNTAvGV04Jr4GAbZVgiw-jsia0wEbf25tVAVuGeb4LS5GoTlXg7CUOlz6WUC1YpPe6oYmnC5vB8p9_jYcRatrGHcF7GzHPjRE2qSv0SblujtRiUagWKAzsd9XqZJ73ft_Yv7YYFA4Jj1Pjszn8R4MVgdsJQkw2suN1DtgEH7mQoSGf7VXOFvmxIcJcJc33f_uEqJUTpiSD-ALMt3REZyYDYaK1j54H1o1vo3k--m_UmSWvcpHV7ud_5FuenRh2wdZz40pnkLxY48jbWHAeN03cEehff4TMW1dnevur9retZiRY3ius6uYHuErwbuq4LYNeGjhnIfPR-_oWHZ1Cs3aOSRGS3znru6IDuKNKjuXCP8XwedoSAh1Pf7K579BjMcDXebqMrItyoedNtx3BV6N-L1IrhEa-uvfqHrug09A_41IfLuH_PPjCsZ2Oty6lHUNxgaoi9lrcR9wAVptsf7hqz1aN3Pi5YXUGZ3hkqoZvbLHV9xi6H4D7BgKpJ4PsY_Nu-j2k0rThTwORl5h7QqKrLA8d3rY7zPwP-wpx6lVPn7e2ZUp5i8PUwc7n6YtHM3WzBsytgwvj39yEBQ6NW3tThmOTslVA7nopoa0V9OjS5MaiNSqf5YoeEZodLsOEO90TZbGmWd4Dhvc

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3244 0
20 B 48ms
44ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021100701&jk=272788335596595&bg=!u7iluPzNAAbGFvHlxhY7ACkAdvg8WveNmEpNSmDaSqbm7AawMbqkRy-eZ7xUvE76iO5TGUvXTxWz9QIAAAXCUgAAAIloAQcKAMCYNUkifVAiFEOfydzuy4IBIJ2wyjnrwNRMpjH0C5GDnD5YPTQuX9iUfHKkXGKlBvsLSM8dGOL6APBojgV8ouO4C0-TK4tgzTBHnAT9ryGDZgnLjSs0vVMCvwsog5Djvx86GuxFB1j9K-yC9gyXN2HUYVvfzoTVKBpzQNGuJPBG4wDTTNBz0J7fEif3PQ4GHfSQwnOTqQO-MxsLGgVWEml5NM2sGMzXHaAvbU9BHevchf3tpKbWnFaJKtASC3HOvPKZAs6c9zi0NSFPmKUxze9CbPZuxm08a_xcGpsuLknrD2t2FQil3UNxwdZ0ylxJYud9zA-JjiGOBIbwDmeyw6rxe0017gEwJffmTuBBu4H262NYnmlvPV_3ocFseqFp4ZlzNxM3Cl_J8U7tUorDg-A9N61Gv9cqGjvzLvPVZIdFOGTI4H1BhcmpEix74J3JuqwsKtDur7wScx6JdjUHiTe1AUsljpMH_z4voDqmfZQbyOdZaf1jV-hJnvnlarfDevpJetCYO4pFTZlYvZyeNbq5FfNSskhjTqmFHp_CWbRDPetL_3U7V0AO2N0UXtNDhBTwnTSG-z8Wmku2kUdwbjR3xXW1ykt-bxp8dYnmL3z-Zp3dySG-kOGx4pI-SOy25FnFcT71hBcgM70NuZDRlNw7534zxQpGFROecUSfRQj5QZapbHwALJmcWD5Mcs9SVTClfvt0hBAJpUi9H_9yCCB_m7fqoEfRzWCwybFTkNnM6DjawTv16AcS2IWNLSi_2w9RKRNHQwivBzJf3SRcBLoGi5q1kdP5vsBwxU8dVyuMtRNV_PzgN58lwhLxMJce-cMXRSMVGzaL4Z1a0P6EHFfXIf0PXvLb6_SoSOgrbduDgjLbpuDRsGg4o7mCHBaRGb75U-wY2k9OkEqSBUtEyyO6I-uD0IuPX_VSBTyACAulGBbxvmlEo5C9_nwSn4iQ4B2q0W3unVKrwZuQeoLjvPzADUraBZwEiFQcNoIEvyR3E9WpXmWUhra5iNvUPunuQqZ2aEST3QJSa_2Y5kz5s9eci_N7qbIo1QYfPYLu3SmXle72-OofUEQt9u87E8LLn3pNICp-Z-wEUzy9YJboAgwVeLbVLugtIKAa99lF2VgAxl3MSqkOerW802sANe4IgwYmCnAL2wN_V-a9B104wo8bXtxLEudOmxailQ4QLTcCsD_TGiyZTMPN0-jzHgeBI1GO

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C6DB 0
20 B 46ms
45ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101101&jk=2066361545737926&bg=!YGOlYyfNAAbGFvHlxhY7ACkAdvg8Wg4jhzlr1aMDm0vE-Ngw_rlef9cRmisX99N9TwVLLBcLBS6-uAIAAAVIUgAAAG5oAQcKAJetw4UZZu3hZG0ej1O92bNI5m7-VpMbLz90YH7uTlnlgQSBQaNIubkaM4woaXaRgYNDwMu9WU5ioRJgY_iVoWxh6X93mcBRE2XRttm3kuTFwFKPP9B03g2_duVnK2vJNGTFTBLSG8XGuj-88n6H1ZBAi8MxvbXOetNgz3KC9spVDrLbj-poM5WBG2b6TtTP7-VwUsL3t9KhmQLceZRMDukyhnUcVBVH4qcSGvzji35glsvfyxJ5B3Dg2cb5gAq8Wig2dErYGUc0GWNR4Va98tWyqM6uqfIdjkNhzVVqT462OMvX2sIOuL6tFDKUiUtKDwPdRqDV6pE_9MHH3j4d40Ld8bQUtjbWYxDncPIM-Kn61o7QI5vMxA4gpJB30ruNjTtp8UsX-vzTsPS9E766yZja9-KfQ1tlqiFWbpsGDeYXNP5HWnV62MPWYkfu60P8M41q7h-Ic2fruSKqcbc6cdIlfiJZ-ZdJo8WUk6uOu8aaeos8Cto5K8wacgHHyi7DbPVPamQBA5eGzpalLLTGj-MYBnHCE9NQBqwXtbmh7-2Zz3cQaVPzA_8VSjOyQvEGV_yrzevYH8noZmMyCL8EG9Q9eXQJBcMJcx_w-HfXmCl3riFtgOgN-rY3gLKbhVa3YaKrYWYKyOEYT1S3o5U8vFoIW33vjWBYDHWZQ24z3zk5EwvmY6kQOniAEDLTvuE3Wq7kV9L5jnsH8iSUkyr8S2vsFxdQ6rA9U7pRgD_KwjVgeeItmsZBgzBrtG4NrARAjO7iUiRz57_0owWY0pu08NAOX-FneKQI4cTa57tc6MThzpOdHtCG5GdCxgM0IRH95ARKBunpGOFOJrv61hML-piEuEcwo_3tXvhK_U2D9S51a5fDvDOM9wgAZHK17f9xcnvdqtttJI0lv3X20h-ibGftQZM8WG5IUw23zpkWIdZj83ZxzpgE-cd3I7CYur9Um2qhWuVwW_BvgT4CxmHluvos79Gcvqxar5pkfwbn7JhfyC4vwmhXEcni9PEN0WwkJXmqMkKrRXhqjtY0gbQjfnXnhc_71iGoDF9wy-pJ9YAwRuyePkjxr_Cw07dWyFqAInhnvpQC9v8Mg8Hr4Vzay-WgtoY3sQEFZU-zUKLYi8rWhTuowh23wRnSHVwPQKaOUJoDM3bkuKVZJZGceBZQS9wFCJrCNNzL

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 35ms
14ms Ping
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LY1N2M6E7Y&gtm=2oead0&_p=1385684366&sr=1600x1200&ul=en-us&cid=1283393647.1634234727&_s=2&dl=https%3A%2F%2Fearnme.club%2Fairbass-z1-tws-from-boult-launched-for-rs-1599%2F&dr=https%3A%2F%2Fearnme.club%2F%3Flink%3DMOJjz&dt=AirBass%20Z1%20TWS%20from%20Boult%20launched%20for%20Rs%201599%20%E2%80%93%20Tech%20One&sid=1634234726&sct=1&seg=1&en=page_view&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LY1N2M6E7Y
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://earnme.club/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0A93 708 B
368 B 42ms
39ms Stylesheet
text/css 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f138.1e100.net

Software

ESF /

Resource Hash

41fca96ec6e235b3dcff4bc97f90e036a6063d578eeec6a8a035f31e3b78eccb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 16:21:59 GMT
server: ESF
date: Thu, 14 Oct 2021 18:05:32 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 18:05:32 GMT

GET
H2 200 eyJpdSI6ImQ2NjVjYTk0MDBlYjUwNTczNWE3OTQ2MDQ4NmU4MzhkZjU1MjllNWZjNmY1NGZjMDljOTJmZDcxN2Q5MjhiMDMiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame 0A93 17 KB
18 KB 80ms
12ms Image
image/webp 184.30.25.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImQ2NjVjYTk0MDBlYjUwNTczNWE3OTQ2MDQ4NmU4MzhkZjU1MjllNWZjNmY1NGZjMDljOTJmZDcxN2Q5MjhiMDMiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 08515fa69a56955afd30ec29ddc98f4c3a8622caa5d4b0b4be73ad4e4122494a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 18:05:32 GMT
cache-control: max-age=1752468
last-modified: Wed, 06 Oct 2021 07:04:59 GMT
x-traceid: c06c671fad0e344906cf349b20cdf08b
timing-allow-origin: *
content-length: 17792
content-type: image/webp

GET
H2 200 i
api.purpleads.io/x/partners/9a6190e333652ba0aa5c1772903b380a:0a0114b2c34bab1e1b340e9f5544e3c6f9eaa9d76c1c8275fc25eccb2175c61084fc3eccf75ddf1bdf81a95cb5d9d89e00f0b851ee16e2b5b952422d28dc840e3f32b4a1... Frame 0A93 0
199 B 856ms
851ms Image
text/plain 18.233.250.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/partners/9a6190e333652ba0aa5c1772903b380a:0a0114b2c34bab1e1b340e9f5544e3c6f9eaa9d76c1c8275fc25eccb2175c61084fc3eccf75ddf1bdf81a95cb5d9d89e00f0b851ee16e2b5b952422d28dc840e3f32b4a1c81d9d4d3111319b10565dbbf934b915dc800acd15c8fc20a56f5b64/i?id=6d9995bb-f283-4885-bb59-ea297df11a3e
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.250.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-250-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Thu, 14 Oct 2021 18:05:32 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 794a723e-d6c3-462a-b993-5123631a267e

GET
H/1.1 200
OK widgetGlobalEvent
log.outbrainimg.com/loggerServices/ Frame 0A93 4 B
325 B 393ms
90ms Image
application/json 70.42.32.127
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=af562b17e42fab87bf5eb2685e08ab54&pvId=af562b17e42fab87bf5eb2685e08ab54&sid=8353446&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.127 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:32 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 8297c6005d98d846c650a4b2a357b066
Content-Length: 4
Expires: 0

GET
H/1.1 200
OK log-viewability
log.outbrainimg.com/loggerServices/ Frame 0A93 4 B
325 B 392ms
90ms Image
application/json 70.42.32.127
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/log-viewability?requestId=af562b17e42fab87bf5eb2685e08ab54&position=0
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=a3e07e52c1ad2db7fda1db8b42ab61b9:83927b30bd89a8bd8fc965996416706a94498e4e144b8eee86ee179ca9a9ccfee54bd4aabef200376a8643e4ecfbce2637008137d2a14d17030654b75c1d90fa
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.127 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://earnme.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 18:05:32 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 1c743bdc16328c236e8680d5d3fe1f3e
Content-Length: 4
Expires: 0

POST
H2 200 track Show response
servt.modoro360.com/ 0
94 B 350ms
112ms XHR
text/plain 52.206.167.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servt.modoro360.com/track?r=earnme.club&sn=&ic=0&tgt=0&app=&wi=400&he=300&test=&d36=6.1.2.78&apppkg=&fv=1&proto=https
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6114dbdb1f8b0669e215b7e4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.167.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-167-40.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://earnme.club/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 14 Oct 2021 18:05:32 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame 0A93 23 KB
23 KB 33ms
29ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://earnme.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 06:39:46 GMT
x-content-type-options: nosniff
age: 386746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Oct 2022 06:39:46 GMT

GET
H3 200 dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D2101,0,0,0,0%26mtos%3D2...
ade.googlesyndication.com/ddm/activity/ Frame B68E 42 B
63 B 67ms
47ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D2101,0,0,0,0%26mtos%3D2101,2101,2101,2101,2101%26amtos%3D0,0,0,0,0%26mcvt%3D2101%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2408%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D22%26pst%3D1%26dur%3D15037%26vmtime%3D2501%26dtos%3D2101%26dtoss%3D1%26dvs%3D2101%26dfvs%3D2101%26dvpt%3D2408%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2101;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1634234729838;ecn1=1;etm1=0;eid1=200000;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B68E 42 B
64 B 45ms
45ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtXoMttdC_wbce2dpobe26GSYFtHBJrKQ8I1_QoYIvOMfMRSGIuSoAqae6zk2Yn7trEjALVCGkLaX-DP9oA_AugFQg_kyPjwIcGFlmq5xBib3bpko&sai=AMfl-YQAGVhtooSyq6G41uHSPJX-FL9ojq_UCvAHnNfy6gIKwiNH0mVQRGFqFaeyZEZAe5dvzIs5Z9JPItgBYi3xsNJUOBWzOjiTkG2cLFZSFEIDB-DrSD9rBBwHy9bBd_7a&sig=Cg0ArKJSzKniqPPI4lvREAE&cid=CAASFeRoBKjRL3geTkFMR2cZKsIKALa8Qg&id=lidarv&acvw=sv%3D20211011%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D2101,0,0,0,0%26mtos%3D2101,2101,2101,2101,2101%26amtos%3D0,0,0,0,0%26mcvt%3D2101%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2408%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D22%26pst%3D1%26dur%3D15037%26vmtime%3D2501%26dtos%3D2101%26dtoss%3D1%26dvs%3D2101%26dfvs%3D2101%26dvpt%3D2408%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2101&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1634234729838

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF50 0
20 B 50ms
50ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=ByE30aXFoYZeWAtbX3gP7rK2IDQAAAAA4AeAEAg&bg=!CQqlCk7NAAbGFvHlxhY7ACkAdvg8WpVDbHe8PyI4OKMKzREZb6neVO6Sta23zYPQH7AkfroJAt_mvAIAAARCUgAAAQhoAQcKADTaceyEMQs4jPkaKL-o3b2P-8lmhl9EPbSVFoxWQ2UE2yUcwcRcWCmqrb_Q8Ca2srXbO2I0mQM0Jt43xZewzxqSTNOPnz187NtyCHOn8j5fzLg2dUAs2aocyX3I0E9a771TCHLYy3w6T4hpNNq7aSOggrnNDIL4twXl-tUJwccRR2omgYpIVtCfpReULv1pSRAINjO9i3uLTzwa56VYr18OVaOY5aI8aLApzVds0YZkb8tSAksB0u5DyMN7p4P1QkGp0vzshNN2wV5DqrtCZdRn41wjMIP3eTzRVEbehF1ThC-Xyj5JhPDN-jEv1E2OukwKFsPnBRs8tPhZ_OF648Y6vo_vqWDanbv_H6e8yEystATwGnCOz7sMnQKiHNh_E7Or90FqaLQ5rsclD-6tAiRrM6LkLucDhCskoYaviO-RHTGgzMJpobYYhxqx4ZPVDo0vy4I1r76WRP7JkdAgYM0UYrl-TzVwuo9x_cCB1hdND9dNQll8ocuvM1zuR2uYAxMe5MAXrAChCatgy-Am1OQ9zgxx9aDe3VI3hgZxxFMKey4mWDPQbHQ8Ox6n4lsDqoL9-aCQeyKU1zrviMfjKlP-te6DoY8HX8vYKuT9DFq4oPCqdw3dKUGaX6Knpuh2DrwuqGzrtugz-11ZB-NpV267tjsaI_uHTvFE4PcCH_drIPy-6ykgkCVfrgPGnBR8iVoAXJm5yXjf-mC56HJFvOeKDTRBusp06S-ldxGpgwPDsEJ4IL_ovv_fKNUlaw6g3StbktX8adh_1bg48YEEl9tSooLmcLgbm8i2hJ10ffAvv8fjFOGrwbpXee30pT8wgSd9SE0tLpLe4Qkmn7ME5_8JlZamb6MQMlmtyPwkVT87GUoBnyZRR8BANI0EE8PVz2vCstC7EO3nTXIeIuGdoLZaADJQKS7nl3v4XX77Mg_ewA1UVkvSVCLN-DAZRR3X3dbA7BvohVCklqlAE_0X3Mekuh2T07AAp4OFNYEJ7dbTEidPYVrzyCE-TauBKyR5wLn3itbf5QR_n-uKBsnfN_DWt0Bq0X1U41sb7etPZ7u8NamETed1DHi_-VxOBjssiFDWeXFrJwp-DiV6gXKMSqN8lzyRkEmmbyTXYw_Do0Ryo8Vy-DrRLC6VBZrKts-b3mSdbu5_hPI021A0EA

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3B3E 0
20 B 44ms
43ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvhE9aHFoYZfCPNmX3gPH5IW4CQAAAAA4AeAEAg&bg=!TE-lTwvNAAbGFvHlxhY7ACkAdvg8WkBHWlyEoXGX_ptapdQsQy7BIcUPkCx_9Tl5lHHxqDpd5D5NUAIAAAU-UgAAAGVoAQeZAxarkb_RqRAfhgie6hIjk5NCDy73YJGcSAw3ccuQ14UbS62Xvs4Jo0CVd_xFpOVh4Aurba7nuU9wVYr_Ah4coVHdWEkYKoRCQgf-wlNijAL9mjQSC2L5VmhpBkSMD1nIQEu1wpCwP-u7etMUJC-0d4Vkk85O1XuTX2zPO_ZNRSVEBgHP6Mp3rWWVCJGpG_OJd7_fJvtyzDs0N0e8vuSF16ExNZO-jNBHDMZC_-jl-7uzhJKqX4tD89DVybNaEH7DpJGuKuXxY-jVPQ664YByAXIoZLkwca7pqt0l-3R1vWWisX8Eu7l76oSK_0QOSvfZSLuk88ZUZ2OlKGyqSFitecXebK6ySacfULlaYbxpgy-CBlm99RUPJ2KLorxGRK3qIHghbXKhvJGgKK6FEWD_AFpoezFpwbWVfr_s2-yB9fpfeLRpOwL5HpR5TZfUQMLkwxmWeLOJgjhzI4SJNbwgiz0VyAY2ZwvLXmEDjX8uvhlWuW-cmDejMF2eYiDiMGrH8fJhXvQS9ehRWUTwVpLMZ5t9GnpaqmEMc7x4HwTOOBpQjs9ytKMlAy2UL0eChzT2uORqE_5VpAuGAuXmXWN4zkd-OP23KEWAQg2121MUHBBs6smI8cthpW3d7TAZm_Imem9QycrtBSLMo9IC9sYJ4pZWgVCMOI7_OqlaJf6wM8Q2e0l4aYUy-zyrWNQjHzAloaz0RUKzm43BBu2z5zdZbKEph84hp8nmuxoedXNSYJShjbJ6A6eHq3Tt3qbsHR5nz9nUPxH5um0Yu8MYmRHv27f_EOct3zn2WWcWmeSaFO6ml7Ea5r_2dtmSwFwyvJvms04Ov2TlUrp4-bF-L8CQURyrZVrEeq9UZBGAwa8znYhnY9N5A9v1zM3vnjNxNkXki7wZ1MVN7_cc60_KQpdncWik6vX47vJKYj4MLbeFmh-s_Tlf9yEk-IlWNHD5_9tsz1KRK-lnEAupfizdUda2Z1G2_TNOgpHSQ5N1HaYxvT_MxUgku1rm--GLnE5VJxu6RwvyhTB7c4y13Dl9hl3qVYaWXyk3vB-5

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DDE4 0
20 B 44ms
42ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bpk6OaXFoYaz-EPKFzAabtpaoDQAAAAA4AeAEAg&bg=!j4yljMjNAAbGFvHlxhY7ACkAdvg8WkkTnkT5sDWxDIV1VKlLIXhzLbWDb66lQO_R6U4rgI6_QX-1JgIAAAWnUgAAADhoAQcKAA9wGF3EX7VPdkdN_UBh076ZAw3dMrV2gRfgEMfAEEFoHOHHp-GOVAeDIHVY1-Q2f93Etxaq1cXysdD_j6TTX_8AjUW_esRhU40zNW0TlvmlKxjC031DE984FuAffigVcdhKbazz1G7SBQ4BS_7WYaTQlx5f1lw8HHoQT4nHhmuifuxGGSNVHyGbT6ydmU3QiduMkuZy1zmUIxPp5LTSRpyou52YR8cJpaIIICff2TU8QZtgJ2E6lCtc6T8dPWheos95N-tJgaxn39WryMD45e7WEtFLqJT2lFC1lwtNp2ew6SSid4IjBffUeAWBrTmLH01kMREznrLfWkZRnA9AIKWBibcjv5edHWlREK-y_eCFM7ai_VYwgxfQpnfelgm1YxXKcmv0pijYpYFNr_SiHz4sZ_O2lDv7uryYGjQUAq1WzMfkVZusyw512xYLrWNEbCLffdiMaXzt-VJo5gzmBvXhskE2FTcgOENKVhxozKawRwIjI6MErT2Xk0S1LtbvEh9hIGSOXURLtTdT5jIeQq8_BAxLsw5ngY2Awqtb-GwRwqr49i7QRuyNKGfj7GYMXSoo7b_e0b6LGYjbRxD5uK2bmghbW86R3AXzXbiIGUpqa_i5SLx8ZiMdKi4mmg5rf1V2EhVO2t6tVPMCfhY_aRk_wWRqDj5ZOSlAwbG4M4QIkc294zYfrfsRXk_RO_b86ui1GoMFzIM5EQDavLob39yxwBtvoTWx03PDtmGatrDCJU6rzdoNoJmCSQyR9GYvbiZsuTgGznQHM-uWqcZdWFivz1guyl43FdP2S8S3oj4NeQ1EmD4o5VT2I1VHYB9SSTDGkdH4XQ6CykxDOussFyC2Pj17F6H7HmnJoZJC7KTgaxbAEQHnOsWGUDmt-8jUmOddI_YR31BS3A55-E7wXC5q2nxriwQeyWcni55-6bquslV3KToAnuJ9QE3q-xP4OQRQRBNhM8vJSfLDaSc1Hb13Ka32nda0mbfY6h0_36uGLxwXGN9W2eTCHD_VU0ImSt6U6WkTlpFPqo_mlXlCC4cdV_x4k6FmkjuJAgCv-N_U

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 510C 0
20 B 44ms
44ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9m8ZaXFoYZpijJXeA5-OsuAKAAAAADgB4AQC&bg=!n5ylnNjNAAbGFvHlxhY7ACkAdvg8Wo-EQQZR4wgEtTb7N0J-ceA6gqGOA6LAQysBEvVF-Glp8ycxWAIAAAPIUgAAABBoAQeZAx7x5JKzoZa8CkMdJVr1AwZLS9Afy1qMn-XLj7ip4g1HiX8qDko3l6exjJ66B-F8pyMP95MREXJTtCZ7AB3P3nWyHp_ajX8iYm_Gp-hHczS4vAdFjw-vnGt_mfPLAiAwnkrrHuf7k4MQSa6uo5DT7L1EyznToGLa47AnHXF7j-heuc4dwJvpA_F_0-ZPBlCIiPuZz4N_qd2-3lBmzyz2X7VFX6pEcnb5OI5OufrXqcdxactMrXt4YPidXerxmkMiaj8fy6LyL2UJcl4tFUWKs85OmyfRWDg1QQVoJdUXA99V8QcMmLdK8p9ZxawMniRfh0bcO9lzdM0t1rE_wWbJApncV8ZNxyQHfCmZP_f1oJfM2yVebR5MaVqsoootXSGVdl3jOYHbz1Psuscr2jhRhURcDxBk0qutRN6QLBC0YgstAxzp3brfTitq74DvMvMSBootiL5RHFPcUdhK2CLA2hI3aH6iYshdwygNUHHwcvc3Q6Ll3pWnkqkfy2J333GH-TvcRR3fi-MgI_-k9ARDtfrv7Lur2ZskUCNChn9PQoAkgBime3xCj-kufmI0MnOd4aMM5E04oMVTlsI6DcQnEJU6XoZbilp93J60D93auXTjUq_SOA1v72khCwqm-2-Sp2-zsSOkTw_PorLLePlWb_AgMlZZO8si1yoG6vvGvV7Cc2rkD_qLIJwUuNwtJGoqYZWmbt9j9lJaDLQpTMh-8DyxgSWPmCv-3eSdAZo3nM5dkLxGctThi6f8xID9FWrFndyR84Sa0VZUtua_G4NI95q_1S1JcqmaYkxSdvF4q13SLHXuf5T27AkG0sN8oukho3Xg6NOSA-s4hECqIfziL7bUtvH1qt3EB75Unm1brwvnKqjfz4VWZUjcdcyLsqSUw9nB_-AgMzXdAWnGAFRKER_77B8Fp9-MKfKFgQtqwNjcNAjHV92F_wPnn7AZGmEPJClxxevRE7mMuJpsKmg1WxDpAE5d62H_a7Q5vzt2Bw-Zx_SPK0WPg9ljcHcboOqDNPuGHF6MGiqvLkGkIC3R4ZfyvPi9BY4rGZqNHAG66Zc

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D3477,0,0,0,0%26mtos%3D3...
ade.googlesyndication.com/ddm/activity/ Frame B68E 42 B
63 B 44ms
44ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D3477,0,0,0,0%26mtos%3D3477,3477,3477,3477,3477%26amtos%3D0,0,0,0,0%26mcvt%3D3477%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3784%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D44%26pst%3D1%26dur%3D15037%26vmtime%3D3879%26dtos%3D1376%26dtoss%3D2%26dvs%3D1376%26dfvs%3D1376%26dvpt%3D1376%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D3477,3477,3477,3477,3477%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,3477;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1634234729838;ecn1=1;etm1=0;eid1=960584;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B68E 42 B
64 B 19ms
19ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ColTQZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTpAU_QwGk4Fo37ZKBSBTXLW71GF2bkbD3dMrq0y3DxHpiK7HTBg_4CFc09WUXNb7tgcjGyEg0nOhxhH46WxT7zOxd2O-AEmc-BHEed4TeFv5oz_qOeXqQTrg92rspQEgtWDEdAJ3yI1X0RYSae2UwfODcuHAL_F-bqrkPxH-NGXOwXnXmJhAWeQXAqexv4SE5gABI1yMl0VBrMwb4HLw-9s0ZPycNCNsB_FTxDCnFRXbkJcOXwvPeaSzCP52VAnyOCR2QTQaPuTDO3w6LCa91yvcnoyChyDi3SZQ6Qv8onDRTIb5khGPYbGvWrwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB&sigh=4-OaAfm8Wjw&label=videoplaytime25&ad_mt=3880&acvw=sv%3D20211011%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D3477,0,0,0,0%26mtos%3D3477,3477,3477,3477,3477%26amtos%3D0,0,0,0,0%26mcvt%3D3477%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3784%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D44%26pst%3D1%26dur%3D15037%26vmtime%3D3879%26dtos%3D1376%26dtoss%3D2%26dvs%3D1376%26dfvs%3D1376%26dvpt%3D1376%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D3477,3477,3477,3477,3477%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,3477&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1634234729838

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D7222,0,0,0,0%26mtos%3D7...
ade.googlesyndication.com/ddm/activity/ Frame B68E 42 B
63 B 43ms
43ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo9fY477K8wIVLCLTCh2EMQNgEAAYACD8kvtLQhMIg6yv477K8wIVDK57Ch0_Jgvq;met=1;acvw=sv%3D20211011%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D7222,0,0,0,0%26mtos%3D7222,7222,7222,7222,7222%26amtos%3D0,0,0,0,0%26mcvt%3D7222%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7529%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D52%26pst%3D1%26dur%3D15037%26vmtime%3D7631%26dtos%3D3745%26dtoss%3D3%26dvs%3D3745%26dfvs%3D3745%26dvpt%3D3745%26is%3D275%26i0%3D18%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16778003%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D3745,3745,3745,3745,3745%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D255%26psv%3D254%26psfv%3D254%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,7222;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1634234729838;ecn1=1;etm1=0;eid1=18;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B68E 42 B
64 B 20ms
19ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ColTQZ3FoYcPcJ4zc7gO_zKzQDquB3_thsZ3tpoYOnoXk5eoeEAEgudvzJmDJBqABqLrFuQLIAQWoAwHIA5sEqgTpAU_QwGk4Fo37ZKBSBTXLW71GF2bkbD3dMrq0y3DxHpiK7HTBg_4CFc09WUXNb7tgcjGyEg0nOhxhH46WxT7zOxd2O-AEmc-BHEed4TeFv5oz_qOeXqQTrg92rspQEgtWDEdAJ3yI1X0RYSae2UwfODcuHAL_F-bqrkPxH-NGXOwXnXmJhAWeQXAqexv4SE5gABI1yMl0VBrMwb4HLw-9s0ZPycNCNsB_FTxDCnFRXbkJcOXwvPeaSzCP52VAnyOCR2QTQaPuTDO3w6LCa91yvcnoyChyDi3SZQ6Qv8onDRTIb5khGPYbGvWrwASLkJ3XzgPgBAOQBgGgBk6AB8DFusYBqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01NTYzNTMzMjU4MTkyODcygAoDmAsByAsBgAwBsBPuz_UM0BMA2BMNiBQy2BQB0BUBgBcB&sigh=4-OaAfm8Wjw&label=videoplaytime50&ad_mt=7631&acvw=sv%3D20211011%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,189,335%26tos%3D7222,0,0,0,0%26mtos%3D7222,7222,7222,7222,7222%26amtos%3D0,0,0,0,0%26mcvt%3D7222%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7529%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D52%26pst%3D1%26dur%3D15037%26vmtime%3D7631%26dtos%3D3745%26dtoss%3D3%26dvs%3D3745%26dfvs%3D3745%26dvpt%3D3745%26is%3D275%26i0%3D18%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16778003%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D3745,3745,3745,3745,3745%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D501458933%26psm%3D255%26psv%3D254%26psfv%3D254%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,7222&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1634234729838

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 18:05:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.earnme.club/	1970-01-20 15:28:26	Name: _ga Value: GA1.1.1283393647.1634234727
.earnme.club/	1970-01-20 15:28:26	Name: _ga_LY1N2M6E7Y Value: GS1.1.1634234726.1.1.1634234726.0
.aj2414.online/	1970-01-20 15:28:26	Name: UUID Value: a5c6969a-24fe-5f6a-a5b4-87546cd323fe
.modoro360.com/	1970-01-19 22:11:38	Name: aniC Value: 1634234727365-911940631243-006647-001-002364
.aj2414.online/	1970-01-20 06:42:50	Name: ucv Value: 9-DE-1634321127629-24--11-DE-1634321127818-24--
.doubleclick.net/	1970-01-20 15:28:26	Name: IDE Value: AHWqTUki-mMTijwRslMpRLZQW5f9o-2ai1cuxV0c8eNhe2wAsjOTP8nb7Bzf0ZTffPI
.earnme.club/	1970-01-20 07:18:50	Name: __gads Value: ID=b2e62fed71b874cf:T=1634234728:S=ALNI_MaKLB-mQ40uNqc5v0ytX91wxdTXZw
.doubleclick.net/	1970-01-19 21:57:18	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-20 00:06:50	Name: CMPS Value: 5202
.casalemedia.com/	1970-01-20 06:42:50	Name: CMID Value: YWhxabOmhdBDuKxLat2uzQAA
.adnxs.com/	1970-01-20 00:06:50	Name: uuid2 Value: 2467664192839485256
.casalemedia.com/	1970-01-20 00:06:50	Name: CMPRO Value: 1153
.casalemedia.com/	1970-01-20 06:42:50	Name: CMRUM3 Value: 2d616871692760CAESEI1aCdlrfJ7sVFcrX7J4dBk
.adnxs.com/	1970-01-20 00:06:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?fpn%8@!]tbPl1M>e)ZlrFUfJ+tGXxo][1jvsC@-ovCFF8oBAfoTHf:fJYZT(G%gT?bpRzqF1`b_g3*1(!%
.myvisualiq.net/	1970-01-20 15:28:26	Name: tuuid Value: 7a7c5c15-aef8-4309-9766-560005e20104
.myvisualiq.net/	1970-01-20 15:28:26	Name: c Value: 1634234729
.myvisualiq.net/	1970-01-20 15:28:26	Name: tuuid_lu Value: 1634234729
.tapad.com/	1970-01-19 23:23:38	Name: TapAd_TS Value: 1634234729718
.tapad.com/	1970-01-19 23:23:38	Name: TapAd_DID Value: aea50768-3c1b-4778-9dc6-ed1b440cb393
.1rx.io/	1970-01-20 06:42:50	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a898ea19-5848-480c-b90f-4245fd88683f-003%22%7D
.quantserve.com/	1970-01-20 00:06:50	Name: d Value: EAEBCQG9JIEA
.quantserve.com/	1970-01-20 07:27:29	Name: mc Value: 6168716a-924d5-e1506-2dfbd
.openx.net/	1970-01-20 06:42:50	Name: i Value: 4c6f350b-fde6-43da-9fdb-25c0dd2a5beb\|1634234730
.casalemedia.com/	1970-01-19 21:58:41	Name: CMST Value: YWhxaWFocWoA
.targeting.unrulymedia.com/	1970-01-20 06:42:50	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a898ea19-5848-480c-b90f-4245fd88683f-003%22%7D
.tribalfusion.com/	1970-01-20 00:06:50	Name: ANON_ID Value: adnseFuyTYFBErv6Yb8i4tIt3fUyweRlprZbEZbj1Eko3aZbZcQaZbFrk06On2kfeMq86YgRPbvVg48OLTJJTIxVl

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159(Line 5) Message: Refused to load the script 'https://tpc.googlesyndication.com/sodar/sodar2.js' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js(Line 344) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js(Line 344) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js(Line 344) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211011_RC00/outstream.min.js(Line 344) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1 Message: Refused to execute script from 'https://t.myvisualiq.net/ul_cb/impression_pixel?r=2107110139&et=i&ago=212&ao=546&aca=26380393&si=1781800&ci=158591191&pi=315280620&ad=508136142&advt=4471185&chnl=-7&vndr=115&sz=6586&u=pt=i' because its MIME type ('image/gif') is not executable.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWhxabOmhdBDuKxLat2uzQAABIEAAAAB&google_gid=CAESEFQ5JDHcn238bvKgOdYdOFE&google_cver=1&google_push=AYg5qPLRjVdiYIIpMybJ3__1Pon0SFWPLYxmctBh4lD4hZc2Dzt3GHYPOzU0C2HxQOY0ri89hH5fMKfFGJ0TVBqp850KwDOQA6k Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

50f4e269ddaed71aaacef16cf94d553a.safeframe.googlesyndication.com
8d57cd417e86e2965e8f7ca1965c90d6.safeframe.googlesyndication.com
8f9e26d6bbe204162579f69ba3a7afce.safeframe.googlesyndication.com
a.tribalfusion.com
ade.googlesyndication.com
adservice.google.com
aj2414.online
api.purpleads.io
b704d022b263c5ae5ffa21626a578ea8.safeframe.googlesyndication.com
bid.g.doubleclick.net
c7de854410e3439c3ee2ad4ec8eb918b.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.purpleads.io
clickcafe.in
cm.g.doubleclick.net
cms.quantserve.com
csi.gstatic.com
d2cad23a4e746585f04cfc65850a5e0e.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
earnme.club
eb308841872832b4812febc383533f8d.safeframe.googlesyndication.com
fa5bcbb34d8fcf8989a2a2c0e4a93acc.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
images.outbrainimg.com
imasdk.googleapis.com
link.clickcafe.in
log.outbrainimg.com
match.adsrvr.org
pagead2.googlesyndication.com
pixel.adsafeprotected.com
pixel.rubiconproject.com
player.aniview.com
player.avplayer.com
r1---sn-4g5edns7.c.2mdn.net
r1---sn-4g5ednss.c.2mdn.net
r2---sn-4g5ednse.c.2mdn.net
s.tribalfusion.com
s0.2mdn.net
secure.gravatar.com
securepubads.g.doubleclick.net
serv.modoro360.com
servt.modoro360.com
ssc-cms.33across.com
ssc.33across.com
ssp.adriver.ru
static.adsafeprotected.com
storage.de.cloud.ovh.net
sync.1rx.io
sync.targeting.unrulymedia.com
t.myvisualiq.net
tapestry.tapad.com
tg1.modoro360.com
tpc.googlesyndication.com
unified.adsafeprotected.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
cm.g.doubleclick.net
tpc.googlesyndication.com
104.126.37.155
104.126.37.184
104.18.12.5
104.21.42.166
108.128.225.113
13.248.242.197
13.32.99.54
141.95.4.196
142.250.184.193
142.250.184.234
142.250.185.161
142.250.185.196
142.250.185.227
142.250.185.66
142.250.185.72
142.250.185.98
142.250.186.161
142.250.186.162
142.250.186.166
142.250.186.174
142.250.186.98
142.250.72.99
142.250.74.206
172.217.16.138
172.217.18.98
172.67.143.56
173.194.188.102
173.194.188.39
173.194.188.6
18.233.250.173
18.66.248.69
184.30.25.105
184.30.25.193
185.33.220.243
192.0.73.2
199.80.53.188
213.19.147.44
23.218.208.246
3.125.90.12
34.149.20.76
34.250.155.46
34.98.64.218
35.227.248.159
52.206.167.40
54.160.76.96
64.233.167.154
67.202.105.24
69.173.144.165
70.42.32.127
81.222.128.213
91.228.74.226
0430ff4c28ff3015360240ce23277456d995bf04a91bbcfbabdf1c42427a564e
04fe3f8228adabe346683eb77382e9bb2f93ca0eb6313fc0f6ddf87ae8f3bfe3
07b7aeaa3d85ebc315bf325cefc0f10bb5d307f7494a3e32814e20c7cbc7e173
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847
08515fa69a56955afd30ec29ddc98f4c3a8622caa5d4b0b4be73ad4e4122494a
0906ae990495b37aad25f47e13629d282ec80ff21461ca688902ff0c163b1f18
09ccd1239af4971d32ae7f1220a52e047e569bea7f10aaf7dd2014b637263d16
0b3f31053a8dcaa33f1803fa1150192da86bef77300c95ab8e21a3f1942a9b99
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d
0c64ffb727f16b430dcb84d2ef5cdc376a401d3638cee1fb43cb7f706a4e3976
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
133dda7ed4da3948baf0e876f32b470c8b8dc8d73366d4c81560b612a6611e39
142d085939eff84bb1b7ca0a9707f6f6efc6c9b762fdf6616fce54901ef84663
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
17030c257c351a99a03a598b79399f303bfc3954fc1d674f8ee4b30b00b32803
1733b02e387e9393a6d6cda3f65edc42f42bd4d5f43ca3d36c3c3bbfb5e3c082
198f05b9806c4b25a50aa0dd8040c85f4c58705da82ac51092296c5e72103b8b
19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165
1b18bd58aae8c3a729ced4ef75be3bacc679d526911765299f4b05d1f73702a7
1ccafb20c04338fe13f836484ac9c805fdcdafda38a8c4fc821b8119ee27787b
1db0c5a52f4b6afff48b7539fa61041a99ad04208363b200833d38688a6678dd
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1f56ed761ba8fa2864cc4178d9d0aa6f48f64cb5cd4ed29da0a8366c7c9a14a5
1f67a2117ec739fda23e6088534bc2826f5002e6dc6aa2f5d50ac15b093292df
20aaddfcd175634f6fa953d1da8c2aa312a61b9ff81072f2b7064fc0c0ea35db
21472738e0cce864a814b7e7b6f641bf274f2878e1375f0f691a2061d65f4eff
218bd68f71a6dd4e1465af6d1454cb6c0871724d5d65b23c0434f034a55cee6b
235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908
271bc14db828439b0a59fd25bd65ca448b676b12ead46bb231919abcec106158
29d3ac66cb7823c6a5771bbb0ee77b819f72c251c06f7c9eb5c3000ea9611b32
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391
2c013d3fb73112b051523c0798ab7ec22c3120ffb2742b4c9b45e6ca0fd1f9f7
2c277265caa1ddcb86b6cffbebfd66d8e80309d9cd4291cdc7e5db41c15e3405
2cdc7482af3176d3c41e97a312dcf7e679a5b3b49b32c5ad4642c5b30e1b6017
2ce57bd0fa2624bc5eac3701da8c04e315f177fc440ef4a9f46bb0699f942c34
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
32dc7ca53ff5277a73c4a796535c94908af27d1dd6645fd9b547258e227ae180
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3646fe53fce065a6f2d4460fdad5fddeb78dd1e6b1c77fec519d264138455137
3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63
393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7
3e6a036b5d73ef6d9b8b573ef41dc3c7e65164939600200571ff3da79ca55a72
3fee0e1fb0e879da788a4daf371d6ffdacb4d300b86d199e5042b60858498ebb
41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b
41fca96ec6e235b3dcff4bc97f90e036a6063d578eeec6a8a035f31e3b78eccb
44c03f12c6fb725f6167d96034b701d35de2207963bf511e50d518febae6bd39
483bd7b7240fa6e5d628476a395c6ac71587e0e87de179dda7ce780ce7ec0cea
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be248af2533387777c0841dbe22c2da3d19217cee48ae7c68063ba2966f1d77
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f2abda14bf95d8ef376b680f779482c5dbac38a7a3cf9df25b497a1e0828ec6
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
53b958849a6a7c96426f7d693656c0141a411d57837587435831ffa5d8dfcdc1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
581495852f692996c526d562e12f0e91ff3de9398d604ae8c26344fd0e7ef29b
59616c4308ae547e3b70ba9b6d64292db1a5daf10fa32b8b85bb3a1e18ea1fed
599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964
5aaf69e298b8aa684834cff21cbc0b779eb8c6623dd81743960c8696adb74875
5b1102c76492322b4bc3386084d17417c8c34d2229ef4a3387465aa1b3264424
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5f65104f0574974a4564e90a06d8e76efa8041483b0522a71939072e1fccf4de
67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab
699a06ea55cc549ba44d4715cda02a16c179c9d7e0823ff1d34d9428de96a13c
6b604cbfa423fafdeee03a3123b88204949be062da6f080704c47bc18458c880
6dc933e95d73e716ba13166c6e76001d12b5274cd18801c7c46df9077a4dbbbf
6e476ba4505860e47ad8b78c6ed87b0a467f23dfaaa06825e289164aae77e7ff
74e0705ba9740aea8c7f1f7a8e582ae656c55e1c8d047b212683fadb5e623fa7
7947cc709130cc0cda4f3927d3d4b15f7c437cc8fc4e596e6709fd1ccc189385
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a4569a62133c80d4c36eb1f349bbaf292e323a90e0e4d8030ede845dcd0258f
7d0275f5466da4818361c6d387a2264854a4c5efd927733bc16402f6ba81dfd1
7f569281395ee24379c6e52ec186baa7b95f9e827f519128ff4681efe682f7b2
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
806452f1b480eeeadffcc371cb695fc34d6accba5ebaab95fe8c7b50d8d6061b
820c110e108bda5b52f9dc984d798c7d5af896d583788d1ad3d54339d52dd500
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f08309977cbf8a379c5f163c54fb12b62ef9c5b41718c1f52c1b797ea1a5e6
883c565c8660789549b0caeabf67a9ca7c57463c1c3d222186911c989e1d0175
8bf2c3c3842d050e7342e12dc43dc3549662c9e02ea83d7792d04d534ffad56b
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
909010e84e575b1115fd502bb469fc7a9c655793ca0c1a0bc3be37dfe9b10f29
9562a10bdc04892edb22f709b34db413b692a2116eb6cc789fb7587dea9f8d76
97c1543256668b1db6856a5b09da46bb9c659a97f7f15961614a0465f0da1794
981297c0128fe053fb1b9feb8d6af4c3a4c295239d65b1e559bb5b2dab38c6b2
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9af2a8ce32fd1a1765ee52d154940f56c2388ff1927226dc71570584202d8e60
9ca4765e596c410e733be895b75dba5cb1a4b6b92ce3022b4d6fb68cd03eeb81
9d95be8c77455d049fd9b1b0cf720b8bb3529a03fe60d71687ce2031d6d85c10
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6cabe8c0788cbea07b7fd846ff52d6197e07cae7f409f53e4497b7a18713d99
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a76af243fe9e4d31585af658a45621e5db0a65ac62d3747f307c4b442d949e8a
aa6108b7131709496f832074a6b3aa96493b183a96f576484a59a5878f6af744
ac7b9f46edcec0a88c11c18bf0a08879953bfd042486c0a2a7c58426df25088c
af7e40dfa1546d4357ecc537451ed7e486826423640d19f8c2bd1f0f25b56df6
b019f959e30272e1458f57c8cf192fb7f4cc221154b274948c2ac2158b4d43ab
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd
b3788bb602d752bf7bed3d0342490f06f600764d9a461226aa6737ffb9209392
b61a9245e1e83ccc28c93d9c1834bb204262aaeda86d519606259d3a15d68385
b9a894e4b69451ad2d50899ce9ccb489cb9bd87af0c35c1e3f615e776b924e23
ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc506f4274ef8991a6310a3f08e9f050e3ea16267ef8ddd56cdea636caf8832e
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c8da252e9894aed11df11b015087a9d10526abbebb5ed8c61831cf2b7aae475a
c95c768fb5daacaa981ee1b7e3002c3cc4e10388673a7a11a82574b85e4305a9
cb842e61690ec5fcd0121a12540c5d71ecf9694e0fa9b526df1ed22048d435ba
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d09fae1abdf97e7061702073d5b863236868e425ebb7dc2571a4ee30fd206eab
d2207aa81a9bceb80bcaea2d0d98f49fd24e35ed34c276ffecfe497e42ef1036
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584
d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29
d5aea6792c807cf687f4c33074139aabbafb9af1d0b61e6b41dbe7cae8a64d7a
d7a0d3463205d1d17297ee1e6e49c633fce6a99b5afce9a8bda3195339540eea
d8d7e3df2dba59564c5d687ba6f4fef8e103834b2717488d0d951da3a2af9f93
d9c76f6ed88ff93ed4dd98bb470288147e34ee19146803a42b460f7d681dbb01
da7d583f2d6c7cbaa8adde489471182e6c62e894171d9d9bc14e826dbf831e40
dae3d6f03ddfaa29b7032682e2b4839b60a3bc0084de91d87edb01dce1083198
dec9054a94349bf2b2ad6e46ae3eb0032eac23c5517bf147799abea3b41be9ee
e08ada5e7630ee2870834114070d93ba7532bac5dda2b1e49c995fc96a947616
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45fe08e6ffd0f8f113b68cc5c408e70bb5e0c85e9e9bf6d6168bf332e836d1c
e4e84a66dc8716879937866fd96fb9436ed5bee473bebce28bd2b212394c4387
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8bfc0838d1127cefbfcbcf7a0e541c205217353c5be64b55f61a180e7641292
e929b883c321b329d2c87699b04e2185c0d25cfc6ac80a2e3226d62fd130c84f
ea71eb8aafa4dbdb3db16ae597758727ad48d0b0795b1baaf71c7f973d2a1784
ebe4aa3b3e1e7ce80c31a7e465a69f914d4a1c5329e2d8071e93a82d17bfc7ca
ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01616ffb4bd4c2da042673a3ab2b8407bc40c9246cb31d6ea9d1897a5b36fd7
f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909
f473b7497ac9e479b025c12adb9dd4eb09b5224be1bb1fb8e43ff1286c3f11de
f956a57cdb3f16c4e83c513b7d72bbfa49db02226b832acc98428bd7fd5744e5
fb20da3761f50927006a6f6303ae6fceec0b3cb5f4c532ba5845bcd5392112d8
fc78e4c9ac41f9199b33c83695bf5e5ef4c526dc9fc74bdfda18261cea15abbd
fce532bfb1fbfba01843965e730862e7ab9caf2c796010668b7b66bdf3e5bad1
ff57c745ef1ac11af00ef52a114793466a53b0c9c33f2de31c1102e39b0b1cff

earnme.club Open in urlscan Pro 104.21.42.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

348 Requests

99 %HTTPS

0 %IPv6

34 Domains

64 Subdomains

45 IPs

8 Countries

10212 kBTransfer

17095 kBSize

26 Cookies

5 Outgoing links

Page URL History

Redirected requests

348 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

earnme.club Open in urlscan Pro
104.21.42.166 Public Scan

Screenshot
Live screenshot

Full Image

348
Requests

99 %
HTTPS

0 %
IPv6

34
Domains

64
Subdomains

45
IPs

8
Countries

10212 kB
Transfer

17095 kB
Size

26
Cookies

348 HTTP transactions
10 data transactions