www2.kusports.com Open in urlscan Pro
208.91.60.6 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Ove...
Submission: On January 15 via api (January 15th 2022, 4:38:41 pm UTC) from CZ — Scanned from DE

Summary HTTP 441 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 71 IPs in 11 countries across 70 domains to perform 441 HTTP transactions. The main IP is 208.91.60.6, located in United States and belongs to NSIHOSTING-EQX-VA, US. The main domain is www2.kusports.com. The Cisco Umbrella rank of the primary domain is 481165.

This is the only time www2.kusports.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	208.91.60.6 208.91.60.6	14244 (NSIHOSTIN...) (NSIHOSTING-EQX-VA)
89	208.91.60.7 208.91.60.7	14244 (NSIHOSTIN...) (NSIHOSTING-EQX-VA)
3	2a00:1450:401... 2a00:1450:4019:80b::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	178.79.242.181 178.79.242.181	22822 (LLNW) (LLNW)
1 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	52.216.89.236 52.216.89.236	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	35.190.90.202 35.190.90.202	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
1 3	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
49	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
1 3	13.35.253.75 13.35.253.75	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 11	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
7	2600:9000:223... 2600:9000:223e:6800:13:a391:88c0:21	16509 (AMAZON-02) (AMAZON-02)
40	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:224... 2600:9000:224a:6400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:303... 2606:4700:3030::6815:251b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.171.15.192 54.171.15.192	16509 (AMAZON-02) (AMAZON-02)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
3	104.90.104.248 104.90.104.248	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	34.249.68.36 34.249.68.36	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:9000:231... 2600:9000:2315:4600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	116.202.46.88 116.202.46.88	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
46	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	35.201.98.64 35.201.98.64	15169 (GOOGLE) (GOOGLE)
7	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:303... 2606:4700:3039::6815:c034	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	84.200.5.215 84.200.5.215	31400 (ACCELERAT...) (ACCELERATED-IT)
1	46.4.62.19 46.4.62.19	24940 (HETZNER-AS) (HETZNER-AS)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 19	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	104.89.30.126 104.89.30.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.86.139.94 185.86.139.94	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3 5	184.87.213.8 184.87.213.8	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	185.33.223.38 185.33.223.38	29990 (ASN-APPNEX) (ASN-APPNEX)
8	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
1 4	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2 2	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	5.1.80.163 5.1.80.163	205948 (CREOLINE-AS) (CREOLINE-AS)
4	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
2 4	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2	104.92.94.3 104.92.94.3	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	81.222.128.215 81.222.128.215	20597 (ELTEL-AS) (ELTEL-AS)
2 2	64.74.236.223 64.74.236.223	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	2604:9e00:1:1... 2604:9e00:1:129::2:a01	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	37.157.4.40 37.157.4.40	198622 (ADFORM) (ADFORM)
2	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	2600:9000:215... 2600:9000:2156:8e00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	217.66.147.165 217.66.147.165	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
1 1	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	18.66.248.117 18.66.248.117	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:231... 2600:9000:2315:7a00:15:90db:9f40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:231... 2600:9000:2315:5000:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	100.24.193.39 100.24.193.39	14618 (AMAZON-AES) (AMAZON-AES)
2 6	2600:9000:225... 2600:9000:225e:9800:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
6 9	54.228.17.128 54.228.17.128	16509 (AMAZON-02) (AMAZON-02)
4	3.248.87.88 3.248.87.88	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	18.198.122.33 18.198.122.33	16509 (AMAZON-02) (AMAZON-02)
441	71

3 208.91.60.6 (United States) 1 redirects

ASN14244 (NSIHOSTING-EQX-VA, US)
PTR: ellingtoncms.com

www2.kusports.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

89 208.91.60.7 (United States)

ASN14244 (NSIHOSTING-EQX-VA, US)

worldonline.media.clients.ellingtoncms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4019:80b::200e (Ireland)

ASN15169 (GOOGLE, US)

maps.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn.includemodal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.242.181 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-181.fra.llnw.net

cdn01.basis.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.89.236 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ogden_images.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.202 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 202.90.190.35.bc.googleusercontent.com

quizzicalzephyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.253.75 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-75.fra6.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:223e:6800:13:a391:88c0:21 (United States)

ASN16509 (AMAZON-02, US)

d3plfjw9uod7ab.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:6400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::6815:251b (United States)

ASN13335 (CLOUDFLARENET, US)

analyticssystems.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.15.192 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-15-192.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.90.104.248 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-104-248.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.68.36 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2315:4600:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 116.202.46.88 (Grunwald, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88.46.202.116.clients.your-server.de

servedbyadbutler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:3175:5196:e3fd:8c1d (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.98.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.98.201.35.bc.googleusercontent.com

butterbulb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-ads.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c034 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.200.5.215 (Germany) 2 redirects

ASN31400 (ACCELERATED-IT, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.4.62.19 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads4.sunbonet.de

partner.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.185.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.30.126 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-30-126.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.94 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.87.213.8 (Milan, Italy) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-213-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.223.38 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 78.46.90.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.117 (Hockenheim, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

hal90003.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 94.130.102.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal900012.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Mannheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:102::1 (Switzerland) 2 redirects

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.1.80.163 (Germany)

ASN205948 (CREOLINE-AS, DE)
PTR: s17177.creolineserver.com

adv-srv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.94.3 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-94-3.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.222.128.215 (Russian Federation) 1 redirects

ASN20597 (ELTEL-AS, RU)
PTR: ad15.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.74.236.223 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2604:9e00:1:129::2:a01 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.torchad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.40 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:8e00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.66.147.165 (St Petersburg, Russian Federation) 2 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-165-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.87.44.187 (Moscow, Russian Federation) 1 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.248.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-117.dus51.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:7a00:15:90db:9f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

a.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:5000:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.24.193.39 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-193-39.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:225e:9800:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.228.17.128 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-17-128.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.248.87.88 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-87-88.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.122.33 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-122-33.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
102	googlesyndication.com 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 127 83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com 79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com 0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 94 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com	468 KB
89	ellingtoncms.com worldonline.media.clients.ellingtoncms.com — Cisco Umbrella Rank: 476497	1 MB
80	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 175 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 169 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 185469	1 MB
23	google.com 1 redirects maps.google.com — Cisco Umbrella Rank: 1725 adservice.google.com — Cisco Umbrella Rank: 69 www.google.com — Cisco Umbrella Rank: 8	178 KB
17	redintelligence.net 2 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 27409 hal90003.redintelligence.net — Cisco Umbrella Rank: 195671 hal900012.redintelligence.net — Cisco Umbrella Rank: 185366	120 KB
16	adroll.com 8 redirects a.adroll.com — Cisco Umbrella Rank: 115792 s.adroll.com — Cisco Umbrella Rank: 2208 d.adroll.com — Cisco Umbrella Rank: 1320	25 KB
15	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 151	536 KB
8	openx.net us-ads.openx.net — Cisco Umbrella Rank: 341217 rtb.openx.net — Cisco Umbrella Rank: 1154 us-u.openx.net — Cisco Umbrella Rank: 316	37 KB
7	analyticssystems.net analyticssystems.net — Cisco Umbrella Rank: 8550	3 KB
7	cloudfront.net d3plfjw9uod7ab.cloudfront.net	195 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 18477 api.webgains.io — Cisco Umbrella Rank: 52909	102 KB
6	google.de www.google.de — Cisco Umbrella Rank: 6151 adservice.google.de — Cisco Umbrella Rank: 8579	1 KB
5	medialead.de 5 redirects pv.medialead.de — Cisco Umbrella Rank: 42689 medialead.de — Cisco Umbrella Rank: 41904	4 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	5 KB
4	webgains.com track.webgains.com — Cisco Umbrella Rank: 41628	4 KB
4	office-partner.de 2 redirects adv.office-partner.de — Cisco Umbrella Rank: 179182 adv-srv.office-partner.de — Cisco Umbrella Rank: 188426	2 KB
4	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	4 KB
3	mts.ru 3 redirects sm.rtb.mts.ru — Cisco Umbrella Rank: 35454 tech.rtb.mts.ru — Cisco Umbrella Rank: 33839	2 KB
3	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 249 ads.yahoo.com — Cisco Umbrella Rank: 722	1 KB
3	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 245	90 KB
3	teads.tv sync.teads.tv — Cisco Umbrella Rank: 750	516 B
3	quantserve.com 1 redirects edge.quantserve.com — Cisco Umbrella Rank: 10887 pixel.quantserve.com — Cisco Umbrella Rank: 380	11 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 124	2 KB
3	sitescout.com 1 redirects pixel.sitescout.com — Cisco Umbrella Rank: 2742	3 KB
3	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 334 fonts.googleapis.com — Cisco Umbrella Rank: 37	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	101 KB
3	kusports.com 1 redirects www2.kusports.com — Cisco Umbrella Rank: 481165	48 KB
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 254	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 524	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 533	1 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 12936	1 KB
2	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 55305	624 B
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 41136	831 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 531	1 KB
2	butterbulb.com butterbulb.com — Cisco Umbrella Rank: 208146	685 B
2	servedbyadbutler.com servedbyadbutler.com — Cisco Umbrella Rank: 13444	11 KB
2	quantcount.com 1 redirects rules.quantcount.com — Cisco Umbrella Rank: 822	864 B
2	crwdcntrl.net 1 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 538	1 KB
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 369	899 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 184	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 88	386 B
2	google.co.uk adservice.google.co.uk — Cisco Umbrella Rank: 5259	660 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
2	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 847	159 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	113 KB
2	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 602	509 B
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 960	294 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1071	14 KB
1	e-volution.ai rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 4261	233 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 671	439 B
1	adkernel.com dsp.adkernel.com — Cisco Umbrella Rank: 3230	233 B
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 2538	1 KB
1	torchad.com rtb2-useast.torchad.com — Cisco Umbrella Rank: 16444	233 B
1	adriver.ru 1 redirects ssp.adriver.ru — Cisco Umbrella Rank: 12534	340 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2508	173 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1138	75 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1533	1 KB
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 832	474 B
1	blau.de partner.blau.de — Cisco Umbrella Rank: 62581	1 KB
1	lead-alliance.net 1 redirects www.lead-alliance.net — Cisco Umbrella Rank: 47656	600 B
1	telefonica-partner.de 1 redirects www.telefonica-partner.de — Cisco Umbrella Rank: 51206	243 B
1	ad4m.at 1 redirects as.ad4m.at — Cisco Umbrella Rank: 1893	817 B
1	exelator.com loadm.exelator.com — Cisco Umbrella Rank: 798	324 B
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 526	482 B
1	quizzicalzephyr.com quizzicalzephyr.com — Cisco Umbrella Rank: 494008	26 KB
1	amazonaws.com ogden_images.s3.amazonaws.com	36 KB
1	basis.net cdn01.basis.net — Cisco Umbrella Rank: 6707	1 KB
1	includemodal.com cdn.includemodal.com — Cisco Umbrella Rank: 22017	34 KB
0	netmng.com Failed google2waycm.netmng.com Failed
0	adfrontiers.com Failed media.adfrontiers.com Failed
441	70

	Domain	Requested by
89	worldonline.media.clients.ellingtoncms.com	www2.kusports.com worldonline.media.clients.ellingtoncms.com
49	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com www2.kusports.com
46	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www2.kusports.com tpc.googlesyndication.com 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
40	tpc.googlesyndication.com	3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com www2.kusports.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com googleads.g.doubleclick.net
19	cm.g.doubleclick.net	6 redirects www2.kusports.com 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com googleads.g.doubleclick.net bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
15	www.googletagservices.com	www2.kusports.com 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com securepubads.g.doubleclick.net 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
11	www.google.com	1 redirects www2.kusports.com tpc.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
9	d.adroll.com	6 redirects a.adroll.com
9	adservice.google.com	securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
8	hal9000.redintelligence.net	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com hal900012.redintelligence.net hal90003.redintelligence.net
7	googleads.g.doubleclick.net	www2.kusports.com 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
7	analyticssystems.net	3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com www2.kusports.com
7	d3plfjw9uod7ab.cloudfront.net	3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com securepubads.g.doubleclick.net
7	3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	s.adroll.com	2 redirects a.adroll.com
5	hal90003.redintelligence.net	1 redirects 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com hal90003.redintelligence.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
4	api.webgains.io	analytics.webgains.io
4	8019191.fls.doubleclick.net	2 redirects www2.kusports.com
4	track.webgains.com	www2.kusports.com bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
4	pv.medialead.de	4 redirects
4	hal900012.redintelligence.net	1 redirects bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com hal900012.redintelligence.net
4	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
4	us-ads.openx.net	securepubads.g.doubleclick.net us-ads.openx.net
3	us-u.openx.net	googleads.g.doubleclick.net
3	s0.2mdn.net	1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
3	sync.teads.tv	www2.kusports.com googleads.g.doubleclick.net
3	sb.scorecardresearch.com	1 redirects cdn.taboola.com www2.kusports.com
3	pixel.sitescout.com	1 redirects www2.kusports.com
3	www.googletagmanager.com	www2.kusports.com adv-srv.office-partner.de
3	maps.google.com	www2.kusports.com maps.google.com
3	www2.kusports.com	1 redirects www2.kusports.com
2	x.bidswitch.net	1 redirects
2	analytics.webgains.io	track.webgains.com
2	fonts.googleapis.com	hal900012.redintelligence.net hal90003.redintelligence.net
2	sm.rtb.mts.ru	2 redirects
2	c1.adform.net	2 redirects
2	b1sync.zemanta.com	2 redirects
2	www.awin1.com	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
2	ad-server.eu	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
2	adv-srv.office-partner.de	hal900012.redintelligence.net hal90003.redintelligence.net
2	adv.office-partner.de	2 redirects
2	pb.media01.eu	hal900012.redintelligence.net hal90003.redintelligence.net
2	ups.analytics.yahoo.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	butterbulb.com	quizzicalzephyr.com
2	pixel.quantserve.com	1 redirects www2.kusports.com
2	servedbyadbutler.com	3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com servedbyadbutler.com
2	rules.quantcount.com	1 redirects www2.kusports.com
2	bcp.crwdcntrl.net	1 redirects www2.kusports.com
2	pixel.tapad.com	1 redirects www2.kusports.com
2	dpm.demdex.net	1 redirects www2.kusports.com
2	www.facebook.com	www2.kusports.com
2	adservice.google.co.uk	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdn.taboola.com	www2.kusports.com cdn.taboola.com
2	connect.facebook.net	www2.kusports.com connect.facebook.net
2	insight.adsrvr.org	1 redirects www2.kusports.com
1	ads.yahoo.com
1	ping.chartbeat.net
1	static.chartbeat.com	www2.kusports.com
1	a.adroll.com	www2.kusports.com
1	tech.rtb.mts.ru	1 redirects
1	rtb2-useast.e-volution.ai	1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
1	s.ad.smaato.net	1 redirects
1	dsp.adkernel.com	1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
1	a.rfihub.com	1 redirects
1	rtb2-useast.torchad.com	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
1	ssp.adriver.ru	1 redirects
1	tr.blismedia.com	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
1	medialead.de	1 redirects
1	ssbsync.smartadserver.com	1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
1	cs.media.net	1 redirects
1	sync.go.sonobi.com	1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
1	rtb.openx.net	1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
1	partner.blau.de	www2.kusports.com
1	www.lead-alliance.net	1 redirects
1	www.telefonica-partner.de	1 redirects
1	as.ad4m.at	1 redirects
1	0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	loadm.exelator.com	www2.kusports.com
1	static.adsafeprotected.com	www2.kusports.com
1	edge.quantserve.com	www2.kusports.com
1	www.google.de	www2.kusports.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	quizzicalzephyr.com	www2.kusports.com
1	maps.googleapis.com	maps.google.com
1	ogden_images.s3.amazonaws.com	www2.kusports.com
1	cdn01.basis.net	www2.kusports.com
1	cdn.includemodal.com	www2.kusports.com
0	google2waycm.netmng.com Failed	bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
0	media.adfrontiers.com Failed	www2.kusports.com
441	98

This site contains links to these domains. Also see Links.

Domain
www.meritrustcu.org
seatgeek.com
shop.ljworld.com
ljworld.com
boards.kusports.com
www.facebook.com
twitter.com
www2.ljworld.com
geo.itunes.apple.com
play.google.com
www.kuathletics.com
www.kualumni.org
rn12.ultipro.com

Subject Issuer	Validity	Valid
cdn01.basis.net GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-06-14` - `2022-06-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
quizzicalzephyr.com R3	`2021-12-17` - `2022-03-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-24` - `2022-01-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.analyticssystems.net R3	`2021-12-08` - `2022-03-08`	3 months	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
servedbyadbutler.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-11` - `2023-01-11`	a year	crt.sh
butterbulb.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.google.co.uk GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
redintelligence.net R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
adv-srv.office-partner.de R3	`2022-01-04` - `2022-04-04`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-12-23` - `2022-03-23`	3 months	crt.sh
*.torchad.com AlphaSSL CA - SHA256 - G2	`2021-09-20` - `2022-10-22`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G2	`2021-12-30` - `2023-01-31`	a year	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2021-09-13` - `2022-10-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
s.adroll.com Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2021-09-09` - `2022-10-08`	a year	crt.sh

This page contains 52 frames:

Primary Page: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Frame ID: 0CB10CB4DAE66BC30FE57FC47912F468
Requests: 152 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EC3803426F507BDFDC0191B0DBD796FE
Requests: 1 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 136539DDC4C7DCB7FE6C2518079C9B04
Requests: 17 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5A1052A0DAD689152DD3866B93F07556
Requests: 18 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 95232F12B4A835688AE23AB36BA90B88
Requests: 6 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D14A3262441A09DCFD0D773246FA5C6E
Requests: 17 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D71B44A5CC1E7DB29B447554C6B561E4
Requests: 11 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D5D4AFDE2675436DFDA15FEA85827DF6
Requests: 18 HTTP requests in this frame

Frame: https://83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 319EE2FB8AAC8226BB306B31DA4699A9
Requests: 1 HTTP requests in this frame

Frame: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 847025D523920C09CB438EA11E032D81
Requests: 17 HTTP requests in this frame

Frame: https://79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2AACD68BB95B1CE226C8278C2F31BB5F
Requests: 1 HTTP requests in this frame

Frame: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Frame ID: 157E44522BDFBA458C5CD295150DDD13
Requests: 16 HTTP requests in this frame

Frame: https://0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4667562B3578216EAA231FD985604EBD
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEz3x4m_SUeXWTfuGepJejdI5JwoXgCss_15IqT5OfCh2LYgEz-Yb1LMWIMqfQ-5OtpkeK7fFod01X98rppr_yDIj1JcEtIaJuXUVNydZL4Pyg8uS0B85TjOMIcaFMbUWpYlE0saiMoZlL4SP24Cy1ZUNwylhPHViuuavorL0lpqeZ1VMQVbyM_uX0uvND05qDSZHxTu67U37lbegQJUoqa6CdPDqPvz2j7CDdruCyWCFUaQFQWWPTviR7VYpCOmZpNkOKZHC92cxUkwaOUcSBpatenBHJ2eOo6Hu55VJmVMWIYOvSOChn7pUYFYvhcTg0yAaEmq4V250mv3V0ACZzEyNPWZkC6Q&sig=Cg0ArKJSzGkwzTjjqWUkEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: EEF2C4A305B3120A885A74F5826931EE
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurLZUUovYnKM2M4CSqNMZr7PjqR0CIoTOOViJf98JDzMmfaVnmo-I89K4FtWqAoRPUvJOnKRZRxSHQoTsIbbnM26S-sHngBLju4p7ErvVA9SeuSEgYahFJjJbWljcRfwh2KLtTZ6eww399OXMd2YCDID-T6-gvdhX9idDHzBMRVZaX4Lmz64D_NlVxZ16SmQ9aPAIL-V-_3nLTrcB54O5JmaerPrnIBhPe1qoHNRQBOD-C2MHPUZWcxme8lfUBH7v67fNxz9fBiVKisaHsiau7bb5URVuQXUlHHFB5JDjLngT_-u5sxyxBIkrLdgsv_bSjQQm_dtvOBYNNLDNQxEFNz8XUHjhGJA&sig=Cg0ArKJSzGa9rWeEXVYqEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: ADFB54ABF4E85E19FA21AFB36B8ABE55
Requests: 6 HTTP requests in this frame

Frame: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 06DAF33AF7130A200CB26B26E9505D4B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3A70F2FC230BED7A520FC09EAEB2B4AF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 363E34B8C8F5596FBC2B00C486B02725
Requests: 2 HTTP requests in this frame

Frame: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 0DD65DCA3E786EAC44799170C58498F7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BFD536FA684FC53D888743605DD2C4D2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1BCE0AF26754FF555E405ADC794A70C1
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudOY5uhWa26BqGtHqiPf7blFAmxa9xDVCCocFxn5JUwUK4VBWnHLb-WMkipyl0yTbrM1lOctnXSdy3CM_fcr7v4FCAR31_HgnzhDW6dhU2gXjFEsDj4wpotjyq8SPmUzlysYDa9bGhZvy3WOGO9rqIatGEMmZX6SbdgonvB0p4QexupTHH-P56xEo5iYQIzu5FibWsXopq93D62Y-WDhBDbcbK6xoNDpa6tY6AxGH_MGnYSWw7QdmMGhkn_OFMXhuTyYD3pGndmidi4bbCUEb7fwOvBOrzcJcr_IHlx6oAsWR_rZLlbcAjRILXSY34gWAwc1Cd9gfjp6SqV-8lsOu3POB8dVy3cg&sig=Cg0ArKJSzMx0Gv91NnP6EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 4460ECEE5757213F783EB33D5B286D81
Requests: 6 HTTP requests in this frame

Frame: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 5B5E9C722662585E9DCBC03976268156
Requests: 1 HTTP requests in this frame

Frame: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: C6315349A0C9DE267DAE53D015C73B8B
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 01EA17B183257383CB8C19D84C4F69B9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4B0426B3C0DA935FA77FBF134AE534F9
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EFB82AAC327D9D75899FB48FD7553E0F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E0359E3DE3134633D7DD86688504D248
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 27CA67A259994CD0927D0B452E46180E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EEBA05EA4E17EABBD95BAC52DEED6526
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 763F8A4BEAA881579018D461285DF54F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6E55101588DE4139AA2FE7AB06929B36
Requests: 2 HTTP requests in this frame

Frame: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: C7DD68AEEA29E979B4CB9BAD1434EBCB
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 55E1FC854D292D462D3F2448317B28D8
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DB705E9236A13CC350C4D7C3239B194C
Requests: 9 HTTP requests in this frame

Frame: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: CF0B32DD5E215E4B5D788B22696B75D8
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNUSZCgR9BP3HuPI5B13rY-ymqbQrPQoyL3gB60yI92k1r6OVlcgNlNrn4JieDF4aPepK-m_LCGn_V2LM3EEeCFIoPEIqULJqPQFr5qgUP8Lcfg_MQJJrtvA0CdSI_j-L7XvH_k5ArSajINch3GM4AQh0K1ebYMn5lgRHcTtU_EP9cFfftrxafU_ESVLeiu26FN6DHHU34Zu52ITIIiY0x7vycgAZA
Frame ID: 76FEA79D006679ED50F902D087A64C6D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW7gvMtnDwm8U-SQauTS6jo8qIDLjCR1JgoBN6E2Bqna87a0pdiFdqiCrvUcGP0j3hjNb2_B4Ar5Ims61_ocShTggHRyrEGiMKFK_E7tufPw53Xxq6eNDNzmzORUxN9Bbnp6CJTwB85Y_6MHqLWp3io6GlqGvVvPdYi2Wf82PlXzvhyTZ-7-LdiV6YRqU1gUNcz4-BmUBf2UbZI4DN6bLQBSaT9uQ
Frame ID: 063933A4C460742EDB4A14F354838D2C
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 45F6678EF7B2AC8F7466770EE82B3A99
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 68FDA1C6E7528BE2EF538686E4EBC5C8
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=67535100169813100710612011840012&actionid=731824&produktid=businessgiro&dt_url=
Frame ID: A3DEC0B908D99FA30B9311C6D619ED5C
Requests: 1 HTTP requests in this frame

Frame: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 79DBB5CA9CF29EA8839C4B1EA843156B
Requests: 2 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658
Frame ID: B930F946E6AD66565298F157CAD9ACB4
Requests: 2 HTTP requests in this frame

Frame: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
Frame ID: 2866F3F2771F58816C44B4EB79B7A398
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CC8B3292DF63DFA181E3B581DD706AA2
Requests: 9 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=90002500173821700710612011840003&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 01F803BFF448BCF2B711810C8C1151F0
Requests: 1 HTTP requests in this frame

Frame: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E223ABBFC03CD543E38363EC9F013981
Requests: 2 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353
Frame ID: ADF9CABE54B40BA8820772B3606EB6E1
Requests: 2 HTTP requests in this frame

Frame: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Frame ID: 5BE250BCD013B6B4DBCF300FD684D4C4
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6832D78DAE7952C2E29B1583C22F4BEF
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B8D6356F47CCDCBE42D722C979911835
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F4AB9602088DC6383A7B1D73A171D199
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

"xe2x9dx84xe2xa1xbfxe2xa1xb9 Buy Hydroxychloroquine Over the Counter: xf0x9fxa4xa9 www.HealsPills.store xf0x9fxa4xa9 Uses, Dosage xe2xa1xb9xe2xa1xbfxe2x9dx84Buy Hydroxychloroquine Sulfate Buy Hydroxychloroquine" | Search | KUsports.com

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

441
Requests

65 %
HTTPS

36 %
IPv6

70
Domains

98
Subdomains

71
IPs

11
Countries

4882 kB
Transfer

11400 kB
Size

73
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.meritrustcu.org/home/personal/checking?utm_campaign=debit_cards_red&utm_source=LJW_digital&utm_medium=paid//
Title: Sponsored by:

Search URL Search Domain Scan URL

URL: https://www.meritrustcu.org/home/personal/checking?utm_campaign=debit_cards_red&utm_source=LJW_digital&utm_medium=paid/

Search URL Search Domain Scan URL

URL: https://seatgeek.com/kansas-jayhawks-basketball-tickets?aid=12341
Title: Tickets

Search URL Search Domain Scan URL

URL: https://shop.ljworld.com/
Title: Shop

Search URL Search Domain Scan URL

URL: http://ljworld.com/
Title: LJWorld

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/
Title: Message boards

Search URL Search Domain Scan URL

URL: https://www.facebook.com/KUsportsdotcom/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/kusports/
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www2.ljworld.com/news/champions2008/
Title: Self-made Champions

Search URL Search Domain Scan URL

URL: https://geo.itunes.apple.com/us/app/kusports.com/id389444893?mt=8
Title: iPhone App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.whiz.kusports
Title: Android App

Search URL Search Domain Scan URL

URL: http://www.kuathletics.com/staff.aspx
Title: KAI directory

Search URL Search Domain Scan URL

URL: http://www.kualumni.org/chapters/watchsites/
Title: KU Alumni Assoc. Watch Party Sites

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/ubb/postlist.php?Cat=&Board=football
Title: Message Boards

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/ubb/postlist.php?Cat=&Board=basketball
Title: Message Boards

Search URL Search Domain Scan URL

URL: https://rn12.ultipro.com/WOR1007/JobBoard/ListJobs.aspx?__vt=ExtCan
Title: Jobs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

http://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3 HTTP 301
https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3

Request Chain 44

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200?63053ce3c12ccdabb07c8a8609241a2395705911 HTTP 302
http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

Request Chain 93

http://connect.facebook.net/en_US/fbevents.js HTTP 307
https://connect.facebook.net/en_US/fbevents.js

Request Chain 95

https://pixel.sitescout.com/up/6fae6b69d349c48f?cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine HTTP 302
https://pixel.sitescout.com/up/6fae6b69d349c48f?cookieQ=1&cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine

Request Chain 122

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1642264713130&ns_c=UTF-8&cv=3.5&c8=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.store%20xf0x9fxa4xa9%20Uses%2C%20Dosage%20xe2xa1xb9xe2xa1xbfxe2x9dx84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264713130&ns_c=UTF-8&cv=3.5&c8=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.store%20xf0x9fxa4xa9%20Uses%2C%20Dosage%20xe2xa1xb9xe2xa1xbfxe2x9dx84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=

Request Chain 156

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=

Request Chain 157

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2499&partner_device_id=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858

Request Chain 160

https://bcp.crwdcntrl.net/map/c=1389/tp=STSC/tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=1389/tp=STSC/tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858

Request Chain 163

http://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js HTTP 301
https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js

Request Chain 191

http://pixel.quantserve.com/pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1748328209-1642264713626;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264713626;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus HTTP 301
https://pixel.quantserve.com/pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1748328209-1642264713626;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264713626;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus

Request Chain 295

https://as.ad4m.at/ad/tai?a=158504&b=3&c=3&d=1&e=775&f=&g=dbmnat_Pros_Allnet&gdpr=&gdpr_consent=&gdpr_pd= HTTP 307
https://www.telefonica-partner.de/tpv.php?t=117667V1225131106M&subid=viewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=117667V1225131106M&subid=viewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117667&s_id=2022011517383462167447795X117667V1225131106MSviewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet

Request Chain 325

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDcksAsgEjqi0kay7NYkhPU&google_cver=1&google_push=AYg5qPIzPe1plv9gjfhghefeBdn-taPyAoCX8Z1DC7myAR8xpAlWSV8fDq3GgvR2uQuk6Rii7rknhkkLVzDHb-RClL7xsXnZBV2l HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDcksAsgEjqi0kay7NYkhPU&google_cver=1&google_push=AYg5qPIzPe1plv9gjfhghefeBdn-taPyAoCX8Z1DC7myAR8xpAlWSV8fDq3GgvR2uQuk6Rii7rknhkkLVzDHb-RClL7xsXnZBV2l&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vRgHOMhET82baGNB3qhitw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIzPe1plv9gjfhghefeBdn-taPyAoCX8Z1DC7myAR8xpAlWSV8fDq3GgvR2uQuk6Rii7rknhkkLVzDHb-RClL7xsXnZBV2l

Request Chain 327

https://match.360yield.com/match/ebda?google_gid=CAESEEvoQKRPyCTVnsPRzju3pLc&google_cver=1&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEvoQKRPyCTVnsPRzju3pLc&google_cver=1&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J

Request Chain 328

https://cs.media.net/cksync?type=g&google_gid=CAESEP9foxjwveKLapAzxlQVkVE&google_cver=1&google_push=AYg5qPJRujDvGQZmzljKTZgLkM1uuZ9P7Iu1F9wgQNZhe43hT4oP5gpra3npKgcBiepVSPFkoQyEaGGSG0_rjpZ-Fz2U1AKqidpu HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJRujDvGQZmzljKTZgLkM1uuZ9P7Iu1F9wgQNZhe43hT4oP5gpra3npKgcBiepVSPFkoQyEaGGSG0_rjpZ-Fz2U1AKqidpu&gdpr=&gdpr_consent=

Request Chain 330

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGO31ak9f9XEobcOnigzODk&google_cver=1&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_808I4tDJncxCcrAcongTvRDH5EOg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGO31ak9f9XEobcOnigzODk&google_cver=1&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_808I4tDJncxCcrAcongTvRDH5EOg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS10b0RTTUlwRTJ1R2FlM0dOUW9qTDU3NlJoaVFHV3Z2RH5B&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_808I4tDJncxCcrAcongTvRDH5EOg

Request Chain 332

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 342

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1&C=1

Request Chain 343

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL4ihouyMQJKZMZR1FFSQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1

Request Chain 344

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFQJKagTPJAQzLnNejJxeu8&google_cver=1

Request Chain 345

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg3MDAyNDI0MjA4MzU0OTg4

Request Chain 346

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOWXNcPB2slL2LdYP-2mxqU&google_cver=1

Request Chain 348

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEArUNuO-xB_pdH6_KFytdKo&google_cver=1

Request Chain 357

https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 358

https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 367

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=67535100169813100710612011840012&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=67535100169813100710612011840012&actionid=731824&produktid=businessgiro&dt_url=

Request Chain 368

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains HTTP 301
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Request Chain 370

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658

Request Chain 372

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=67535100169813100710612011840012 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 378

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=90002500173821700710612011840003&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=90002500173821700710612011840003&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 379

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains HTTP 301
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Request Chain 381

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353

Request Chain 383

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=90002500173821700710612011840003 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=90002500173821700710612011840003 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 390

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEGNr4eCNk9Kg_aStc7OyMCA&google_cver=1&google_push=AYg5qPK1WgII9Xm9U4gZTXfiVYBkZ2xuYZ4BGx8wfLbg9ZbTmTfJCvDqI3OIy03_zaQDR9LjzLBL0XJBJDU2IXu1QtRRvqf1T_tw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPK1WgII9Xm9U4gZTXfiVYBkZ2xuYZ4BGx8wfLbg9ZbTmTfJCvDqI3OIy03_zaQDR9LjzLBL0XJBJDU2IXu1QtRRvqf1T_tw&google_hm=QXF4NFNKMG5jQlhMRUZRMVc5Z1FmNUE=

Request Chain 391

https://s.uuidksinc.net/match/47/?remote_uid=CAESECI3sw1NsJab7GkTrwT9xgo&c_param1=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy

Request Chain 392

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEIqbrQwS_raWV18_x02g2jA&google_cver=1&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKuaeDuhQtRxqcs4OG HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEIqbrQwS_raWV18_x02g2jA&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKuaeDuhQtRxqcs4OG&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKuaeDuhQtRxqcs4OG&google_hm=Nnk4R3RJeGZTbWp1UHl2TXZQY3c=

Request Chain 394

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEAyCMmz0h1oV54TsWjDKwW8&google_cver=1&google_push=AYg5qPLKp5B2gVrgnOcVm6oOjWPUtKk_p5z7r-LpqjptuHr3wzq4RqupEHCeiXCrVvuPrPREvJm87L9sSDUtQ7fW2FnDOOd5i9vC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLKp5B2gVrgnOcVm6oOjWPUtKk_p5z7r-LpqjptuHr3wzq4RqupEHCeiXCrVvuPrPREvJm87L9sSDUtQ7fW2FnDOOd5i9vC&google_hm=NjE3NzExNDMwMzEwOTA0MDYyNA==

Request Chain 398

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFwjvAFHuliHxa5SZIkqAgs&google_cver=1&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BLmmaW33g7OcuBwiMUySDjY HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFwjvAFHuliHxa5SZIkqAgs&google_cver=1&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BLmmaW33g7OcuBwiMUySDjY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDA2OTQ1NTY1OTA3NjgxODc3Mw&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BLmmaW33g7OcuBwiMUySDjY

Request Chain 400

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPEcsIv0fNsyST1Z-jGSOWc&google_cver=1&google_push=AYg5qPII9PB19yxNJcqN3VfTM3IJIyEE8Nhtz_IUzOubdVOqcdxNwDylZOusgjkVl3ArlajpOKF0G1-8sJYdF0b162RHAQj9cPs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPII9PB19yxNJcqN3VfTM3IJIyEE8Nhtz_IUzOubdVOqcdxNwDylZOusgjkVl3ArlajpOKF0G1-8sJYdF0b162RHAQj9cPs

Request Chain 402

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEMJtrrdw0XPN9KBh6Flb408&google_cver=1&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw HTTP 301
https://sm.rtb.mts.ru/match/second?ssp=12&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw&exu=CAESEMJtrrdw0XPN9KBh6Flb408 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=d87ec26b-e7e5-4b62-8d0c-a375b95f2b38&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3Dd87ec26b-e7e5-4b62-8d0c-a375b95f2b38%26google_push%3DAYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=d87ec26b-e7e5-4b62-8d0c-a375b95f2b38&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw

Request Chain 430

https://s.adroll.com/j/exp/X7723AQJHJDWVHXHZOPVBN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 431

https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 438

https://d.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&pv=64662135489.8852&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js

Request Chain 445

https://d.adroll.com/cm/r/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 446

https://d.adroll.com/cm/b/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY

Request Chain 447

https://d.adroll.com/cm/x/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY

Request Chain 449

https://d.adroll.com/cm/o/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=33440f113acdb10752e37a260684c6c6

Request Chain 450

https://d.adroll.com/cm/g/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=M0QPETrNsQdS43omBoTGxg HTTP 302
https://d.adroll.com/cm/g/in

441 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www2.kusports.com/search/vertical/photogalleries.gallery/ 55 KB
12 KB 537ms
378ms Document
text/html 208.91.60.6
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL

http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine

Protocol

HTTP/1.1

Server

208.91.60.6 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),

Reverse DNS

ellingtoncms.com

Software

nginx /

Resource Hash

a0ade8be33af5ef85df33f2895b652fbf135bb6966231e1c9477189b57fb8474

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, Cookie
X-Beatles: ellington-app-13
Content-Encoding: gzip
Content-Length: 12335
Accept-Ranges: bytes
Date: Sat, 15 Jan 2022 16:38:31 GMT
X-Varnish: 1055841436
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Cache: MISS

GET
H/1.1 200
OK min.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/ 183 KB
183 KB 405ms
102ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/min.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3d313e573148b8aa541b772ed63b36b5b05520fd0ca9e20dce848bb65916c1ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:11 GMT
Last-Modified: Mon, 16 May 2016 19:57:42 GMT
Age: 79
ETag: "1042492297"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 187511
X-Cache-Hits: 2

GET
H/1.1 200
OK apps.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 2 KB
2 KB 407ms
104ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e678f057332a81514ac9719a101737d107488a36cdfa6b612799283695492545

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Tue, 14 Jun 2016 16:15:26 GMT
Age: 0
ETag: "1793899651"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1921
X-Cache-Hits: 0

GET
H/1.1 200
OK core.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 19 KB
19 KB 403ms
101ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/core.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d80e5177d7cc173424caf8c3a5a3d5f260123d61ae92678b1a3e9a6bbf99ada5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:11 GMT
Last-Modified: Thu, 18 Feb 2016 18:23:54 GMT
Age: 79
ETag: "1706498810"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19234
X-Cache-Hits: 1

GET
H/1.1 200
OK forms.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 5 KB
5 KB 411ms
107ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/forms.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8fda2396e315276e1fc4e8fe3a0a265fdfbfdb0e45f8005d142b78015a76503c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1187713669"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4718
X-Cache-Hits: 0

GET
H/1.1 200
OK containers.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 9 KB
9 KB 427ms
113ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/containers.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3752258f545f1cd6c4be6593f9f64ec4eb2d377b8d7e5ce52a1b908d9dcf1875

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:11 GMT
Last-Modified: Fri, 28 Aug 2015 19:45:38 GMT
Age: 79
ETag: "2520653564"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8980
X-Cache-Hits: 1

GET
H/1.1 200
OK comments.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 1 KB
2 KB 430ms
116ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/comments.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 9f0e38142f0b67f679d1eaff046562070e44443234a81c1f313f6d0ff41e6f86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1665733583"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1233
X-Cache-Hits: 0

GET
H/1.1 200
OK news.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 5 KB
5 KB 521ms
113ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/news.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 34983bb02be1afc41c4bd28a7bf5f89d84138fc3d37b09ad61d3fbe680fc466e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1135088283"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4813
X-Cache-Hits: 0

GET
H/1.1 200
OK destinations.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 4 KB
4 KB 523ms
112ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/destinations.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: feeab718072b4a4d047a582abb7dede4ee9f8ee0b3ba36cfd6828a5afa78c572

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "3601797957"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3789
X-Cache-Hits: 0

GET
H/1.1 200
OK twitter.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 3 KB
3 KB 545ms
117ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/twitter.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 06ea3f6c711322097aef91b87415a2b67cdacce2b8a08baf5129935fed10591e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "304747337"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3140
X-Cache-Hits: 0

GET
H/1.1 200
OK videos.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 2 KB
2 KB 547ms
117ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/videos.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fcf8a02102c695c381e74234f4a4bdf158f63d9c405697970f46816e572550bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Fri, 07 Nov 2014 03:45:54 GMT
Age: 0
ETag: "748043333"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1774
X-Cache-Hits: 0

GET
H/1.1 200
OK weblogs.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 3 KB
3 KB 614ms
111ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/weblogs.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: deea56467e818b9345873eec410a3e53c1be3a1ea2f4f3486a42e8ff64534e6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Fri, 28 Aug 2015 21:34:33 GMT
Age: 0
ETag: "584843429"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3039
X-Cache-Hits: 0

GET
H/1.1 200
OK activity.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 2 KB
2 KB 620ms
99ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/activity.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 6ff6c41c1b3e156f7f83074f774356106087b7149eb7fa198673d2c50eaa9490

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "3324842763"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2098
X-Cache-Hits: 0

GET
H/1.1 200
OK tagging.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 492 B
800 B 626ms
103ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/tagging.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4af952994baa0cdd0cee4927dbb7f207a7a28f34bd4b748f4cf5ef30c9a6cde4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1798324929"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 492
X-Cache-Hits: 0

GET
H/1.1 200
OK comments.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ 7 KB
7 KB 656ms
111ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/comments.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8eb0885d968635a6e7a706c190c00a8a6f1d88f0b528201eec558e441395d7f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 79
ETag: "3476462056"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6878
X-Cache-Hits: 1

GET
H/1.1 200
OK ugc-photos.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ 1 KB
2 KB 668ms
121ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ugc-photos.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3023b8c8a44629993a179f9b49e46244f8d9ec755e3068d1532bb48c0235ecd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "2256181310"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1320
X-Cache-Hits: 0

GET
H/1.1 200
OK menus.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/lib/ 917 B
1 KB 723ms
109ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/lib/menus.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: edce0f5742c946e7271ad95325d3ab2c2ad012adc0a790e52b69c04a37a6a9f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "77644060"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 917
X-Cache-Hits: 0

GET
H/1.1 200
OK core.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 79 KB
80 KB 721ms
101ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8a215ebe4733750286ea1780bcb0c9500c96aa14ebf1abe588193e76b7763f1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Wed, 09 Dec 2020 18:24:09 GMT
Age: 79
ETag: "1844968605"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 81138
X-Cache-Hits: 1

GET
H/1.1 200
OK apps.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 31 KB
31 KB 727ms
101ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/apps.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8e3c124520f136bd31f51db7504c41590e86a39c13e8ea479547e2c2cdfeb0db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 79
ETag: "1520510295"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31687
X-Cache-Hits: 2

GET
H/1.1 200
OK activity.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 3 KB
4 KB 770ms
114ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/activity.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1e6d070b6dfc55e901e9280547ca443bf3089030043408df167cf7ae5b1025c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "3857257241"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3397
X-Cache-Hits: 0

GET
H/1.1 200
OK inlines.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 4 KB
4 KB 781ms
113ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/inlines.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 71f59d13d69d502b117d87f28fa286757c478447b06f87d4b02c44361c4a4855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "4142142171"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4281
X-Cache-Hits: 0

GET
H/1.1 200
OK js Show response
maps.google.com/maps/api/ 156 KB
52 KB 404ms
268ms Script
text/javascript 2a00:1450:4019:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps/api/js?sensor=true

Requested by

Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine

Protocol

HTTP/1.1

Server

2a00:1450:4019:80b::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

561efbd8ea18ac526a913da03b3f3e4557994af182ca61c586212f0aa71a634b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Content-Encoding: gzip
Vary: Accept-Language
Server: mafe
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Server-Timing: gfet4t7; dur=34
Content-Length: 52409
X-XSS-Protection: 0
Expires: Sat, 15 Jan 2022 17:08:31 GMT

GET
H/1.1 200
OK min.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/ 455 KB
455 KB 827ms
105ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/min.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3fde16febe487398469364de1dad7fa7640a9fb9dfe2c109c616d6df38d91ba6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:36:40 GMT
Last-Modified: Wed, 03 Jul 2019 17:07:33 GMT
Age: 111
ETag: "116644464"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 465974
X-Cache-Hits: 2

GET
H/1.1 200
OK prerolls.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 8 KB
8 KB 883ms
112ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/prerolls.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 6dd9c52de77964061f706c1650a89766e99348f63be12b7b6467970bb34ccfbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 79
ETag: "653136474"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7870
X-Cache-Hits: 1

GET
H/1.1 200
OK swfobject2.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 9 KB
9 KB 894ms
112ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/swfobject2.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: aad4f11790ae41d11a7c7bb613b9f82206f37eb4894966fe15e5f880c5d9b72a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 79
ETag: "853807514"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8868
X-Cache-Hits: 1

GET
H/1.1 200
OK jquery.template.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 6 KB
6 KB 937ms
110ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/jquery.template.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4d64cca2d081e3574a789840fb2d888796a38e8a6cb8c09df541c03a7c2fe627

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 79
ETag: "1164776152"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5917
X-Cache-Hits: 1

GET
H/1.1 200
OK quicksilver.score.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 3 KB
4 KB 951ms
120ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/quicksilver.score.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b2c4af40afb1e40563e65b50bf08c21a4b1543fab3050440be96974445edf7dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:31 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "90706754"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3457
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.livefilter.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 963 B
1 KB 1011ms
117ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/jquery.livefilter.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0bb5eb51c0ee0972c3b2b6ebf6bcb3b0c1cbb7c4c93b0acd442110005c1c3289

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "2610385626"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 963
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.carousel.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 5 KB
5 KB 1044ms
109ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.carousel.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0d35142f32786296129b89d4acaee1ff5201114af38d139b384412fa38777d7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "3492287122"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5224
X-Cache-Hits: 0

GET
H/1.1 200
OK map_maker.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/maps/ 5 KB
5 KB 1053ms
116ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/maps/map_maker.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 7ac61bbd491ea91981ae5f8c99a162d2cf7f6836e80e2283448ae4c29fdf2420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "3242463942"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4836
X-Cache-Hits: 0

GET
H/1.1 200
OK onload.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/ 2 KB
2 KB 1059ms
107ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/onload.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ca29fa98b9edf564b5abb0a0f06c7fc1658a5db5ac05759183e34f44a58db9eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:31 GMT
Age: 0
ETag: "3799685163"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Cache-Hits: 0

GET
H/1.1 200
OK yahoo-dom-event.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 31 KB
31 KB 1126ms
114ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/yahoo-dom-event.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 7e2ed03bbc185372cb541663170321544300747ae296389772dc8f722551eb3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 79
ETag: "1851860393"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31636
X-Cache-Hits: 1

GET
H/1.1 200
OK flash.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 3 KB
4 KB 1161ms
117ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/flash.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 25049c305b208bde887cde10dc3fe87d0e39d98d7f126acaa42338f2fb51cb6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:37 GMT
Age: 0
ETag: "2687046417"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3454
X-Cache-Hits: 0

GET
H/1.1 200
OK audioplayer.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 2 KB
2 KB 1178ms
124ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/audioplayer.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 482c5ca644f49f87f08ea6ad0e046a21d98ca5009192127e25c3c7342bd81ba1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "3509523352"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1726
X-Cache-Hits: 0

GET
H/1.1 200
OK video-js.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/ 21 KB
22 KB 822ms
102ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/video-js.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0fc0fbb7321bca17d95d35cbb2bcbc81ac7e78c61a50b2af2ed130a1fe6f1691

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Mon, 25 Nov 2013 04:26:10 GMT
Age: 79
ETag: "418525954"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21853
X-Cache-Hits: 2

GET
H/1.1 200
OK video.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/ 51 KB
51 KB 1167ms
108ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/video.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e0c5c27ad304e1d5b111c4c67d9c3aa45d64b35e6d322c2bc4c7462813b1d204

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:12 GMT
Last-Modified: Mon, 25 Nov 2013 04:26:26 GMT
Age: 79
ETag: "223480570"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51740
X-Cache-Hits: 2

GET
H/1.1 200
OK video_player_v2.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 4 KB
5 KB 1357ms
115ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video_player_v2.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fb9234052ac419d5c2aab3ec5f16365d70ff41096426b821c2b693593a1a559a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Mon, 25 Nov 2013 17:38:35 GMT
Age: 0
ETag: "68033224"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4551
X-Cache-Hits: 0

GET
H/1.1 200
OK cookies.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/ 1 KB
1 KB 1471ms
113ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/cookies.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 17b91841811d67da94317ebd549a5a35e66e380be5a2ca51a34a8139f9a1415a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:30 GMT
Age: 0
ETag: "853252152"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1188
X-Cache-Hits: 0

GET
H/1.1 200
OK mobile_detect.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/ 2 KB
3 KB 1482ms
113ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/mobile_detect.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8ca119bc1f1fc4736ccedf20d3aafcc50aead2109a92e32c89bf74af72a1e057

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:30 GMT
Age: 0
ETag: "3082590460"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2301
X-Cache-Hits: 0

GET
H/1.1 200
OK sp.js Show response
cdn.includemodal.com/ 126 KB
34 KB 135ms
8ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.includemodal.com/sp.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b00dec76f7bd930c41b4b779f73fc4bce681079b8ef9d5f9abe488c6193bd096

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: RMaN7MsO2HgV2dgJXHhghVFCLxMC8ZFJ
Via: 1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront), 1.1 varnish
ETag: W/"9d801abb9b8ac1f3c9af59352538559d"
Age: 870
X-Cache: Hit from cloudfront, HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 34567
X-Served-By: cache-hhn4077-HHN
Last-Modified: Fri, 14 Jan 2022 16:22:38 GMT
Server: AmazonS3
X-Timer: S1642264711.272493,VS0,VE0
Date: Sat, 15 Jan 2022 16:38:31 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600, public
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: yh_eMALiR4kNDOfyqURFYCon9yBeKlw6Mbr2ToTzYj0FZ-TXdFetmg==
X-Cache-Hits: 9

GET
H2 200 up.js Show response
cdn01.basis.net/assets/ 2 KB
1 KB 124ms
35ms Script
application/javascript 178.79.242.181
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn01.basis.net/assets/up.js?um=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-181.fra.llnw.net
Software: AC1.1 /
Resource Hash: 5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:31 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 15:06:26 GMT
server: AC1.1
age: 469737
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1041
x-llid: fe3fe4fafe0728a906b92c67a7568e78

GET
H/1.1 200
OK ellington-ga.js Show response
worldonline.media.clients.ellingtoncms.com/static/ 3 KB
4 KB 1481ms
103ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington-ga.js?v=11
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 95af646b01ee702570f9abad3701e98b1713487822310baba992363f92513e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Fri, 28 Jul 2017 15:48:34 GMT
Age: 0
ETag: "2862375767"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3355
X-Cache-Hits: 0

GET
H2

200

/
insight.adsrvr.org/track/evnt/
Redirect Chain

http://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3

70 B
261 B

106ms
37ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Location: https://insight.adsrvr.org:443/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
Date: Sat, 15 Jan 2022 16:38:32 GMT
Server: awselb/2.0
Connection: keep-alive
Content-Length: 134
Content-Type: text/html

GET
H/1.1 200
OK logotab.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 2 KB
2 KB 214ms
113ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/logotab.png
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fa1bbe501b149144f7d0195697ed240c0bbfab218313922bd1733fa02d4f3bcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "4146598750"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2122
X-Cache-Hits: 0

GET
H/1.1 200
OK meritrust-logo.png
ogden_images.s3.amazonaws.com/www.ljworld.com/images/2021/12/30092118/ 35 KB
36 KB 255ms
109ms Image
image/png 52.216.89.236
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ogden_images.s3.amazonaws.com/www.ljworld.com/images/2021/12/30092118/meritrust-logo.png
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 52.216.89.236 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: ca03203fdd79bb26a6787fcaa3d8bb2d74514e04cea540daf0441d35308e0827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Thu, 30 Dec 2021 15:21:19 GMT
Server: AmazonS3
x-amz-request-id: 2M97WT21V2H2PE10
ETag: "38d416f31a969011c25be08c19cad3f9"
Content-Type: image/png
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 36055
x-amz-id-2: LSdhY1lYeVLfxytlsU9YDavPJLeWCjh5QCQRoJi4+N8GqaIG1BL7M4NJ41jwEzfW1Uo8pGzqM4Q=
Expires: Fri, 30 Dec 2022 15:21:18 GMT

GET
H/1.1

404
NOT FOUND

/
www2.kusports.com/search/vertical/photogalleries.gallery/_t200/
Redirect Chain

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200?63053ce3c12ccdabb07c8a8609241a2395705911
http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

36 KB
36 KB

230ms
229ms

Image
text/html

208.91.60.6
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

Requested by

Protocol

HTTP/1.1

Server

208.91.60.6 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),

Reverse DNS

ellingtoncms.com

Software

nginx /

Resource Hash

dffb2854fbfb6bfb95e6949a623fe55063e7cc929b3755ed7b27adf7f31b52eb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, Cookie
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
X-Varnish: 1055841572
Via: 1.1 varnish
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 8742

Redirect headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Via: 1.1 varnish
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
X-Varnish: 1055841564
Location: http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-Beatles: ellington-app-15

GET
H/1.1 200
OK ku_bkc_isu_06_t200.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 15 KB
16 KB 350ms
100ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_t200.jpg?63053ce3c12ccdabb07c8a8609241a2395705911
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 728a9a5773bddf02be49c8ac1c8e4f64086c4814abe7b5e95a4d14fdaa9d7486

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 17:23:59 GMT
Last-Modified: Wed, 12 Jan 2022 03:23:26 GMT
Age: 256473
ETag: "1793138685"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 17:23:59 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15719
X-Cache-Hits: 7

GET
H/1.1 200
OK ku_bkc_isu_06_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
2 KB 113ms
113ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f2023b1b62da87163faad2f2ed5d116be69bae647670048d738f3526167c2632

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:59:48 GMT
Last-Modified: Wed, 12 Jan 2022 03:59:38 GMT
Age: 304725
ETag: "1445639886"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:59:48 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2182
X-Cache-Hits: 7522

GET
H/1.1 200
OK ku_bkc_isu_05_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 100ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_05_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 945d81de37368bdb21409830e9bd81a52fe4eea9e698d444ad510eddc77ca1a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:46 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:14 GMT
Age: 304786
ETag: "3577918218"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:46 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2504
X-Cache-Hits: 7543

GET
H/1.1 200
OK ku_bkc_isu_02_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 103ms
103ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_02_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d4f8bc08ed1a374a36388cfe41f2609c5f1025de20422d698368be48f1896ce1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:46 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:12 GMT
Age: 304787
ETag: "3831804672"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:46 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2336
X-Cache-Hits: 7534

GET
H/1.1 200
OK ku_bkc_isu_03_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 100ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_03_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2f86987acb8ba6f3703a815c5dbb09d282cf25c1714ae91d1c2afd9d9af7c08a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:46 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:13 GMT
Age: 304786
ETag: "1153676047"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:46 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2497
X-Cache-Hits: 7547

GET
H/1.1 200
OK ku_bkc_isu_01_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 112ms
112ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_01_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0e9793afd5d57a188f900a3561b714829cb7fddbe1fc7dd454dc94f6515121ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:46 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:13 GMT
Age: 304787
ETag: "2741744387"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:46 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2278
X-Cache-Hits: 3721

GET
H/1.1 200
OK MitchTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 112ms
111ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/MitchTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2e7b133667cf862ce360aec2578c08adcf317bdeffb5b5ae26f22c7928bed85f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:02 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:19 GMT
Age: 569851
ETag: "656618056"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:02 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2375
X-Cache-Hits: 10104

GET
H/1.1 200
OK CBhookTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
2 KB 99ms
98ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/CBhookTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 03f40b2a01bbba09852e901342f46c741a9a3f8fb9450bfa29a5e13f568af04e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:02 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:19 GMT
Age: 569851
ETag: "1419915854"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:02 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2002
X-Cache-Hits: 10094

GET
H/1.1 200
OK DajuanTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 101ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/DajuanTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c94e49334083ad99ce4fe5cc543eaf92320f702c473b1a134d8e0d2751683786

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:02 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 569851
ETag: "1445343817"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:02 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2307
X-Cache-Hits: 10051

GET
H/1.1 200
OK TechatRim_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 99ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/TechatRim_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f7059be255f87b9ee45ab619650998acb10637aa0d41a3e34f12cb563a31e824

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:02 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 569851
ETag: "295776841"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:02 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2348
X-Cache-Hits: 10061

GET
H/1.1 200
OK SelfatTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 112ms
111ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/SelfatTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4ca98a9f6e5b6b5acb8c8c474b3366e13372946d998d4c12470ce606b05df393

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:22:12 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 569780
ETag: "1956655691"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:22:12 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2222
X-Cache-Hits: 6090

GET
H/1.1 200
OK Juan_steal_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
3 KB 112ms
111ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Juan_steal_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2649d411849441560a08d65ecc699902799d2219cb10ddf8c365b9803ae66acc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:31 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:29 GMT
Age: 897721
ETag: "2052207382"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:31 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2418
X-Cache-Hits: 14247

GET
H/1.1 200
OK AP22005104812577_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 99ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/AP22005104812577_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 46f91934dfcf2858e78684bf1255b45320ef80059f80d4f376bc829446f5505c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:31 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 897721
ETag: "1842557749"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:31 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2107
X-Cache-Hits: 14193

GET
H/1.1 200
OK Mitch_block_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 101ms
100ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Mitch_block_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b3094bd6c20ebdde1e03ad0f9e5f271b6d56d5a9c32b0bf7d731f5bb72dfeb25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:31 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 897721
ETag: "526201653"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:31 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2172
X-Cache-Hits: 14184

GET
H/1.1 200
OK Dave_layup_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 101ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Dave_layup_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: da1360e9617591ce97b284615498f1a406c4b00fcdddfd59724e5356769c667c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:31 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 897721
ETag: "266089271"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:31 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2063
X-Cache-Hits: 14181

GET
H/1.1 200
OK Mitch_dive_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
3 KB 101ms
100ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Mitch_dive_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 97192cf227b40aa5c09387cc46230ef31fa177e946cc91fa98a55e89c1c436ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:17:43 GMT
Last-Modified: Wed, 05 Jan 2022 07:17:34 GMT
Age: 897649
ETag: "2138281653"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:17:43 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2312
X-Cache-Hits: 9195

GET
H/1.1 200
OK ku_bkc_mason_01_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 100ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_01_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b78362d3e11d02a90489865565e984d658e9cbc2d442ee7884fd956fb71b0159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:38:25 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1180807
ETag: "2529146521"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:38:25 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2456
X-Cache-Hits: 16388

GET
H/1.1 200
OK ku_bkc_mason_12_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 121ms
120ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_12_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 623d4350b84c3db35766c93aa589955ad02710b1cbb5bb8fe0fbfdda1bdba321

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:37:08 GMT
Last-Modified: Sun, 02 Jan 2022 00:36:55 GMT
Age: 1180885
ETag: "2754786932"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:37:08 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2363
X-Cache-Hits: 16308

GET
H/1.1 200
OK ku_bkc_mason_22_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
2 KB 120ms
120ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_22_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e93f3187fcfb44d155e7119c58627506ff3765fa4afe66dc87f338b6b8a13a54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:54:57 GMT
Last-Modified: Sun, 02 Jan 2022 00:54:52 GMT
Age: 1179816
ETag: "4012980133"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:54:57 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1834
X-Cache-Hits: 16232

GET
H/1.1 200
OK ku_bkc_mason_02_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 101ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_02_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 51fafa8da3b03ac77d9ac2fdeafe93a313829891e3a922a596801146ba41444a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:38:26 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1180807
ETag: "2174203545"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:38:26 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2448
X-Cache-Hits: 16272

GET
H/1.1 200
OK ku_bkc_mason_03_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 100ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_03_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 777fd3cae235313f40770e1af8a7fa1c1a326e040d79014f2bd732a1f5153a51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:38:26 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1180807
ETag: "2702620311"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:38:26 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2369
X-Cache-Hits: 11705

GET
H/1.1 200
OK Q1-12_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/13/ 5 KB
6 KB 102ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/13/Q1-12_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0de9144bce06e89231efdcb0acd8d48483ca86649c44e991895fbf4dff221cf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 14 Jan 2022 03:03:44 GMT
Last-Modified: Fri, 14 Jan 2022 03:03:33 GMT
Age: 135288
ETag: "3335947030"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Sun, 13 Feb 2022 03:03:44 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5352
X-Cache-Hits: 359

GET
H/1.1 200
OK Q1-3_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 5 KB
5 KB 103ms
102ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/Q1-3_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c8bbd5afa4c30e05186b03ce140ee8bb262f7bf321d74d04042d11fa05eadfae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 02:48:29 GMT
Last-Modified: Thu, 13 Jan 2022 02:45:51 GMT
Age: 222604
ETag: "1873852374"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Sat, 12 Feb 2022 02:48:29 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4944
X-Cache-Hits: 694

GET
H/1.1 200
OK Screen_Shot_2022-01-12_at_2.59.36_PM_r90x60.png
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 11 KB
11 KB 114ms
113ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/Screen_Shot_2022-01-12_at_2.59.36_PM_r90x60.png?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ba17a6a569b64b5d243273cde129feedf2b7fc5180be7bca1eb297572aafb809

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 23:14:14 GMT
Last-Modified: Wed, 12 Jan 2022 23:11:40 GMT
Age: 235458
ETag: "2381718166"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 23:14:14 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11303
X-Cache-Hits: 728

GET
H/1.1 200
OK ku_bkc_isu_27_hEALDKE_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 5 KB
5 KB 113ms
112ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ku_bkc_isu_27_hEALDKE_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 858a0e23502aa2fcb9ae9e6a1f746e3b9f9e0967f383215898bae4ca797fc67c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 17:25:56 GMT
Last-Modified: Wed, 12 Jan 2022 17:25:16 GMT
Age: 256357
ETag: "152379321"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 17:25:56 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4698
X-Cache-Hits: 3142

GET
H/1.1 200
OK ku_bkc_isu_06_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
5 KB 100ms
100ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f0eb8a4eac4068c80d1249dfde9bcc0adbb127f197edd147ed6e2304e8d01f5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 02:53:09 GMT
Last-Modified: Wed, 12 Jan 2022 02:51:57 GMT
Age: 308724
ETag: "51230602"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 02:53:09 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4440
X-Cache-Hits: 4069

GET
H/1.1 200
OK ku_bkc_isu_07_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
4 KB 99ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_07_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 770f39534d503d9feff3bf990db12b6775bcb8bf7a06a178d326dce53d0ab5e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:14 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:04 GMT
Age: 305239
ETag: "2950923106"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:14 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4179
X-Cache-Hits: 3996

GET
H/1.1 200
OK ku_bkc_isu_11_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 102ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_11_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1097c01b38cb84d60d03c6ceaba1616b06740a5bb2bbd3d82ec559ab07204035

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:14 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:11 GMT
Age: 305239
ETag: "2304803659"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:14 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4754
X-Cache-Hits: 4003

GET
H/1.1 200
OK ku_bkc_isu_09_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 99ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_09_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d6a97846477d5f74dc49c320addd8360addfd351e22f14206c145c4a44d13bdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:14 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:11 GMT
Age: 305239
ETag: "3093398357"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:14 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4866
X-Cache-Hits: 3985

GET
H/1.1 200
OK ku_bkc_isu_08_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 99ms
99ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_08_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 33a7f1daa51a3d81a190b331e6ce2bdca98966dc7846894d5619c87a3ceb319e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:06 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:46 GMT
Age: 305186
ETag: "1265338338"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:06 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5090
X-Cache-Hits: 4019

GET
H/1.1 200
OK ku_bkc_isu_14_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
5 KB 101ms
100ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_14_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ccef7c15c0af13ab8c5f8008e24095ac3d6e6376b6d7ac86f60c5b85578855ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:07 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:46 GMT
Age: 305186
ETag: "1525319590"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:07 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4283
X-Cache-Hits: 4002

GET
H/1.1 200
OK ku_bkc_isu_10_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 113ms
113ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_10_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: df79e61186e6f38bfe193b619c426fd6e7fb7cf732f14a2e358329a739461ef4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:36 GMT
Last-Modified: Wed, 12 Jan 2022 03:52:28 GMT
Age: 305156
ETag: "2610988834"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:36 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
X-Cache-Hits: 4008

GET
H/1.1 200
OK ku_bkc_isu_15_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 114ms
114ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_15_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0e25495ffd09f6b677ce228b97bc09623d45aa81fc770413c46259a040b81fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:36 GMT
Last-Modified: Wed, 12 Jan 2022 03:52:28 GMT
Age: 305156
ETag: "2854717244"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:36 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4872
X-Cache-Hits: 3991

GET
H/1.1 200
OK site.js Show response
worldonline.media.clients.ellingtoncms.com/static/kusports.com/javascript/ 8 KB
9 KB 412ms
411ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/javascript/site.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 762f2135d7f709ed01ed2a4829ac28b051d6df007aec607df238d60950b03453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Tue, 24 Feb 2015 21:33:28 GMT
Age: 79
ETag: "475726466"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8431
X-Cache-Hits: 2

GET
H/1.1 200
OK jquery.ui.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.2.0/javascript/thirdparty/ 188 KB
188 KB 99ms
99ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.2.0/javascript/thirdparty/jquery.ui.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f515ed490405435b0c8a7ede74fd2c8e7834ee45c81aa76db3736fe50dc1da87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Thu, 13 Mar 2014 08:57:18 GMT
Age: 79
ETag: "3699883348"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 192328
X-Cache-Hits: 2

GET
H/1.1 200
OK jquery.lightbox_me.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/lightbox_me/ 9 KB
10 KB 102ms
101ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/lightbox_me/jquery.lightbox_me.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: be18e4f5d4b03d521cd77cab0bd078809764b28e93abd36def170df9b9a93411

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 79
ETag: "1718161862"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9630
X-Cache-Hits: 2

GET
H/1.1 200
OK jquery.autofocus-min.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/ 205 B
520 B 123ms
120ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/jquery.autofocus-min.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 51d53492d7322fd92bdeb78693bda92a5810de0906203c9d800f36f3650e7c58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "4170269388"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 205
X-Cache-Hits: 0

GET
H/1.1 200
OK wol.defaults.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 8 KB
9 KB 118ms
114ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/wol.defaults.js?v=2
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 26e2c6e5dcba43026ac44b78c9c73bb51d099a786ca808c9a2061c3ed81625e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Tue, 21 Feb 2017 23:03:07 GMT
Age: 79
ETag: "4156348889"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8519
X-Cache-Hits: 2

GET
H/1.1 200
OK jquery.media.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 15 KB
15 KB 104ms
100ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.media.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1979e136df73c0182593b957b1ccb3c6b659c018e3ae61b13f9db6ca3377acbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 79
ETag: "555824375"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14973
X-Cache-Hits: 2

GET
H/1.1 200
OK jquery.defaults.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 9 KB
10 KB 101ms
101ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.defaults.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 904341d95fce95e7520a3a6ecb4d0b337038c2f5d277874a563e0e24fd90e709

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:37 GMT
Age: 79
ETag: "2997555603"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9541
X-Cache-Hits: 2

GET
H/1.1 200
OK extended_sharingtools.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 672 B
987 B 101ms
101ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/extended_sharingtools.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: a821eac48e731c18eb2ed4bce2c2804add93870078ce7a75b643357e6a98a9fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "2333373124"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 672
X-Cache-Hits: 0

GET
H/1.1 200
OK repost.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 2 KB
2 KB 113ms
113ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/repost.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 9e25ba946939ee4a3d6b5acc652b3a3d3c87f0b982d9a35b9fd19f37b3bee4ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "3270185738"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2098
X-Cache-Hits: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 97 KB
38 KB 49ms
24ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NQ7KXJ6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

571a26d7c84347a9b52a45a361dad3181651776bbda4164e397fa81d842a4caf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:38:32 GMT

GET
H/1.1 200
OK print.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/ 481 B
789 B 102ms
102ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/print.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1b67d92a3588252269bc6cdeca8fbfccb5446d70e0cfcdcdaf78898d815d9c62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "2537664774"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 481
X-Cache-Hits: 0

GET
H/1.1 200
OK print.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 1 KB
1 KB 100ms
100ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/print.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2f9c35e984c1b63a7e6b13f07d6afb5d8335a1aba0e382d7e0c66e23b049de68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "3868070813"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1192
X-Cache-Hits: 0

GET
H/1.1 403
Forbidden gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 133 B
621 B 31ms
17ms XHR
application/json 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eb81dbb47530932dd4d6eac5041f8c4462f17c0b87c8ef699b24dbafc5a8c861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: scaffolding on HTTPServer2
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: http://www2.kusports.com
Access-Control-Expose-Headers: vary,vary,vary,content-encoding,date,server,content-length
Cache-Control: private
Vary: Origin, X-Origin, Referer
Content-Length: 132
X-XSS-Protection: 0

GET
H2 200 toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX Show response
quizzicalzephyr.com/v2/0/ 88 KB
26 KB 366ms
298ms Script
text/javascript 35.190.90.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.90.202 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

202.90.190.35.bc.googleusercontent.com

Software

Resource Hash

7fb8971ef6ae60c7189c1f81e62685d3fbee02f60538eee2f2dc23f8be400645

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "d048ce9981aa6a014c6986e43ada627a91ddce6f621b858b3bb78a0dd00e7716"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-n4tq
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Sat, 15 Jan 2022 16:38:33 GMT
timing-allow-origin: *

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 23ms
16ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ec88fa56bee4e6c91bffda5c8ec99756df9b613b762092075ec89157b9e1078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1102 / 910 of 1000 / last-modified: 1642206167"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 26980
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Sat, 15 Jan 2022 16:38:32 GMT

GET
H2

200

fbevents.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/fbevents.js
https://connect.facebook.net/en_US/fbevents.js

98 KB
26 KB

25ms
8ms

Script
application/x-javascript

2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: uVLTaE4l/E0WKc23y3JZA1XAzHZ/aRIYetsjcff+Teg2N2exLZx7cDS/Zw0eVP9VCUsBqrImNInOJtZ3hIpCAg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 15 Jan 2022 16:38:32 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/fbevents.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/theworldcompany-network/ 341 KB
32 KB 182ms
118ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9dbd96226c9062b37e0b719221e8f02b684d2acd495e47bacbefb96b7fc0d246

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: ShnZPVBCXVM7wd4SCTUp9Qg9nYW1fSH6
Content-Encoding: gzip
ETag: "5b90671790c560bae0e719fa39ed15c7"
Age: 0
X-Cache: HIT
Connection: keep-alive
Content-Length: 32181
x-amz-id-2: Gr16AhfrwprFqCFezg7Usr1QBcqdo8T6g0E/7G/mOfySlwC/zarDw6R/x+fRh3m7WxriU5BBbTw=
X-Served-By: cache-hhn4025-HHN
Last-Modified: Thu, 13 Jan 2022 10:16:16 GMT
Server: AmazonS3
X-Timer: S1642264713.926687,VS0,VE111
Date: Sat, 15 Jan 2022 16:38:33 GMT
Vary: Accept-Encoding
x-amz-request-id: YZQ9R9YHJCYF0Q9H
Via: 1.1 varnish
Cache-Control: private,max-age=14401
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
abp: 42
X-Cache-Hits: 1

GET
H2

200

6fae6b69d349c48f
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/6fae6b69d349c48f?cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%...
https://pixel.sitescout.com/up/6fae6b69d349c48f?cookieQ=1&cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxych...

43 B
417 B

406ms
406ms

Image
image/gif

66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/6fae6b69d349c48f?cookieQ=1&cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-type: image/gif
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/6fae6b69d349c48f?cookieQ=1&cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine
date: Sat, 15 Jan 2022 16:38:32 GMT
server: AC1.1
content-length: 0

GET
H/1.1 200
OK bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 1 KB
2 KB 192ms
107ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2b911d51ed949642e3d9b146c0ac22914c134bcb104a0acfe8df42353d168a3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:34 GMT
Age: 0
ETag: "3601798039"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1501
X-Cache-Hits: 0

GET
H/1.1 200
OK gradient_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 28 KB
28 KB 188ms
99ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/gradient_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c302efe6c47d24adb92d327f1c3a8383d9593acd29699464309e0b295700d4f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:13 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:34 GMT
Age: 79
ETag: "1122053897"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28296
X-Cache-Hits: 1

GET
H/1.1 200
OK button_bg.gif
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/images/ 274 B
559 B 276ms
102ms Image
image/gif 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/images/button_bg.gif
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e2d3f8696617c48a1f82529015ed2050d19c0a961a7249466dbb16456fe733bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:39 GMT
Age: 0
ETag: "271665826"
X-Cache: MISS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 274
X-Cache-Hits: 0

GET
H/1.1 200
OK black_20.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/transparent/ 118 B
404 B 310ms
113ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/transparent/black_20.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 15cd950fdf0a22946139981c83584014730ea322856de684bbb7b9a638e99330

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "1192579752"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 118
X-Cache-Hits: 0

GET
H/1.1 200
OK sidebar_grey_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/ 146 B
431 B 199ms
112ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/sidebar_grey_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b98008ad770fed8298d565a3ee5da7d233895b23d0a9e13cae7f92c5ac15d7e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:32 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "353532584"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 146
X-Cache-Hits: 0

GET
H/1.1 200
OK sidebar_header_grey_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/ 170 B
455 B 310ms
110ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/sidebar_header_grey_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: aa5f185e7c327bc34525d29785309cdb9ecb8a470be2af0bfbef85d6317feb61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:37:33 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 59
ETag: "638739112"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 170
X-Cache-Hits: 1

GET
H2 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
119 KB 33ms
7ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 310
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 90 B
719 B 47ms
22ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www2.kusports.com

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

fc98d0a05f35dbe183a65f8aa5371168f175e3f8578d7afa3dbd07e84c15f80c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83
x-xss-protection: 0
expires: Sat, 15 Jan 2022 16:38:32 GMT

GET
H2 200 226738544330346 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 133ms
132ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/226738544330346?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a04b971d335d737b89946f19095fd6e18c88561d3846404081729739ca81a80d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: oB3EQVkcjY/I1Gbh5DCNUV2w/+iPEMiA5Erh5yOFp4VqF4sKo42cjPInDlrqZXR1Hn8qc0ehxU4OJm7nmoyeTw==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 15 Jan 2022 16:38:33 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ7KXJ6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3818
date: Sat, 15 Jan 2022 15:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 15 Jan 2022 17:34:54 GMT

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
538 B 64ms
24ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 64ms
40ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 433ms
416ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_lb&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=Pos%3D1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712974&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=90&adks=3960793290&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

da4a8af41e0c193b767ae3891524c23961693fa7280a9e593a65198ad027f981

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8552
x-xss-protection: 0
google-lineitem-id: 811848131
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755306
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 526ms
510ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_halfPage&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712978&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=205&adks=1250131073&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x25&msz=300x0&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

49234fe43ce7263e0c8fdc11d41c249c5dccde1331725a814057ece4cda76a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8509
x-xss-protection: 0
google-lineitem-id: 811848011
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 126877122251
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 198ms
182ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712979&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=245&adks=2978949804&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

3497a136020ad61017fb3ba6910d5e65c2e3689c2d6313696abae966ce387316

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8559
x-xss-protection: 0
google-lineitem-id: 811847531
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376208209
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 140ms
125ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D2&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712981&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=520&adks=1494288404&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ae36c2e7542c7a670c171f078afdb88b1a896c48555a90911e43fd79db731b68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8560
x-xss-protection: 0
google-lineitem-id: 811847651
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375756477
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 347ms
331ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D4&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712982&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=795&adks=3930813595&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x10&msz=300x0&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

a557542b7272593a0cc7e39167a1e0f8f79f2a2f3ba344dc59accd7f2aefcbaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8757
x-xss-protection: 0
google-lineitem-id: 800070611
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138242546191
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 278ms
263ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D3&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712984&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=2146&adks=2239055522&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

cced19cb69d5b40e430d7ce95459ce7ee4112682605433c376191949faaa9109

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8572
x-xss-protection: 0
google-lineitem-id: 811847771
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375756279
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 420 B
254 B 200ms
185ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_richmedia&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712987&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=985&adys=2416&adks=691364917&ucis=7&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x2216&msz=310x0&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

c7896ab2971da619c3f6752f7b95f8be4277afaffb259f1936fd889208999737

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 414 B
254 B 196ms
181ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_OOP&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712988&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=985&adys=2416&adks=2426795537&ucis=8&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x2216&msz=310x0&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=3&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d18dcadfae802c4f885cce2b295a81020113f2e37136734f0d6798d288291fff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 481ms
466ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3299341192545222&correlator=2288488464367390&output=ldjh&impl=fif&eid=31063910&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_lb&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=Pos%3D2&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264712&dt=1642264712991&dlt=1642264711119&idt=1820&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=2787&adks=3586950149&ucis=9&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=990x520&msz=728x-1&ga_vid=921026946.1642264713&ga_sid=1642264713&ga_hid=1226416739&ga_fc=false&fws=0&ohw=0&btvi=4&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

078e7366898dfe7da10d96bfabedce2efde4784e45a0244062ba979e61348660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8562
x-xss-protection: 0
google-lineitem-id: 811848251
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755667
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EC38 6 KB
4 KB 88ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1226416739&t=pageview&_s=1&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&ul=en-us&de=UTF-8&dt=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.store%20xf0x9fxa4xa9%20Uses%2C%20Dosage%20xe2xa1xb9xe2xa1xbfxe2x9dx84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=2120247703&gjid=1241130900&cid=921026946.1642264713&tid=UA-381152-3&_gid=2002762806.1642264713&_r=1&gtm=2wg1c0NQ7KXJ6&cd2=&cd3=&z=1835000702

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 62ms
21ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-381152-3&cid=921026946.1642264713&jid=2120247703&gjid=1241130900&_gid=2002762806.1642264713&_u=YAhAAEAAAAAAAC~&z=267065969

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 15 Jan 2022 16:38:33 GMT
content-type: text/plain
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 impl.20220113-4-RELEASE.js Show response
cdn.taboola.com/libtrc/ 615 KB
127 KB 23ms
7ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220113-4-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 30f8d650e5003e7ac2ddaaae9a57212d7972c7c0dd451ea43f094d5d1fb60cd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: 5cyFjz3zrjTYiXjRSJbEXQtSS38iPaVs
content-encoding: br
etag: "426b44df52f6905715d74c79de3bcaa7"
age: 24415
x-cache: HIT
content-length: 129696
x-amz-id-2: ruJLUNIQIapE2QhU3w6O1qqRtlLS+PC0be9hBaKNX9ISCyGU4iBLJY5sbABgj60FgEx49uY3rfY=
x-served-by: cache-hhn4075-HHN
last-modified: Thu, 13 Jan 2022 09:51:28 GMT
server: AmazonS3-br
x-timer: S1642264713.114619,VS0,VE0
date: Sat, 15 Jan 2022 16:38:33 GMT
vary: Accept-Encoding
x-amz-request-id: Y4E8EEZR1PQADQV4
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 14127

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 27ms
10ms Script
application/javascript 13.35.253.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-75.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 04:58:13 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 47395
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: h0Rd195eOg3qoG44PkXOFHJU3kkUPZSOZC_qfmg4Xfmtin8vJcr4eg==

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1642264713130&ns_c=UTF-8&cv=3.5&c8=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%...
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264713130&ns_c=UTF-8&cv=3.5&c8=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9...

0
223 B

10ms
10ms

Image
text/plain

13.35.253.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264713130&ns_c=UTF-8&cv=3.5&c8=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.store%20xf0x9fxa4xa9%20Uses%2C%20Dosage%20xe2xa1xb9xe2xa1xbfxe2x9dx84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 13.35.253.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-75.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: E8cFh953jvp2W_Zd4nbQTaY3rf4KsDZ8xWYZDCqt_SE8OnrL3N4dzw==
x-cache: Miss from cloudfront

Redirect headers

date: Sat, 15 Jan 2022 16:38:33 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264713130&ns_c=UTF-8&cv=3.5&c8=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.store%20xf0x9fxa4xa9%20Uses%2C%20Dosage%20xe2xa1xb9xe2xa1xbfxe2x9dx84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=
content-length: 742
x-amz-cf-id: 6dP4_O-rjhwPXD12nlcgTfjS0t8ROOVylnPReiPrJEJ4YXWehzxTng==

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 25ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=226738544330346&ev=PageView&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&rl=&if=false&ts=1642264713144&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642264713143.242393325&it=1642264712889&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1365 6 KB
3 KB 25ms
9ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 59ms
34ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-381152-3&cid=921026946.1642264713&jid=2120247703&_u=YAhAAEAAAAAAAC~&z=350218149

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 281ms
42ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-381152-3&cid=921026946.1642264713&jid=2120247703&_u=YAhAAEAAAAAAAC~&z=350218149

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5A10 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 1365 110 KB
28 KB 60ms
14ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: T1v9M1ZWT3JfdhoPqWAH_gS1KW7HdDQ_O_irzMLhrIiU18cePfZNZQ==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 1365 22 KB
7 KB 41ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1365 78 KB
26 KB 21ms
21ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 890 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1365 121 KB
38 KB 42ms
19ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 5A10 110 KB
28 KB 57ms
20ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: rYzQqJYqIcGRNIqvIXDCR_lrh7GoUF1RxJ5SVayYiXG3EcJYLuqHtw==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 5A10 22 KB
7 KB 33ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 5A10 78 KB
26 KB 27ms
26ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 136 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5A10 121 KB
37 KB 42ms
27ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 24 KB
10 KB 134ms
11ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Content-Encoding: gzip
Etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Expires: Sat, 22 Jan 2022 16:38:33 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 65ms
9ms Image
image/gif 2600:9000:224a:6400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:6400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 0616b48dd6be4cda83365410ecccbda4.cloudfront.net (CloudFront)
age: 13998239
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: OJ1ykQVSPzuCmEj2-jqCuoNkn79cA2I2016gy78J27kRXFKc_UJe-Q==

GET
H2 200 asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 9523 1 KB
2 KB 24ms
24ms Document
text/html 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: 57bc4098e7246495115ca3e04cb9cb979a038d9af889d6bd670408d841777c34

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
content-type: text/html;charset=UTF-8
content-length: 1139
date: Sat, 15 Jan 2022 16:38:32 GMT
server: AC1.1

GET
H3 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D14A 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 1365 0
289 B 281ms
243ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=100152
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0r9RwoOsRFnqMH9TtO%2BykhNiHSIuksIBA6wtc1hGHSykRJT7V00AgNFQR0chMMZf7dqfcpk9ZcTVMNTul0ZQAnIDuhWKZrIjzb3MbtM9i0uqlQifQcrJO1jUfKh54R90VC1ydzRzySXuekAm0CvLlwlrw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fa79434e3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_Dk10JPs4QLsFdwgh

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 5A10 0
651 B 264ms
235ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=1083910
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEYJiRC7bXcwc%2FVSehnaQe49SmsiVf3TUyHFf2rD4R8MpAJqDi7K19pxPPXbTeKSterwNvXHNYitDqBK14YusfIritTySkb5Zxqk3075TjcW2QbMHnFfC8ZfnXY4ppu54C%2BMSpr8YkxJamQscwLGobkuAA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fa79464e3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_Dky7q3gGjZEAoJ5h

GET
BLOB 200
OK 7c3167f6-d5ec-4f04-901f-f2c51d52be76
https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/ Frame 1365 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/7c3167f6-d5ec-4f04-901f-f2c51d52be76
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
BLOB 200
OK 7451651c-9ad3-4c2b-a754-86682dc2f65c
https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/ Frame 5A10 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/7451651c-9ad3-4c2b-a754-86682dc2f65c
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1365 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssydrYXhZDil9mKbKBnMMO4vEyVaTCP0SRARHfw7XyWPZgJHCTlLiwKwMBbdsUvilqCCZSbILCd29_oTFnl5u7TZn1rxz_s6sdGHiqN7BPR8j5AvzCMC12eKMT-o9-XdMSl8jl6xkfHWFzTuENZvqBXtappWWBdn_l_P-9WYwf9s7UgQRMAP7oYXDLK8XSeqypEdYoZpAQR16kocmfkILknaSwzqie6MZ3-e27KPhIBh-qVjX4TKS35x6DPNWnRYQqhz4L1ynA4ExMxN-2oN8Z8Q4hA9CtaSY31Lp4WpBx-gEEo94kXWQ&sai=AMfl-YRC2lJxekokg_clD7Wh6smh_s8frkZV7Fd-B9sYfBHMp8y-Qz8jWIYxoahaEKcBBjmXAGKeA61LyQBZ_moa2UJsq7RvC__mmccmzksWbfo4V9RrPgdvkcrTrH7dUoJ2&sig=Cg0ArKJSzMX9YCNUWL2-EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
DATA 200
OK truncated
/ Frame 1365 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 395dba5457bcf80d4c45b77b341dd65137f5752c6cee21176c061ab9d52ddcfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5A10 0
0 48ms
48ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstprCF5MddiTpFY_BbZXVnqvIEVq97M4ykt7Y9ggSbxFCuvcjIUZrOZYD_W4uAQilU5do9QrByonW5kfWR9lz1BaqnWB2WfBYjbTb85YdpiDm8b1yJG6o4miP3JAS-ptH2e38KPvOYkqKO0GpiH12erLbyIM2puh4dqcn9AW_C_BVPb80cjRMnshK5SP9N9nWFo0MxQoZM85VKqfeG1cB_PCLzyGzyOtb6J8C3NzMw_zV4SKHN_932ru0GzseYdVWl3oagzwtXpthDOVChKazDwROmBuk5LtG3eB9s5cprm09XEbvgTgQ&sai=AMfl-YSn4ztJxRyb6c7ox-1mOqrOx7LwQ67xlUpaqSeRzqJMRWAReVunBTRQpLGJPPOisujsh_yl84ejPqE2wfWRZp6Gpv9rWtGFNoAIRntw1ilmkU9LHg96iWaxvDGkQJiR&sig=Cg0ArKJSzIH1zAC5BLUREAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
DATA 200
OK truncated
/ Frame 5A10 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6da32ba96bad1f198d89b88163c9f79b56c02b991035996d167092f6ed093a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D71B 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame D14A 110 KB
28 KB 11ms
9ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: i21uGVdCpaWuDUYLBWB3ogCBwqn0Dc41VezJn5YrR1IFzFjGNQb4kA==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D14A 22 KB
7 KB 25ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D14A 78 KB
26 KB 19ms
19ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 392 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D14A 121 KB
37 KB 44ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1365 352 KB
118 KB 7ms
7ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 311
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 5A10 352 KB
118 KB 8ms
7ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 311
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame D14A 0
297 B 222ms
222ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=524038
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYdeaHO0tY3oEC88zUkAw9g3yDoH3vqX8uZHJZ6l6zpaXgmwJz9MAMeH%2FlEUXvMArmWguv6wjgFPiX%2FMBrQV28TR%2BNQeDGVpOeYM3l%2FxPQ4g4Xvrh%2FTMJJ65tz4NnLBkvSgH5JBrML9MARTU%2FraTLOgHIw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fb1ab44e3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_DlIasSP6BaUAYdbh

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 9523
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=

42 B
945 B

34ms
34ms

Image
image/gif

54.171.15.192
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

54.171.15.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-15-192.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v026-03e8f7cdc.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ID5x4+KmSMo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v026-0a1171374.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 7VeKH5T+Rbc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 9523
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2499&partner_device_id=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858

95 B
426 B

20ms
16ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2499&partner_device_id=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858

Requested by

Protocol

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2499&partner_device_id=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858
date: Sat, 15 Jan 2022 16:38:33 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 204 /
loadm.exelator.com/load/ Frame 9523 0
324 B 97ms
30ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 200 um
sync.teads.tv/ Frame 9523 23 B
172 B 88ms
34ms Image
image/gif 104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=73&uid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858&gdpr=0&gdpr_consent=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:38:33 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2

200

tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858
bcp.crwdcntrl.net/map/ct=y/c=1389/tp=STSC/ Frame 9523
Redirect Chain

https://bcp.crwdcntrl.net/map/c=1389/tp=STSC/tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858
https://bcp.crwdcntrl.net/map/ct=y/c=1389/tp=STSC/tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858

49 B
734 B

44ms
44ms

Image
image/gif

34.249.68.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=1389/tp=STSC/tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 34.249.68.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.5.54
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=1389/tp=STSC/tpid=3e34e960-9393-4580-903f-8e1e067a2174-61e2f888-5858
cache-control: no-cache
x-server: 10.45.2.226
content-length: 0
expires: 0

GET
H3 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D5D4 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK 417cc98e-65b4-458b-a1c2-58a3efd96d4d
https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/ Frame D14A 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/417cc98e-65b4-458b-a1c2-58a3efd96d4d
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H2

200

rules-p-b9OfuctfLWqtE.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js

3 B
437 B

41ms
18ms

Script
application/javascript

2600:9000:2315:4600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 2600:9000:2315:4600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 04:53:05 GMT
via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
age: 42329
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:50:23 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-amz-cf-id: spUeZO1lE8OrMd4d4_YQAC5Pekp7r4QIPy6EHp-UltiU2xzfSyi7OQ==

Redirect headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: DUS51-P2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: xx-db30qydMglwKB5S_7tMWYGmNm7i6bV78Vh11B8K_1b2mx4wRC1w==

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame D71B 110 KB
28 KB 10ms
9ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: xe80pWor7EMtSxVXq5Tn_K6pau2ZLhWJeWk_xvP2iHDcv9KRLNUoNA==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D71B 22 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D71B 121 KB
37 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D14A 0
0 46ms
46ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudSz3YCaAiCrPnjCBvmUFDfgxjYGmqVkMJtODSIdZdtHBSH3qH-MnhBGyixLhy8ED6Cxr-M_30kTWhNq5g59O_REe1leWbmi1cL0HBoCd0g3GJs8KiVh1lExvMZ4NTpUhb1yjJ4x1Su4O4iyHymtdKe3GReHF1GzPB5KY-Q84chCPxtGt0KQCZIZxgEYgze02DIGSl7EQ2S7GJAWMrs1RfoF7-r5s-ozjjxqCIutdfzNINs7160wzxyhYuE97JPyF2iJOS3PvhZVekEfbJ4K-8VNI9MxlW1F7hbyWYz0Q4H7KZ_EC5rw&sai=AMfl-YRGVRcGSt0zVypIJVNddjR3pqhDvITOKs4lNszp2F1G1oFbKIhH_SJNTBLrKf__p2eprSLf6BiLPxKN7NraVZ8uNjeJWGb4KCs5EbCH7DNxhMieJ5NtXrRZxf-uwWbx&sig=Cg0ArKJSzBydJ_ZLdzZlEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame D14A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3f7543f5920fa1dfa5bee0b790fa30d0d26e5f58cd20f7373133415dce6b040

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1365 107 B
165 B 23ms
22ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1365 107 B
122 B 34ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1365 18 KB
8 KB 246ms
246ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3562438071198364&correlator=119239192004738&output=ldjh&impl=fif&eid=31063821%2C44752540%2C31060890%2C44756432&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7336.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264713485&dlt=1642264713194&idt=281&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=1124330804&ucis=ib57gfn912hn&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1159680156.1642264713&ga_sid=1642264713&ga_hid=1496042039&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

944f511fa489e866b08f83cb5bb98f12687c99f142572837087f78107822a8a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8449
x-xss-protection: 0
google-lineitem-id: 4481581642
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216220617
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 319E 6 KB
3 KB 51ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8470 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 5A10 107 B
122 B 35ms
17ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5A10 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5A10 18 KB
8 KB 249ms
249ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2904772729162426&correlator=2932038790666813&output=ldjh&impl=fif&eid=31064029%2C44757100%2C44752586&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7335.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&didk=607409652&cdm=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264713536&dlt=1642264713220&idt=303&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=1055926600&ucis=b4vzswg2czy2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=457509671.1642264714&ga_sid=1642264714&ga_hid=1494624095&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

6e2b0325ef67998661d5f64f5444948d6e33e0bd729d8723c71944f3cb5cd7c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8443
x-xss-protection: 0
google-lineitem-id: 4482203489
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216200384
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2AAC 6 KB
3 KB 48ms
16ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame D71B 0
291 B 122ms
122ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=153934
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qM44v27lMcqu1eLJiD8rVWB3KxoFDyUMdoj%2FTqzefcAjRQ7gp27Jx9DXiUKuoa7svoNExEcyFTqLnLSlK3qSBGDq6kykTM36KJav%2FQwJNdQtTt%2Bx8U8ReMPj2mzeE5XTlFs9qyGxv0jUDhy7GHqZC481lA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fbcc2e4e3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_DlLxcmzzeYEAdItR

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 157E 110 KB
28 KB 10ms
9ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: RAjH1g49nQIE5zrJSPxmKfR1egG7xnh9mE06cHqOrpcLVG_igxQwFQ==

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ Frame 157E 78 KB
27 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

768d3f2d48b39441cd87c549817b315597435466327a59aa2481230f859c18a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1102 / 300 of 1000 / last-modified: 1642206234"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 26971
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 157E 121 KB
37 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
BLOB 200
OK 1dc92f24-64b3-4480-b4fb-88d9dc42324b
https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/ Frame D71B 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/1dc92f24-64b3-4480-b4fb-88d9dc42324b
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame D5D4 110 KB
28 KB 26ms
26ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: o4Gvp-NiHXUynFAgM15tznlxn0g1B0XVLnVKYi9-X4KiO1gME6zPsw==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D5D4 22 KB
7 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D5D4 78 KB
26 KB 29ms
29ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 186 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D5D4 121 KB
37 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D14A 352 KB
118 KB 10ms
9ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 311
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D71B 0
0 48ms
48ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvom-b-qU8ANQKzh4xstHPR_uPJgMWL--xL6r2BrnMRxSTukNN2gV2efu1UYJr7f4pqVFxb2wge1OofoI0-pR3qde0jmMSCHjSRQBzoxNDY1iorMQ6G8508oDWrI_-GCXJ6ISBprEp3NdRoauZoXBnN7PLoWIrxGYv1lkTJM_phOkBLhvTffydCjMnyzEdo-TUbWxn3K_CPwCDtFaWGMq3fugd0doM7d7yBEu9KrAW7PsCOKrRRhz36sWrfcKgF3GWoLKIQP_JmTYHb97W2ro2FsyAcKdy7pw9Ws-LeGEoKJQiqP2VxAQ&sai=AMfl-YTU5G57utk7YNDBhPUiztb1cfvwNDFaQiMbe87TRK3Z6mcw2nQG0_gB9fq_KjlyovVssI4znBcRE8k_oWk5fUysX2jXZ3YGpAo7hlSHYtnjdOFHwOb6rcIL2AF3ZbDF&sig=Cg0ArKJSzJVpBBMG6EiREAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 app.js Show response
servedbyadbutler.com/ Frame D71B 55 KB
11 KB 63ms
10ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedbyadbutler.com/app.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Grunwald, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: cd3699476d188453684876ad11b8813508e578f49a02f4639fed3b3ce8a74a58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 18:28:59 GMT
server: nginx
etag: W/"61afa7eb-da59"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
expires: Sat, 15 Jan 2022 17:08:33 GMT

GET
DATA 200
OK truncated
/ Frame D71B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 270a415eeca200186413a409116f9516e4eeac282606b1ac0f09151c3c5d8381

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bth...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHy...
https://pixel.quantserve.com/pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BH...

35 B
373 B

153ms
17ms

Image
image/gif

2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1748328209-1642264713626;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264713626;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus

Requested by

Protocol

Server

2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=1749989346;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1748328209-1642264713626;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264713626;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus
Date: Sat, 15 Jan 2022 16:38:33 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sun, 16 Jan 2022 16:38:33 GMT

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 157E 0
587 B 165ms
122ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=839992
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gmyAAvTz7jlq1ofS1XIUgcPzlw1PIO7QLEVrjIjqXDYT8vBJ%2BtSy2IiWxEw78dddWbTLgfLYoyqVG6G5XNE2Znyf9pZJEsKgGFIQo5cOuIDET7roMWdqbi%2FLchp3du0JwvZimG%2BmzpeAP25eGMUXUopzxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fc9e747519-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: Fsp_DlpU8K5FaxEAhpNx

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 157E 0
0 51ms
51ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvXqeUKLjMzeoObb0oafqpigaXjbHDkm_vJWk9ne4HybhXdv1-pvtVOMnTLz731MNJNpyyYa58PmzbkJ9x7KZX4v_kHTW0NIF05PkqoOSNosA48FpJ-WfqQtrQ-otlVb4uAfpqyimKiLHdbot4H3JMXXCu8sfJbFH_MX_G1c4tCdx6t-UoEO6Vp0WXt-M-mMoLFEMl5L1FsUzSXziHbDjLLFdhld_92SkFEDkpXBumXAcqM1SYrTlngF7xum4R9pExyL45XZ85FMaI5NNwSoyndfPQSz48ye8f8_dkyRGYObSmCTkPxbdnE_p8&sai=AMfl-YTvdsphht5Ujp1ltB9xD91zu1pj9-w8pjpUGAXGfJNk9xUgvbcFQc6RB1hlLMwCqzkJLitA5FB8LKKqTT_07dRqQoGxMXo3fMwA4yeI8LM0TWTvVD58l7aaK4AjpcLI&sig=Cg0ArKJSzG5eIfPG56zREAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 8470 110 KB
28 KB 12ms
12ms Script
application/javascript 2600:9000:223e:6800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:6800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 4760
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 803246727539350977d724c9e4a027c6.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: IxwqXKgdWhMdf8npbzZm4iCCHFfT3HbalQXhN4FC4efqQHkWpKOvsw==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 8470 22 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8470 78 KB
26 KB 18ms
18ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 809 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8470 121 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
BLOB 200
OK 4b8d8cf8-36d2-4269-b9b5-3d9ba3300455
http://www2.kusports.com/ Frame 157E 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://www2.kusports.com/4b8d8cf8-36d2-4269-b9b5-3d9ba3300455
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 18ms
9ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=226738544330346&ev=Microdata&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&rl=&if=false&ts=1642264713657&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5C%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.store%20xf0x9fxa4xa9%20Uses%2C%20Dosage%20xe2xa1xb9xe2xa1xbfxe2x9dx84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%5C%22%20%7C%20Search%20%7C%20KUsports.com%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22http%3A%2F%2Fworldonline.media.clients.ellingtoncms.com%2Fstatic%2Fkusports.com%2Fimages%2Fkusports-1200.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1642264713143.242393325&it=1642264712889&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame D5D4 0
550 B 119ms
119ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=882820
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOgAshCP%2FNmsSwJI2J4LmYXSfzuoxHss2oJjIfzw1STpH9g7VTlrUqcCEm9VVDU4sdLrbxZ2GaNJgQzzmStu76Kvn1CyJZdUS7meLhGeWoxmAgGXRhQQpuFIYSjf1%2FjbFndCyX5182oNKWe1PU9VChbpQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fd68247519-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: Fsp_DmHQWcijFfwAdZjx

GET
H3 200 pubads_impl_2022011303.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 157E 353 KB
119 KB 10ms
9ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

920e87e5d58a8efda5e38f7c1f1fb86693a6fe60a41b74a509f6a27e86d8e2c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 18:56:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78149
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121424
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 21:21:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 14 Jan 2023 18:56:04 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame D14A 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame D14A 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D14A 18 KB
8 KB 314ms
314ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=506487752664645&correlator=4105520890772796&output=ldjh&impl=fif&eid=31063822&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7337.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264713808&dlt=1642264713319&idt=364&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=2302396440&ucis=1xeqpep8am2r&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=58743949.1642264714&ga_sid=1642264714&ga_hid=218556929&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

0b40cf83571688b6b0472a50c2882e9465b1d12fbe9da8de2bf1eaca5ccf4ba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8438
x-xss-protection: 0
google-lineitem-id: 4482205340
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216220965
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4667 6 KB
3 KB 185ms
132ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK 4e80d967-7065-4e4e-abf0-9e65a0b55be9
https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/ Frame D5D4 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/4e80d967-7065-4e4e-abf0-9e65a0b55be9
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1365 0
0 78ms
61ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6Dc97kFtNUw8kBZG6jgI8qBXvYwQ9WHNsmf9Y4S9fQ3JI8UR-ow9Ptlb7fkbOha5OM4b6Mlzgr9uyUZxN7XTVOi6GNXfMyfLmpGStp6Qm9xHlZhbLPaNeBkyKKQBIlHnWY2obXkz-X-8Qvuikm-YKoAZgBVFNk5RVKB5mblNq3HfvI1JmQ6gr4x2pmD1OcEwstE5KDL9vTNZW0lD5lCxXMmibBvtsKJdVFYVYNiM_xZ4U-9DqAhbP8qXk3N8o9oym3tnSmDaytu8vQ5Wx0pqRJPtnw61QsrL3h_llyhAHCFadU8HrVCZu&sai=AMfl-YRQDNLKreudF-hzs-0tAyKNeBmCCeIp7xuC_-BfFJjlQhsJ_nlNFL7ZpZC-HwjBmY1np7f29pooDEk93CvD_bHAri8hxWH2Jv_obp3aC3CWByTEDCS42NpBm-jcBTOa&sig=Cg0ArKJSzBChtMPgD3yTEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1365 11 KB
9 KB 48ms
23ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a25e7e9bd63b8c5010f34dbacafba5239d4c7c472068b8f0d31145e57263cb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8694
x-xss-protection: 0

POST
H2 200 v2qdqTO8ITZqTsmoBgZGaGphQOedHl74s9oBc7qyEST_9lGoiMlvhQy7cFK9NO24E69_ZTlth Show response
butterbulb.com/ 209 B
626 B 84ms
17ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2qdqTO8ITZqTsmoBgZGaGphQOedHl74s9oBc7qyEST_9lGoiMlvhQy7cFK9NO24E69_ZTlth

Requested by

Host: quizzicalzephyr.com
URL: https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

3ef9eb512c0c23203065668fb9d963a082d972d2798b9e0e660c523c23e778da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 15 Jan 2022 16:38:33 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-n4tq
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Sat, 15 Jan 2022 16:38:32 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EEF2 0
0 44ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEz3x4m_SUeXWTfuGepJejdI5JwoXgCss_15IqT5OfCh2LYgEz-Yb1LMWIMqfQ-5OtpkeK7fFod01X98rppr_yDIj1JcEtIaJuXUVNydZL4Pyg8uS0B85TjOMIcaFMbUWpYlE0saiMoZlL4SP24Cy1ZUNwylhPHViuuavorL0lpqeZ1VMQVbyM_uX0uvND05qDSZHxTu67U37lbegQJUoqa6CdPDqPvz2j7CDdruCyWCFUaQFQWWPTviR7VYpCOmZpNkOKZHC92cxUkwaOUcSBpatenBHJ2eOo6Hu55VJmVMWIYOvSOChn7pUYFYvhcTg0yAaEmq4V250mv3V0ACZzEyNPWZkC6Q&sig=Cg0ArKJSzGkwzTjjqWUkEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jstag Show response
us-ads.openx.net/w/1.0/ Frame EEF2 49 KB
18 KB 81ms
21ms Script
text/javascript 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/jstag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4f7260fa496298892887fbc8880a57550d221851edb5fec73fa80d8b726f2bbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: max-age=3600
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18035
expires: Sat, 15 Jan 2022 17:38:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EEF2 121 KB
37 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ADFB 0
0 56ms
54ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurLZUUovYnKM2M4CSqNMZr7PjqR0CIoTOOViJf98JDzMmfaVnmo-I89K4FtWqAoRPUvJOnKRZRxSHQoTsIbbnM26S-sHngBLju4p7ErvVA9SeuSEgYahFJjJbWljcRfwh2KLtTZ6eww399OXMd2YCDID-T6-gvdhX9idDHzBMRVZaX4Lmz64D_NlVxZ16SmQ9aPAIL-V-_3nLTrcB54O5JmaerPrnIBhPe1qoHNRQBOD-C2MHPUZWcxme8lfUBH7v67fNxz9fBiVKisaHsiau7bb5URVuQXUlHHFB5JDjLngT_-u5sxyxBIkrLdgsv_bSjQQm_dtvOBYNNLDNQxEFNz8XUHjhGJA&sig=Cg0ArKJSzGa9rWeEXVYqEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET pq
media.adfrontiers.com/ Frame ADFB 0
0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ADFB 121 KB
37 KB 35ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D5D4 0
0 44ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsus8IbFg5vWDE41BDtKyHBLGjo6n_I9cq2N37BMMJY3fY2wyPwC-TJLzP5JsyjJjVQO7z0jgDO_ScCnw1XDBOir-Ix1wK-X4rPC2wB_1JqgVcN68kdabzm19XcL6FBi7GIpPXJxVm4pYxt7RjIi8u3t5vfZtdvNM_we1tL_31uCWOK-rKQ5x18-F-RIMhdKaD4NXB9WvHnycV8PVl270K0OrkWaZDjt8RE2hjY9Co8n2B9XXlEtCo_zOOAqukLgaMIQdlaVEy8m0SBjfO-vGXIebjt9CcgJ__E7ETvo5f5dTiDH&sai=AMfl-YR0-v1Q4M2bk9QXL7aNo9LbBsilzlF4tiA5jUW8OaDGioXYZd3sEh8CBjO4oODCOvxiTbrDe_6J3EnDf1Azed4vtohpW5vBzRNoZI_5dg9oWSvKieGe88i_g8o_EigQ&sig=Cg0ArKJSzNANxtbkkz7wEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame D5D4 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed713f264d7323b8d2aab5e7086902d87dcbcf3f4f7185da6bf5ad40ad80a93d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 8470 0
556 B 138ms
138ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=359226
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XzKq%2BK7R7H3CDV%2BfDBsGKHNbC5IGJ3d6vuN2re%2BmxG0fOpK7R%2FPitbeliCdSO4f22xs898Ooq%2Byy2RZFS5Y85hxqcNk%2BJiNkxvffxwcxBHzydNiou4JQY6CWVO7fZfNfAHACe6mUN13SS1DuBtCn4gOycQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce088fe49ed7519-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: Fsp_Dmn9ZHUhE6wBKkeC

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ Frame 157E 107 B
122 B 36ms
17ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 157E 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 157E 97 KB
35 KB 298ms
298ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1077986576278256&correlator=3372820265143302&output=ldjh&impl=fif&eid=31064128&vrg=2022011303&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=8095840%2C.2_7334.7_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&eri=2&cookie=ID%3Db37c601c8de5d276-22c8bfae20cd0089%3AT%3D1642264713%3AS%3DALNI_MbOqy78IPj8zNhsq5DQSk3KfdFN7w&cdm=www2.kusports.com&bc=23&abxe=1&lmt=1642264713&dt=1642264713919&dlt=1642264713567&idt=329&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=600&oid=2&adxs=990&adys=205&adks=371969004&ucis=6603i89rrl79&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&top=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=921026946.1642264713&ga_sid=1642264714&ga_hid=804609954&ga_fc=true&fws=256&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4e96a7bf0a4c51ebc38843c741f5cbf4f4fe71ef08268420f185b3223b0afc72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36142
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 06DA 6 KB
3 KB 69ms
24ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 157E 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss4sNop4qgb8DlSeh7V3Y8aKhNnYCEqH02nnwVBjQMkACPEcUgaOjG0M5r04NQLMvE-k4IQTMviRK7mrdb7nhc-s20IgmQrRqNSZ72FpsekDURaiZCizMRBZVWrbUBS9rl1ku8csslJZhsy4MJ_5Rbnvbq6ETUP809pwf7jHlGvXcjCxkjSeRQ3dntfOrouSlAyn-GspkYsV61tnoAy_XJOnF_9i4-tY65XkIzybz4qNiSTd4sArP1X9rszehhGbqgJTGjMekNQX9DujJUX_iXrPTOO6aO3KC0bmjQM3cw09zdKA_HRvERnnGy4ow&sai=AMfl-YTGMSE5GJ7qPDQXUtxwDuPdHNut4dU5XKQFrdgPtQoj81Btn5KfiqY6dFrFBmp5UNGBX-iPhmG3yxGSMseXxeI3ysSfxeL0QC4-tEij41T2IUkpeJ-G6v7g9lJT6z7U&sig=Cg0ArKJSzMIkVpjb1MfIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
DATA 200
OK truncated
/ Frame 157E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae29a158008df7918b0319c1996538eb4ccdca320ce3a5da8056e8511a47dbcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1365 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:33 GMT

GET
BLOB 200
OK 9e8e3eba-fbb7-4d3d-a07b-e33e79f2a19e
https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/ Frame 8470 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/9e8e3eba-fbb7-4d3d-a07b-e33e79f2a19e
Requested by: Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H2 200 ;ID=171437;size=300x250;setID=319770;type=async;domid=placement_319770_0;place=0;pid=9535470;sw=1600;sh=1200;spr=1;rnd=9535470;referrer=http%3A%2F%2Fwww2.kusports.com%2F;click=CLICK_MACRO_PLACEHOLDER Show response
servedbyadbutler.com/adserve/ Frame D71B 145 B
400 B 20ms
19ms Script
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedbyadbutler.com/adserve/;ID=171437;size=300x250;setID=319770;type=async;domid=placement_319770_0;place=0;pid=9535470;sw=1600;sh=1200;spr=1;rnd=9535470;referrer=http%3A%2F%2Fwww2.kusports.com%2F;click=CLICK_MACRO_PLACEHOLDER
Requested by: Host: servedbyadbutler.com
URL: https://servedbyadbutler.com/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Grunwald, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: d1aec0f91475a9d3eefd64516c068aff487a6790a76ff4b8ac14a52e7a367ceb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
content-type: text/html;charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8470 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuL-iBoWt4Eqpz2Eu6RLR29xLFzcDVWy3DPJAMuL5bMzKm4mB9zSWsulWaZLk7_dF3cRoEPFwW-SZnPG1YZr3BqP-7wW4nRRtyVloMSHmeCj6R4swKGMfvS1N2SxHEPr_6a7w_zWlFsqLKpc9WaV4C2S1gvI09hg_pcfSz2z3cskw8dtOnLKsU467ksya0s3ZlM2W5mwJBk0Ddq6jsO-BoXYT7nY1KZE8FShxcZMBBk5_XWOTV-uIdGq-OLQ10sv-KIULs5t4ZfpPMJsZ2RcU35jbvRL971P3P2zFqZW7_DsmIi&sai=AMfl-YSSklJdY6f2sveXdLdW2CsW0cCOgmEn-znM7eDfispEaKtBuaT4ZbftRzmJGXRWQqgMnJQkeZLHFz3kc2OtiSNrh1SgsprVluopShY3djQjNB9J8kr7MeKlbFp4D6lD&sig=Cg0ArKJSzMf-rrJPJOwqEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
URL: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 8470 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75ec39394b1be1bddf34e1a92d4003868a96e7f734008ead985d2db20563b722

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame ADFB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f432ee221d58ae484a657edf14cc91f16384d3c2fd15cdc5c923a27e964f228

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ADFB 0
0 44ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuNdyS_gNWj8BgJ_M29Mr49f0ymO3OtC4cZyhoAhdP0j8AHE0QDutvBtglDZSflnJhoCx_ROjTI6ZpCw9RadTJbGmHOMAZAc8-7LUB47K-34cPTNuEHN0GOOS_cTKyGwS1TAh9snWoS_AT2caB0cClSx5eawIgumR6BC-SHx67dNxf6XceX6B8YX-TejakHvg7yy9gXlLkkIbsU-NIAoVPl6dDFclHUM0mvVWr6VL4B3csUWIqX7WCEm-uLTUYpOiLOs-TBQxAcUyg62yOWXWqY1fOjsMRASF_zKxbvQqe6mDiyFOfHxT2FBCBay5y7Ccg3oZRjdeqETC5YPXM4wA9hwTZYrfn4gTCK&sig=Cg0ArKJSzBUz0NEzfvxdEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5A10 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssAXMxO6znS-KwD5dgPqvfMLKzOctit2xxNaVBJWWZW1OZqkuX0b7LLdj2C2ZhNztRfB518W3yzULZkMpdkYDd0udCcS893Kc06vhoFRzeHezQOASCsKPA1t08ZwJSurn09guPOlV0tekUGdjdpqHsTU9JAonujUpXZcdC6q_AyYCkI88UTLIgXSG1mFKherfaBt4v1wap88EcuXTcBliKLwJeYjx_VIG4arro_5Guri-cuTYntEbV26iCqu_mstl9SeLfknAmOAkJX-U668b62gc4Zkphs2jrVlQcqLnLqHWRaAIefvlLh&sai=AMfl-YSvtviT8N01Q9klozH3dqtqyJCQaOZTSD3nYkvPgRgwNiSo1kVsBOze38D9CeITDvuEua34Sv8kqlPHDwPj3A9JVFQKKTtiyVXrcZW4hh9iQPb38H2p_X2geJNQm7So&sig=Cg0ArKJSzN7p5U5IjZdeEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5A10 11 KB
8 KB 40ms
24ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a78176cd900882ba8ed23d3bf267c54851e64716fe62e793861caa87add3e649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8662
x-xss-protection: 0

GET
H3 200 acj Show response
us-ads.openx.net/w/1.0/ Frame EEF2 283 B
261 B 32ms
22ms Script
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/acj?ai=ad9bbd50-eaf2-4400-96fc-1c8d6542b9b9&o=1846169061&callback=OX_1846169061&ju=https%3A//www2.kusports.com/&jr=http%3A//www2.kusports.com/&auid=537971110&dims=&adxy=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=0&ws=300x250&ifr=1&mt=1
Requested by: Host: us-ads.openx.net
URL: https://us-ads.openx.net/w/1.0/jstag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 7e4ae6f9a8d55fc34570249a89624fd22e19aed34c3b0fe461743e10e0649ff9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 241
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D5D4 352 KB
118 KB 7ms
7ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 312
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

POST
H2 200 v2uhjJ4PYmeWwJ-XyaGVlkn8_LmAh0c0vAZsxsKzqlVHoSBI2vqweZVneDNYKT0Tsnpydo-wF Show response
butterbulb.com/ 3 B
59 B 210ms
210ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2uhjJ4PYmeWwJ-XyaGVlkn8_LmAh0c0vAZsxsKzqlVHoSBI2vqweZVneDNYKT0Tsnpydo-wF

Requested by

Host: quizzicalzephyr.com
URL: https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 15 Jan 2022 16:38:34 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www2.kusports.com
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-n4tq
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

GET
DATA 200
OK truncated
/ Frame EEF2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35b7a88273fe7b0057d9eb92aa0452b03787c6d2f86ec6063d7e2ff47a703ae4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8470 352 KB
118 KB 11ms
11ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 312
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5A10 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3A70 13 KB
5 KB 11ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 363E 783 B
537 B 35ms
17ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b7ddb8bf7fa9fc6f7369beacac443573b0b175d43002d4cfe2421231f0e602c4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3FvLDWX9AKuy6iq5tBPGlg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:34 GMT
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-3FvLDWX9AKuy6iq5tBPGlg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D71B 0
0 45ms
44ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssT6UQiBj0yN2EtHKDQlkL3pyR6omBtbWeBg_6bgfMOhrks-LbcsLL43gkrXpVdmq-5T1H3FwtwcIo-mMIBIDDOWPjQFP8OazI49VOxKLSiB9PLBEGHGOSOzgaebTnSjMQwLrHorK6mep-xl0wKRX-yM-yzpU-qSzCcb99HUCGRZ1bPzK4eZ0raUnvbILrvZaYjiNYGuSMa7qIeWvpFT76wwWt5m4hTKRly9TSZdXdXnEE1XA4Q5cBE24giH5c6UMOMl1xAT8eWWPXOhbXVeKAOmR7EeUg9AU2cXMovv2tzfHvQ6dKOJ9J1&sai=AMfl-YQJybWTrF2YA7UMXv4d6qnVULuDn0L7RxNrmW0JZe2lF4x0u16OrCQJwimz5T0IIaVf-ubsDdJdB3I34PeGJVcCof9g6KFYkBU2pr_y7ITh0DLbDcLV0PQ1XWOn7QL2&sig=Cg0ArKJSzCOyfI1F2lD4EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame D5D4 107 B
122 B 68ms
67ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame D5D4 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D5D4 19 KB
10 KB 309ms
308ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2652922557055784&correlator=1157074770796134&output=ldjh&impl=fif&eid=31063821&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7332.3_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cdm=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264714114&dlt=1642264713454&idt=652&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&adks=3055526604&ucis=4i8ej7rfl82x&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=728x0&ga_vid=1536332128.1642264714&ga_sid=1642264714&ga_hid=1587904103&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ea34350c35f040000c1a15858d8ea1a1bbd71c439f4b4a59cf4235b6d709544d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10069
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0DD6 6 KB
3 KB 61ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:34 GMT
expires: Sun, 15 Jan 2023 16:38:34 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EEF2 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQVIQ1rSF0NUg3TrPUgiIV4CjlrhIlxhECAGrLO1IztCe-PIPrOtMEiwMuJJ4wu0UzX601-7iT456DcJ8NBFvl2FLbxT6cNqAAFxtOHry-x7noMBzk6qxyPrhth-QqVZHY5v5prMUy-gEBgwVUY6IoGphP-2SdeRbHJIxEnqkp8jPjMMO-upXv7jm9YQ-TLoVImSQSKbiFEtA6XALWV91jI0YvYCVjbRIk6q6OxFnwB750iFrVhjViRqiwPbvNLVLtxkYS6EI_XNPFBtSYhGbR__qZk4q4-wr6q7eYV9__zbgeX4KbYZFXa8QG65nd98IqRRXr3uQ2Q5X6cPSxbz_LGO4EF78avVZv&sig=Cg0ArKJSzJjPn5J29jYJEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 157E 11 KB
9 KB 22ms
22ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011303&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96c10b12a6bcac488c359bd1cbefb7f39d342567b4934a67a00e7d18e7c58676

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8795
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D14A 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstDP9lbqUmUud83Bvt5ETqZrh_hLJffPQTgHOo5zsm6x3S85j1V3XFz7omgRGwVz3HutLB3SaVmpiWszG6li8Usk2Z3XAMPwA5kEqHiU8BA7S6LSmcM2bp5oiQxrqyGhiLKFu_rkoFEGKrVQv9HtJtEb_82SvrEgT_u-RBErCyIhbOdNiIDl35uM5WDSzbVJALVBa1bvMDAo-ON6K2u91C8PPzf2Y-mLRu2HvBmRA_yxpgPR8SWH2lzl8yS0ATnAhFbjtC3OzOLYMeiUJNXl2DzBG_B2_LgTMn0w2ZDUpfoWh7ZU8OLqNdk&sai=AMfl-YQ2FPh5L1Ss_C1EpsWeIGMBNLXvcq2udz7QwDbk7fBo5CzuZsSKfi0w7OHGpQv3_drD0EKIrcNrzQVNgOkuFZKYzgkPxZGBLG8Y7WNNVjIPckzzc1k7nHSbzTPxBzFm&sig=Cg0ArKJSzLEaECBYK_PdEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D14A 11 KB
9 KB 29ms
28ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f948542cbf403190419dcda166e91b7bc31060453cd75d25b40be61acb15600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8733
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BFD5 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1BCE 783 B
533 B 18ms
18ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

09b9ed3f186c259f19c67e8b8a472f7cfacca3c7786be1b19f3993ec73084561

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-09vPBElpdGHCyabP2rYDdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:34 GMT
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-09vPBElpdGHCyabP2rYDdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4460 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudOY5uhWa26BqGtHqiPf7blFAmxa9xDVCCocFxn5JUwUK4VBWnHLb-WMkipyl0yTbrM1lOctnXSdy3CM_fcr7v4FCAR31_HgnzhDW6dhU2gXjFEsDj4wpotjyq8SPmUzlysYDa9bGhZvy3WOGO9rqIatGEMmZX6SbdgonvB0p4QexupTHH-P56xEo5iYQIzu5FibWsXopq93D62Y-WDhBDbcbK6xoNDpa6tY6AxGH_MGnYSWw7QdmMGhkn_OFMXhuTyYD3pGndmidi4bbCUEb7fwOvBOrzcJcr_IHlx6oAsWR_rZLlbcAjRILXSY34gWAwc1Cd9gfjp6SqV-8lsOu3POB8dVy3cg&sig=Cg0ArKJSzMx0Gv91NnP6EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 jstag Show response
us-ads.openx.net/w/1.0/ Frame 4460 49 KB
18 KB 22ms
22ms Script
text/javascript 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/jstag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 288f482d268fcc58cace4cc9839e03365e42be2e5c1b9d33c22da08218e4805a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: max-age=3600
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18034
expires: Sat, 15 Jan 2022 17:38:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4460 121 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8470 107 B
122 B 26ms
26ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8470 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8470 19 KB
10 KB 286ms
286ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3789292906944693&correlator=4451281520873051&output=ldjh&impl=fif&eid=31061815&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7333.3_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cdm=3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264714166&dlt=1642264713572&idt=585&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&adks=3357008152&ucis=eip8r8np8r14&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=728x0&ga_vid=409522112.1642264714&ga_sid=1642264714&ga_hid=6338355&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

60933049f0cb956ee6582339ae827ae62a1cea00761eaa3ae0accd20b52d02e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10110
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5B5E 6 KB
3 KB 59ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:38:34 GMT
expires: Sun, 15 Jan 2023 16:38:34 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 157E 17 KB
6 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D14A 17 KB
6 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 acj Show response
us-ads.openx.net/w/1.0/ Frame 4460 301 B
270 B 20ms
20ms Script
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/acj?ai=eeda68bf-1443-4196-b7dc-efaa7ac38c48&o=1271914005&callback=OX_1271914005&ju=https%3A//www2.kusports.com/&jr=http%3A//www2.kusports.com/&auid=537971111&dims=&adxy=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=0&ws=300x250&ifr=1&mt=1&nl=36&ul=85
Requested by: Host: us-ads.openx.net
URL: https://us-ads.openx.net/w/1.0/jstag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 6a51f447b50472226b369dcfa96bdc8afd0f2a1696b9636f4cfe51276b36b1e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 363E 0
0 62ms
45ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3562438071198364&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1BCE 0
0 60ms
45ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2904772729162426&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 4460 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5dbcc1f81f5a98a4403ae9afd1d2a1773f4afe1f0b8cefa89eca201f40483c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D5D4 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJFsEoiwhb4N5ngpA33QiGtg1cROurPaz0txkiDYSc0CMy7pquysFsYRiwEPgpQR5ZCDuEjRim5IpJvyvbqb5bPJIuFlgIfpsKlY_iUFBJUtmAqKFL20ODXZ2mCkByxXWM03dQClnzBTlc_3N-oHTjP4LCFoXgjDJjzv23tSNqWD364wvVAy_QwKzJLgPAUk8ZLK6gRnBxg-_wEAmwo-_TfR8bRWPKLjEoNrcCvU_JrAhlhT4sAIxj6S0PJid7v6KFmQL9eLIQ8EOTcAGrXRpD8a6bUVFdhw4iSVBbsG3q4izIP48&sai=AMfl-YRJndkBYe_xyiiK5jck1hsU5DXbMDi6sTP7BHbyKPnbl5_WBJVA9sa8grsV1miJhjv2txhHkfo42a3kIMjNPDsc-sOXKPLFqsu9hi9tZd1D9gVZxTUgoBe4mk10sZSU&sig=Cg0ArKJSzIwyclZze4PKEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D5D4 11 KB
9 KB 23ms
23ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09bf6330ca7f445eba2f2dd8e580f47b1be62938b9616579eaa1743ed2ab79d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8682
x-xss-protection: 0

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 3A70 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 200 container.html Show response
1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C631 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011303.js?31064128

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:33 GMT
expires: Sun, 15 Jan 2023 16:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame BFD5 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D5D4 17 KB
6 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 01EA 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4B04 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a7f2eca1f5be8472ebc264bf863197108c238e54aef2546d3b72aebe3a74d835

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7yLo9H5KBpdsi8lZWwsOvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:34 GMT
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7yLo9H5KBpdsi8lZWwsOvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EFB8 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E035 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0cf691a0b5100ffd49ff7c64ae9f3fc38b004a4df1d220cf67e5b6550eb6ea8b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lTc4/bETk35wh219HxkuJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:34 GMT
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-lTc4/bETk35wh219HxkuJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4460 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQ4AXsGiHizJEz8G8Rh2uOOBbJAZD5IUbi1AQKvIxfMPy4mn2d4HA4lSZUKHOtuMRyDiNJjPZfW4lcVM9JU2te2Q35q0f6gLz0Bhm6xmyLbYp_tbOplKPvWKUj7U4w30kTeQjN6c2Pu3POeDJSRGjeltj44CxoJolqV5EWbiUDLVCsojH9EL_pNBC06tkdIae_c-DEK7hWO2YBj_dhC6p-o0-a1rhTnHjFv85kRWkzrVI4RwLnGzCGZ7LymHRxke9vYzvzbWmPTnNFVXjNmminKM0Vv-DkDRYKvj8YRvnuAa65Z5E4VwTm_fQoOZPNpaY3RrUE4VjDw3AC6UhUsMoVk6lc-WebowyN&sig=Cg0ArKJSzFlPwTixFXSIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8470 0
0 44ms
44ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsusGIdp2GgRRfZNTOYpZEMS-Yrd6r9wNvhGeIglum3se6nAP8WfKzCJbpFZMvoPICndxz-8uWBBPcgl1MAKM9xqUP6w5DAzX1UUH23pGzB-u32iounQwBohq1BP_l5R7SzzxoX_ItXBsmsy0l-ZrgSZ0qsyJbbUwBoa5G9KXW4-2PoOg8QMzUYOQIntAK14a_pmAPdiqwdVrp43ADKOXTmw-F_4ys50y7z79bmUJpvFKCzOrTJZzvplKk394tldBkdP_eBccrwNkOXxolDGi61gvT5A4WYztY7ofQmeWO8dUCcuo7w&sai=AMfl-YQI1v-B8yNeOhN8-8LxcqQcDgLX0OSGI-Udu3za73eN99Xjs9k7KEhg7XDdG0sD_ACaSwawhNTkvqs66G79fO7xJR_9ZVguTUeyNuydic5N0XraE74-hrGMd51S6xOm&sig=Cg0ArKJSzOSzgUKluYrcEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8470 11 KB
9 KB 21ms
21ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3d2e3b3a0920c303a390c99806c3a825fcd674c489f5a03267764244fffb222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8711
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 27CA 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EEBA 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

143db111a0fe687d66e54ce972b57f10f01e09758bd76220e773c9579fdef6c9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OhvU6fkTgc6U4E5i5kgLlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:34 GMT
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-OhvU6fkTgc6U4E5i5kgLlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame C631 32 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b770f7ca4e0add0192ef0e6b3af06258a99453263ec73bb08d8f57bdcd2a138

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13123
x-xss-protection: 0
server: cafe
etag: 1047769457888903897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:29:33 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C631 22 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427128
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 10 Jan 2023 17:59:46 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame C631 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite_fy2019.js

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:36:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:36:38 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame C631 2 KB
1 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:35:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:35:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C631 121 KB
37 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame C631 15 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:28:53 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8470 17 KB
6 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4B04 0
0 45ms
45ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=506487752664645&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E035 0
0 79ms
79ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011303&jk=1077986576278256&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 763F 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6E55 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3078ac23a7807fec8fb5009ddd6a12235bcc17441cc599c911bcb372e50c480a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wZHcm1nSD3YAqKXdL+mTwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:34 GMT
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-wZHcm1nSD3YAqKXdL+mTwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 6399340375953754877
s0.2mdn.net/simgad/ Frame C631 83 KB
83 KB 34ms
9ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/6399340375953754877

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c313697279d286cadf8c885a827f4c2e44ee4e99a5da6184a69871affe24499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 10:58:04 GMT
x-content-type-options: nosniff
age: 366030
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84530
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 08:09:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Jan 2023 10:58:04 GMT

GET
H2 200 1002016824953198123
s0.2mdn.net/simgad/ Frame C631 7 KB
7 KB 33ms
8ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1002016824953198123

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0f45a49d27117af1323c98b6f17499f08f49e5e60db826db929e583f2e8e65f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 07:00:03 GMT
x-content-type-options: nosniff
age: 293911
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6944
x-xss-protection: 0
last-modified: Mon, 23 Mar 2020 15:00:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 12 Jan 2023 07:00:03 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C631 42 B
352 B 56ms
32ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9p4v3rV6H8ETNebDRLX8ZUrvnBrQAuI2V3ANeJ2d20zSMUYKdAF7I_iJC64a_ljq7_2dYcKwO0AUWoxcNFXjQC1XLUFStxHF6fvbNG_rmmel5BlQ-27t5CjY8JFVXBOQPhZyYqsNR-D8TtSXMDG_zKkrZmg&dbm_d=AKAmf-C5DzcAfMWz3c4zdx1pvxRr9SapZ9ZvNU7lxWjDdDhUFCQV5ew7MSWKNfa3F6o193pdOroOwYQ9UGFcebvx7u7vsrLSxkEJRGhyLudcvGOIeVKGdqAOGU0mLJVcLPP5u0QyGADNAmpbIyIarrI5yBlC4xRkZuME6dxfPLtIu20ILx_Rui7IF2OEAUmpQTWpvFuKbZ1AJezs9UvYzxfMWnEqOu_t7uBE2lXBb-DxKPufLCCaz2MuIF0HjgUpzzSLLA_vA9n4sYJrCKyZVQGA9kYaypWjs4f1tCGspS8kqFzD01wXS_o26wGQzaYrX32Nl2e2ez7k_SSbdTRhQC0VsCLkedACVrtWKGhalDSCZ7z9YpHQcONpLbRH16UCZV6m2ukvnnGPpe1GX1WtM24v_FKHK2gBUBMmX4TgGgcPFtMigJF6BOAVpxYEmOzgpsFF13wwze4o7TXsIU9Glcpb8FErJDfE01lmdpiRzdQDJeNEpc8C9AEiZpMnQLzRbrMzPTXWi819zY-hFCEi5S1CsqSh4ZoyYBR_Ce959UGquadipyY_8QQvQmT-324qh8LBWEiYrnyItNXc9TuIQtZ-lyLQTzIwqF5npriCa6tW6ZbC0GerenfWIlZnn0vjIGOt7jjSllYv-pU-Yogq0iT2PjD9Og78nKyKsEEjTMe6fWQKcBhcop3zr3hC2JKmM9wSuaKYTnsCW2EuLJDEaE6BjEmtWhgUApAbzeGA5Ss9Dj686QaWQQDtHBWIv0ZsAH6353mQ7Uu6Xna9pZTV2jZdQR4WgWyktWwCxKzoC1Iaxtgvb8Wq9alUas3Cn4Kco4K828FfVPVjh07BVBx0ViSmJweaIjkYF0izRShnPYkbjGf7zB0oew9Jix0bvhde7iM8M8ULdaJaJdxFct5ZXtoJvz4U35PKE1Z_xU7lAHI2MGH2tpJUAgQTquK-0xIWcv99kPz9zbjH01T4Zcb1QkZPKQZ8IGC3UbwwO-7Xqn-n-6Vyj5L6PMD4yIzxIAw1OcEFVSN4CZoHkA48hb6KXz3UL23lc20m7i31FHmkelgVc5tKcLmK8zUUtAZhpmUk4WQNykrbtcpPB43wjfzGXYUI4pnp5q8AThZiQUsZHnlvxNj8pAabSezoBMiUt22YnFKZKqz7EXO62h0L0RpKn1nJ9BN0Vm-54hnUCZZi5TmQiaKPxfVW6aFVx0AyDt0V6-p5-mINTCCxOldrgO4BxAwrrBj3w8iG5APkCL6JNoHYhWH3ifhXApB8GcWWIAAGCQr88ntf4EjeXJpD6gnO4BKQfu0nUsWH8LlyOmkHTAdH5vxDO-pCD7XL7Jfd7aB6UY8Eg5zaACnpKH1rV3Mvz69NeA2qcrtn2jFgi4mGFx6tWiSQbgwitldlnQHAVj-OM058-2hyxUgKtARYG9sGhn-jmRAxc9Zm6-2N6UXJsaYNGnL0LYasdqtikbppNb9J0zFaaJEJyx-zqr_14BpkaehNWUC7tQejb8wxLFSu5Xz8AkwJgvOvO7iO9Mym_B-T2XqqIQQwSwoRA74R5fYg_y62-bZN-ad3tHYKGshLrznse1lMR8shXd-eHh9A1aFMabyXeUm_04sr-VYbZNa1WXf2KI-ck2DbaahZHedxkZOMZRWyc0p-iQxHb7rgU9VhtcOboZW_ldiGcnZ6wQX-z3MtJ7vrStyqAnfmhcDnbkmWwI7edn8WQ8XvuL4GqtdmqjKCH-n1idItfUQTGEUR5GMGQPWT0suZBAwvDGYf8ZQrrmF7ybvr0KQu_nuO_xH_SL7cWDfaVWNyudwpck4p5ZFJBKdZ4hCNCfslYY5CqLcHzlUSPyVK9F6KoFQAmDatouKfnW7jbLPIOjWeQWA3DFEV8Ed_JjTxJjQvWZzpUEQ3kZSECja2WkriadEDKEhnd6eLHNomBh5XB855NfFLaR2ZuWq_yeu56_Mqi__nnRG2LkCoVPOwLkPq4GgQaLAKuwEVdTylYMaENUMa4DcNfGrxwPO01et-NHs-u0K8cYKO9m8f95SBTrA512cv2eaSAZbWkyef2t7XR1vYXUn5vD3nMKsTWonpb3_-E2xzPJePkNFZZWgVZLrfk4vXkOwm3shu2at4c4QvhccqaY6lHiLTPEmzutscejeMNrPKegKdhQaiTehyVYgsCPIfwrDTTfHPsel3mYcP3e4CQM8jiaSMVVHs9mxuc38fkUr3pk9U5oSLIPmRL1M4dq63Kq_cTQR_d9kuetUwLLrNwnDtxHH2vi3_8UgMQnJgWH8pjeAwSstgmW7xNmk6GHMKgnScx_tmQyNW7cDKALkM9bdToORVoQs_rMqZX0h40-loMsQ7V6Oo8vmiJ0vvwpQpI1EWbFGYkjiQcduSIR3V00gcFoqOqCm6Yg_m9XtS_GgeWSzKXJ3kvgGnMuV1Z-PuLXgAIlzcU7pXZE2-pQysmrqxMbmQ0_kM_Gcv6GeCNXq7qj7mLTdxB_lI_2eHODfXXrBm_3kFroKEk9dejVntmN2xIAJo3QSqZJ1bkusFKWri3omuFG_47EQWOh9e-c1wvp8Frhx15bGAycxcmEINkkoeCFAfdIgGA-1c0ObplsbdqHA-KvEDe5QdMwHzce5B9u24Hm1r-k9Hrt_4xCCDXg3cOkb6afYxNSBroufLe6reLbpxktgy-_4m4poXPi7YNgavK8G6_cUQYsVyq7SpPwk_Eagf3pzY6ipJM8gE9CgGvLStKMxKmWBEb1Q7GyQ4he7uQSFgWH0NSUgW9suE9nFQU0bAvdXGPId1_1acivsriddWWy14RsuyLhbzA8yXdiqPvVXfU3ZXuuqVbvyJzs7H_qZ0-fFUFx-0iLPq58U9Cy9QMNy8VRQksIG6d6sQQ1hywpMmuo5xFubWvaQh9pY_-V8WZN0mn9d4CN1loyiUxQ2M71EqkydbHG6cg7XN2QED0KrG6OyEgCezAM1b_EzD90whg7xlKeQlEgtGSXH4hO0EvCpKwoGq1nxjyvWY6aThsbk2DK0hkWzDxwck-0wuS7VPtExKfgj90fH43GSLsL8iUC99UFzLy8p8EUUejVZAhRAYoNNE2wb69WlLK7Wh4vAEJbdu6V1YHPvkK1FmuOF5ywc5gaPmB6Jb9D6xZBZHPz6xmi2c93W-NIh1PA3uj0hlUuVCBxWtA011tZvj0vkt0NO7tdMbhAamJuHZb5wDatQBLZiNhH1s0Fq8wYTwIJbW1CFe-cpKAJ0irJpczu9FQZvOjpYB_e1hD65n8UOUNdY97cd2nU_NGoBseEclMduqYsf5euVB-A&cid=CAASEuRogbgfcFTQFUNhRbDUmruNRA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

/ Show response
partner.blau.de/a/ Frame C631
Redirect Chain

https://as.ad4m.at/ad/tai?a=158504&b=3&c=3&d=1&e=775&f=&g=dbmnat_Pros_Allnet&gdpr=&gdpr_consent=&gdpr_pd=
https://www.telefonica-partner.de/tpv.php?t=117667V1225131106M&subid=viewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=117667V1225131106M&subid=viewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117667&s_id=2022011517383462167447795X117667V1225131106MSviewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros...

49 B
1 KB

89ms
23ms

Fetch
image/gif

46.4.62.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117667&s_id=2022011517383462167447795X117667V1225131106MSviewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 46.4.62.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads4.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:34 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html; charset=UTF-8
location: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117667&s_id=2022011517383462167447795X117667V1225131106MSviewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet
cache-control: no-store, no-cache, must-revalidate
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C631 0
0 45ms
45ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CU_6ZifjiYYiJO5yZ3gPriIqQDtjuvoJmxMzw-aEN8C4QASCIgL8UYJWCgICwB8gBBqkCNPC05zUnsz6oAwGqBNMBT9BmZhOP4c-xgQK-81bKbZ6EozRxDft-VasU_0p52OrfZi_VRR728VYcX4xgs5cnkcyzu6_fK4w8oykQlc89-lIavzmu4YEVaZCu6wz08_8Vg2Y65JuHY1nrJ-E3s9Pgi3BwBjoj57yOIxDukCs5m3mQvqhIokl_hN9Hx0StKhLSgFfMnPlmhTo0Pr1LBZecOFB792gr-V3Wt2qmEV9tl5_mHaORoc2FIRl5XDPukWsi1Tg756TK7wA95MgwCzZAuXUE_0ECENOrM3K7YXF7K38alMAE0b7M6KUD4AQDiAXqy63UK5IFBggDEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AH-b-YYqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcKELKyDRia-6aXAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjA4MjE1OTEyMjQwNTA5N4AKA8gLAbATkcHkCsgTotqVCdATANgTA4gUC9gUAdAVAYAXAbIXHgocCAASFHB1Yi02MTYzODU3OTkyOTU2OTY0GLjNDA&sigh=ni45xE80gn0&uach_m=[UACH]&cid=CAQSPACNIrLMTTbJ9WE9e-Lm-OY5ddJl4087FuSd3mZojsNYeT9XaBn6NpXz0_gXKCIB9o4Wx-8wPu1XlBn37g&template_id=509&vt=10
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 container.html Show response
1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C7DD 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:34 GMT
expires: Sun, 15 Jan 2023 16:38:34 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 01EA 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame EFB8 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 55E1 143 B
426 B 11ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:02:37 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2157
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DB70 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 05:53:44 GMT
expires: Sun, 16 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 38690
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C631 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a4bc10915058d500ff48f7acc432da94ae98e56b89e838bac4bafd30219f7dd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CF0B 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:38:34 GMT
expires: Sun, 15 Jan 2023 16:38:34 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EEBA 0
0 48ms
48ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2652922557055784&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3A70 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Xj55jg
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BFD5 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?l9QCGQ
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 27CA 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 76FE 624 B
299 B 38ms
21ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNUSZCgR9BP3HuPI5B13rY-ymqbQrPQoyL3gB60yI92k1r6OVlcgNlNrn4JieDF4aPepK-m_LCGn_V2LM3EEeCFIoPEIqULJqPQFr5qgUP8Lcfg_MQJJrtvA0CdSI_j-L7XvH_k5ArSajINch3GM4AQh0K1ebYMn5lgRHcTtU_EP9cFfftrxafU_ESVLeiu26FN6DHHU34Zu52ITIIiY0x7vycgAZA

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:38:34 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C7DD 24 KB
14 KB 60ms
46ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DczmmNcvEOG_VE_CEW6za_bcs_idPwWtxzOT8IVD01pePGpt5vlq3lk4ANAbtq4Xh2YcpB6ii5W9XtW93Gxms4HKY82owUd-Q2yF8lK7CJ2arWr_Mj-JAcqWJl9e5feOTQ6NT9LgStbFGJTOrb__TjvivcCw&cry=1&dbm_d=AKAmf-CmRKvapcTI3WhygD-NYjNYopHjFa9-Po9CFZ6WIRpRcvOxbss-KSKZaTAvsQQ0FBTaX8lmtftfiMHXDaRxr17cEhJTzyJ0elz0CzZCof9vOOmpwU_D0A0z2r4D44zsnB2moNYRSrYP0LqDC7_usXFTuNBvOue2S6hbsPc0wNDANSgEH116iAdc0epz4iQvknGW7Nu5sZhRrKqfNDMRh88IACIHX2quFwnZe-uIeeA7EF2GN8iS7Asb--NUxN8tdGtP3BZ3fTGMWBH7opeKMAmJ5PjRAR_8zUu8Rw1c_9wwVfoq8lsuptPwesleru7Q5wuPtd6f0vcodTAGCgTmYciALewstapnMqjPBL5L9wgvcyafr4w1qOZ2clc5ydNFHolsN6-H2_4lE23sZiUciTw2Tua5AoGdc7nWlqExvhtjbJoWd6tjnZ0A6M55QoDWmNIXMJB3VQXpthzQpoGx2ZjnUTqd40tgiFb4F97y0NmlJ2KZKdHMEXNVKTTN5_8lAL9AWB5r92vq7MX6Qh-0Qo1Zyl1-EOVoiV1-VB4zV8j7hvPwda0bbF_zNQo2MDn0HA0k6_L41hLIQ7zR1-7whXEznRXR2_8OHlZsC83zFKoJEZByakk9jn4w6uWBc0DmzqlAq9iXnkybu2jwCvfEfgZc3TKVJVn6PBCJmDS2U4skPiwtf3qvLcEYBp3HbSBIuNaF-wyIjskmDzpRy3P70Sa_phG9yLTVAGW7WHuU11yiE5yCPjZD7kCaoKGFNJLslM8UqvE23N38QHPfTLBbmosjxrtQnuK5fXdypF7gFQG249cNNkjBL2uIHW2MzggqO5sKESPp79Sal75hkrsv0eZZLBi6CouddPWVzWj8kJEGuYaCyu75L0tQkAVJv6HybQcVKI8srlD3VX4ntD2Ke6VN79s8UC3x2uiCKVRMj_MqSEKFNyez8LA75-SJC7NAGdCflo5Lrq5ZWSfhEqq2KDN8G9vs3c9RI3XnorzvlkJM2ddEhw2cAX2B5_HCzEDT3QwTjFb5u2mmacr1Sg3U_MObeznr0rNOepkTdFxUbAmBQSNWU0yAoXgmaolGwc4ZdNdCAJY6EWlV0P5ByAoHP8FPB1JH1kdgO6ef5aX311tU_PBwAfl8xFNiHSh_g5Pm49A3MpcJPgcb0_P5nmoDgs8huQKMYvuLBBZWFZ9DLnAuOjpo8Y5S8lQHU0quztyoRcyhdXMOrN-Z8hjzU6Sk3GR_lsbwiOgBHXgiP5XWn9Iq3gc-K0kOWGxeWffJNtvFc-cNZW254IpKaQ1n_QszyS0OcW7SnNDeVDbB5tVk5oyaUwot5gro7D0Tvc0xXth2rMaipu24YSs-7vULF_JcD1I39sPgnYmmrQvg0I3sJ27b7_Wq6GHH_977MZMzNmzJGMayLKBvhTeAOjP9TqcLDD_4WWn-lWkpC3PIYSvgXljjlT8sqVvRBdjhbA54Yf9EwQPQz1AxLDHLRCtYZ7CtIijTxTnQ4GRUSsmmnFw1bjhm_Qz00lTh9-T_D8f4pfThSlgbd2XFl_LKZqIQEmSAnY_-I6HmBJm7XP3xy7T9DRZm3s9GiM51Asup-Z7rSK8KV2LyY2ZJg2B-PDzeV-9Qzy296MRvTLRvMQ-zP_VcEJDoBOnObD42A2ybBiUGUDzVGZRT8mvPhM5mCd3vOp36dc17XMDwxsqmrHWrhn-3sA0GmemjkD4gDLrRIDCFnNkLi7dTmuPYk1mRiPHVljW_bvRiIxlVMPu6nC7dF_oLRMmDnaiJxgeCs3PECsDM2bh2QCdOhWme-1GkZp2KGMYtVoiheFgsYgt83oyKT9n-wD-lYHJIpI2JQzb6DvpOHXSTXGyDQaexER7s6rxFVrB94s1wa43xvLAJKnnQu3ZsAE7SL2DqM3jOAaMKUMap0D4bPZylh0n2HHfUjLxbY97agXiYMXZesgIr51ZpN7UXLBSNSP5x5791osWqkRsiPCGyEvJjDgobZTxCopQedteIm5bsChDIrxbjdVrRIXdTWi5jrdqif1nYGVJ8dXJtO37ZksIQAkBz-yUXCHUQsR732SXZmsEcLYaVAzFgelDy1bGBQvFnB4KPGT-6TIdt6YpMyEPUfICoUjkavyxrZjWtLtdx22mShG-z9wXyicfMDRe9Kui34O3Y6NEmQWeyJAWlv_eY2mkwnQmLHjAfPs6wUV3mLzKnQi24mzwQ2Ugezd9usykYkBD3Jymi4wTFlQEZVaNpFKU7MwAYduMy6F-5WJOaeL6gX8SG1pVrxy0y1aYONcC-oHkkDeRLLLLeIfG6_-oBuqgtFDk9GQlByR05tbjZ_mf9-dSdVAOBhI2US4ThyYFmQkvxVeMnlnPgzAORyDnKth9pobhQqNW_HCE7OYKR8Wmqcc1RxBQVl59Gywly5GVOXRdK_KunD2eYFfQaSVbkmbCf3lLEAZdrQ12d5qT9JXxpU4JPGpDk96P6qlUDL8WVQP7VrmPdPWQvpw7ubewcm_RgKeVmRcAuxd403MkKpRXnyncm3xvLbBNYIttYcHjWQ0vffN4SJK5t7PNMrgcH9GYdXInKY_ofnU9JnZVl0KFX1WKcXvFbxGEUbj_IL2-ikU4DJ9_cbNe8_qrG0MYuVMDai_hniGlWgI4zNOgYe8hvhaWmoIZheo000LOIwZEDdPsR2TjLhuAJ3IrnvDdJwxQQ-1Js14WJCY8e5GY_JVsVvt0jstf6ANsI2yDOrm5xoVTdG76d4Yuc9cYO7pzF_7BwM3hsYOCX-8TRwTtJTCgtrle5vmQTq347USC78sGYqbLZdQBcZYoY4Td_R-7sWW0T9suvIWo2N-PMT9TRwMXJwaiRIZmdx8lJUbUy-pw1_wIz4UYOvv5aiuneqzg1sDeL6UMJbDbeCohRsHBlvTikHOfbP0voz_cuamCHSyskvwoK15yKWIHTAx9qZCVHK6iMTOVo5i8V-5S6NXFE9ai_9_VpbYkukQh63Q06jbsQCB7vndfTNrWukFFQYl_jaoGbdfT3dX3QiL9Bp7YkVhIbPrVAUlET46t2t073RwI0-UEOsEYUS0uWhIQ9L9Mq4weq2N0oLYPg7fvq5ktyfMugM6Sy-ceUzdc3D87rTtWpldC_QD0D-kQGJkYkvIXRHYyD&cid=CAASEuRobmx4zupZ4Ix0M_jObZE_lg&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c544e529fe4045be9024bf8bb2f0f9c504af93b7e8586cb3a5d62aa00f02547

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C7DD 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A-Tfkg9_KylkEm40xLYOgHOB19TJyXo44lDFYB2RLCOvOyAq1GB2gPQ_PJfg_cAgbwQY6ofqrJQvpHeZ66_uD3hYmoYOEuY_FHbTOvYKLDBX6T5sM

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame C7DD 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:35:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:35:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C7DD 121 KB
37 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame C7DD 15 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:28:53 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C7DD 0
0 18ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS9czY0M6X3LKODX2_2LedH4F1SjlVGfZdLQlJtsRxadJc5hbKLvPuO7pKMHBGsQbxCTVMcFmuhRtUCk8CztTOX6YfH_g
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0639 640 B
318 B 18ms
18ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW7gvMtnDwm8U-SQauTS6jo8qIDLjCR1JgoBN6E2Bqna87a0pdiFdqiCrvUcGP0j3hjNb2_B4Ar5Ims61_ocShTggHRyrEGiMKFK_E7tufPw53Xxq6eNDNzmzORUxN9Bbnp6CJTwB85Y_6MHqLWp3io6GlqGvVvPdYi2Wf82PlXzvhyTZ-7-LdiV6YRqU1gUNcz4-BmUBf2UbZI4DN6bLQBSaT9uQ

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:38:34 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CF0B 24 KB
14 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C2cujFZ1BrLCQ9_lA4BHbz1LfzpRREJnbzPK_t5C5EYJiacqlRQIpmfHDMJzDUmT0mAHXJd8AOZXV44Txcn-4B7vveJUZLy32mCuz_c5dhGUZNk4WT8fKDSbQKiMVZCSzgDPbKT8bS2o4UFQkDAL-VxrMGNA&cry=1&dbm_d=AKAmf-DONoKs4MtVvlaf_quIQL-SVQHHF6TwezV8rc_1fNMGDkTOCDNd35X2xndgKyY-xXaupS-Wd5QcZZK22JqONZqd1sVsrtuWb1-bDl49TSZZIEjmlAnQeOXQGWHAQ54jkmeW3KgIBMt7qLe_wty7RGT10IKf48x_hyGlo4zDvyxax8LCwmxbO_f6nYzzd_lPDbuWoBkS81p_QjgfQjcLYrOCz2fZdhrLnlys-WDaSp9iDW5LnP7EiWB2SlrwEB638B-Zt_CmwNsu3mWlvRtF2rPvyowCDgFdiMvbHTX8QQ25eB62hCoXZzHmpZ2xZVvTjNaHjeoNf0nJO9jiUEDRtac2UKYBc3VCQwCQuZnWPpRjVdggXX2KCapLyTaZz7da7alQEhdlXbMuvmjE-_Dglhy6iXHN8KLMVe5h15GJGSUid2y5ZR-Tc0ZeACN-6hdnh_UEHmlnM_ycZRzA4oifGLgTrcTEldlISr9uGw2LiQ9c1WD6jCVPWDJ72qleZVGamQYAt04tNkSnfA1zYNyzpbGdqiBfOcnOR04dZgO1rA4up_fgsDLIZvqpDAbLMwGFsa6TJ06G8VDDQppRnTd2fW9GO_1xKYNv8W06nS3Wie2N9FwsZk17ZdvW2a_BaIOxKTDMkz1_8iKdEhcbqauBkaTGzgH5SjoVX9DFosYamPBnYHSoQOeG-t27beWHf7T5w2r0xdwU1690bIO0_fC2apMRPUHCH8S5COlcqwAmTJxTYvmNGuJBc4sJKZxFyvZT4CfIwjl9C4sN5L8lwMhrwru4aikaIlJQmlF5A7d-BRPzp7oT3dEfEwh1AdaW7jZCOTOwX-8MJ0dPSjIGUoTostUEZ77Im2-c3o3dMyikPwH0Y73LMLm9rEOwSF3l7w_Xemi_zyR11BF54egJBVAvFQSdsJmqH_R-sbsqmK8GRjxiSOZj1a-c2Ok9Ua-nvQrt1v01vZvhEuFRE61ddEPjMqJZhpXw-n_YVQwXBbQSKKp9q5HPoeyaSyxH1pDyKQKD88Tsyiqx-9A7-oA7EG6wbZR6dBsNiZionwS8qBd95OibQTqIHm1E6M2ZmNL-E3E8JGiH32hhZc_EBzRL75m_Y8eoJBp_pWT4BZmUXFngQXYxK-u1WjJ0dQDJxCWg6tR7XmKmCwqnR2vHITr6hwPYfLrN3MMCa6XIUzdX8dTn2ZzcDBwDwMXqjOl_-FIfVNLxAmA33bDPqi7m7buXB2yOIiJhmivOMQMxoIL0JbzcLRPLqszdg4ujAp1__7VvZxI4-romH523efgFQyuEjH-P5IgWSBfCFMHKSFKLym4AcFISvmGWFS6SgkAG0qDTGmanUuG4rCpCEEVje0lKEWZYmSixsU8IjDSmaqs9FDALx-WNOVJ0Ohbg9rQdWa9_3G9wVJivgV9ATcdrL5JgRwMMp-3aw6FrZEyCNPPZjQ9wnYyFsh4z7NRhoo-_3k23cBNLuOj1703fI2DcP7l7ky_MRcMGZx33_hcFWC7c09ThO5Qd2lGDygu8BHZEY0Syt8eXb6HckLRjnLnGqAPOMwFV76mN0w_Jww1KfnINqhBbju5gYfMJysSDnAcbqYIvxUOZhftoz_EZQ6YaWZ5o3Q0lynEwf-tQ-vN7qyRGLBeg3KSlXXB3yH4DrotVitCVC3dgCq6dSOam8NWGodI30PjQ3_hSm4LpBPQnU13Bwj1D0xk6pMw3u53fnMSqhCJIlNZdgw7fdBpoBTKi0l3D-1n1DJk8aow1keHgjckvIoM-WIRCFfWGoh2bmfDkdWDbV7gyisf0ANknfXHqM17Gxz4COQfKayIcOmjyFK4ZTBlo1DcCPnAAd4DxMyZv5lGBPkXwBiySwLCyxgerSm0bMtebqhUxO__ey7WfAtMTPxFsiVGivcBL50cTblPnjahIkzFIiqGdDGSk9ivlEXywSfvr-wWtaWVGaSwrDZXh-B-BXB7iOrtXhIMD3WS6WAauVZW5D5REYtw1JhswXfZK_biyi7X6viwRsOJ-OOWpxZUtlx3NRoZ7fKeFYwFpelnUormNAecMAeq7URZPVJAbvO0oc86qJx9CAWRunTbJUMegHiurQW7VfeNyqeOW3lTHNjOxk-jV7dqrUodvomVPdFEQaSzj901960igdhtkDVSbcxLjC2TuWGBDw_H7CnPiG7UdK-SCecV89D6U6ZNa-BHxy7ltcvbgzwgR1KWp9Kkreb3m550-4_OwzehNnsnmOU845j9ziqbsYAwvRdVGEMODdYBBwnT4C_zkEcb_2OD-QhN_PxiUEymo4acwBTHpbcZfleRUM_vPU9_7jgCFqYp7ftIKdM8VpqcpJMJTOhRqacD1uHPi3sS_2J2W7uCCs1aOgKO1WLFGyUdq1Qr5DGf0JcqyBpbgXZT9BTpnVkmyBE8u6aNZFAbc-DaG1Wl1NjL99-umf4tFBzI25zUgCFJTZKhsWo1UamZmSMdBtinclJMT6Ff3cpqpwQmy5mLAt22iDR79z-S9BVb7NTlfOqxMYLMdeU8FHHPpKLmxRXMofkjNoIOGegEkRfwsAe0BcgFrrhymBhZSCL0tFIcBzikhhhlmHIlCAax0eWIk26g7rYOvtPokc_aU6662faisfSa0mMZMCKCfuhYHSAKI9-TmxUOihGI4pRWl1x3XcQs_1bUSQ0uLpnfCWaCHYqsv_kd7cxZ1zYKjgvb5mz9aHwggNvXksiVg4oR4aTl3oLzJ0p8N1PVZX2Ui1hdReWNiNzQ9KZNGzCFc5RLS-25XRmHmugShKBvavj-oldg_i6QDP6rV9Xn0bReGhVLJ3Baa5SJ1xZMa5I0sPKZ69lnHT2cRiYHOalTIQl_pcdk-JohpUtbMglvF-awcLsrSWChoRQTSg_DiTohBzz6rEdQ2DWvPyAqXvCJRO2ZKsaWz4BjbbW0_d3KREUuh_RX7Maef0vYmSM4R1UtK2pHSK8Md7v-nsgo2dbrEBSaT80SoTC-5rgt_Jz4fTLrWR3MLa7T2-HHvWtA1_rQYWBMns0EW6Q7Sxcv2nBNQqKG_OfQ6_PVBYXDtPZ6e4U5IMYnWvb7cJ39DOJqN0oLN2FH_Zg8OBydKGUxmih4bc9JSRv4hSLhLUJtQeuSoZtgyj7GBo0lbLM9rpH7MHnUD&cid=CAASEuRoq-zbL8as8n9ge9LWOFYS4w&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e105b5557bed3c3e48db77e8c938e64e52a5f00e0f0d948efe889022a5331c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14047
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF0B 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DSxMQcUzKcE0ebUwDriC6pmmqXIyrDuIKJdbLEKuksQ8T7cmgGEXlnkjXoMWxjre02Sv7bpTuMjzKYpslpOiu8iCKmWQB1W7566bJjwB9zNSXNbL0

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame CF0B 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:35:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:35:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CF0B 121 KB
37 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame CF0B 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:28:53 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CF0B 0
0 17ms
16ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTHEYG7Uje8ExVf8WJ3KzkkYB_BECQQN7RxTKgeqJuWKgaGt0VLgO6y8-LFGMaVIParsxshL1JPtSC55KnEKiisw6Bk5w
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6E55 0
0 56ms
56ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3789292906944693&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF0B 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=75&version=r20220112&sample=0.01

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame DB70 43 B
351 B 121ms
17ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGo9gyOAbrcOAZ5Uet-qjbE&google_cver=1&google_push=AYg5qPJ7njdoyQ2AqbOnjI-czKM19Ehe1gzfB79vEk7voM8jDK_9qyVyk_45mhPiUvI2T4PM4SqbO0IdKsVOe1bm_w2ZUyvcXuiP
Requested by: Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: nbjharkh71iqb2l9kr193f98e5c0eqc7

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB70
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vRgHOMhET82baGNB3qhitw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vRgHOMhET82baGNB3qhitw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIzPe1plv9gjfhghefeBdn-taPyAoCX8Z1DC7myAR8xpAlWSV8fDq3GgvR2uQuk6Rii7rknhkkLVzDHb-RClL7xsXnZBV2l

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vRgHOMhET82baGNB3qhitw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIzPe1plv9gjfhghefeBdn-taPyAoCX8Z1DC7myAR8xpAlWSV8fDq3GgvR2uQuk6Rii7rknhkkLVzDHb-RClL7xsXnZBV2l
date: Sat, 15 Jan 2022 16:38:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame DB70 0
474 B 130ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPKMUQqXgQvXULxN_K3LQaQFJbWVfGyGQvtDGSAcUOFoxMpch7UpQnPrvCPslMz65JHQzJGIdULWoxix44KaeYmTnKX0cQpu%26google_hm%3D%5BUID%5D&google_gid=CAESEGKrcsPW00bZF0NoG5phqL8&google_cver=1

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame DB70
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEEvoQKRPyCTVnsPRzju3pLc&google_cver=1&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcy...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEvoQKRPyCTVnsPRzju3pLc&google_cver=1&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFs...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB70
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEP9foxjwveKLapAzxlQVkVE&google_cver=1&google_push=AYg5qPJRujDvGQZmzljKTZgLkM1uuZ9P7Iu1F9wgQNZhe43hT4oP5gpra3npKgcBiepVSPFkoQyEaGGSG0_rjpZ-Fz2U1AKqidpu
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJRujDvGQZmzljKTZgLkM1uuZ9...

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJRujDvGQZmzljKTZgLkM1uuZ9P7Iu1F9wgQNZhe43hT4oP5gpra3npKgcBiepVSPFkoQyEaGGSG0_rjpZ-Fz2U1AKqidpu&gdpr=&gdpr_consent=

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2MzE0MDczMzIwNTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJRujDvGQZmzljKTZgLkM1uuZ9P7Iu1F9wgQNZhe43hT4oP5gpra3npKgcBiepVSPFkoQyEaGGSG0_rjpZ-Fz2U1AKqidpu&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame DB70 0
75 B 208ms
19ms Image
text/plain 185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESECTQdMEckj-b7ulJ6pqtltw&google_cver=1&google_push=AYg5qPI4NW6JY29sVf-iC0iU4JLKU_QZFn5iCGkQotwcCdu00MeQXWH5Dz8foFWK1rDEO_UxEfFWtaGXMNNZmgY7-HTRsoISxCE_
Requested by: Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB70
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGO31ak9f9XEobcOnigzODk&google_cver=1&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGO31ak9f9XEobcOnigzODk&google_cver=1&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS10b0RTTUlwRTJ1R2FlM0dOUW9qTDU3NlJoaVFHV3Z2RH5B&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJa...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS10b0RTTUlwRTJ1R2FlM0dOUW9qTDU3NlJoaVFHV3Z2RH5B&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_808I4tDJncxCcrAcongTvRDH5EOg

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS10b0RTTUlwRTJ1R2FlM0dOUW9qTDU3NlJoaVFHV3Z2RH5B&google_push=AYg5qPJFznEWN6fiBHzL3Mv8EcYZtTFKDAmaN_7l2W0tre7GAkZZrlkJaU9vAt8tdK2I01TM4_808I4tDJncxCcrAcongTvRDH5EOg
date: Sat, 15 Jan 2022 16:38:34 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame DB70 0
232 B 113ms
15ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I5NRpd8kRB5Wd1VMrXzq2j6gBsV2inDWV1--jKne9DMjC9KIhtpZn3I3oNoHF0OfMYmMbMAQ

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 55E1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

63ms
63ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
URL: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 Jan 2022 16:38:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 15 Jan 2022 16:38:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1365 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3562438071198364&bg=!CQqlCk7NAAaocxMpqHM7ACkAdvg8Wk7jkwAzyvde259EZ5q9epN7v_5pt14JVGemlS1zl-bg3KV-NAIAAAFFUgAAAAVoAQeZAxNaCBeM-h2sZso0ci4TfPhSY-1BHhU8Y7F2e_yADnTt2JAZstFlBs78iWGnM0JOlcBTDAlS7hdqPA9mzf9GgR2MiWSY0ZkLNljynX6_MlJzfQjOBYbqQehWpHWD7C8oSdlJo7VTz8sGnOUem9jSWQkdBTYD_Grr7I4Cb41fB6o9uNkDRmr3f7dXq37MbnnVysCvxUEn0nLGAoagzUTyYNpCnmQsFoSgj9Wtvr0MOsGmq_rAjU0CbuYLloXfcDQH_ntAJA_MCma2uZxBP6GC3UifMSDm_qjeJNlgPeMlUuDVfh6wcIPkgIUjZ9fE_I2cn3-997PARbSFo7eBrMdmeDWWLC2JhqL95XMATuJzntxKiJW96R6-unI8G_NLJxx9sDVqV-ceoI1HJVRXKgpTwomouGTXVYGKOCylfWhyHkTHwTXoxCClzh1Z9EeH-VpD4ijLWawXNLn0beSS5_qqFgEFwMaqxX8nO9HzfwTyu_NBEH_c0ZATzQPad49DsgEB4RBNrs-5adXa8JtqMx7_kpoCpO66MmO7oJAQD_cV7MlR4Nt7eKlb-hOVsx9X92lwnc4NqsBZVlBBCeEs_6HmKCtbE2sc07TgYtHPB4yu9tG1L5lK_zivg601he7WADUaADpXONeYmOIHcqnYuFWY40qrLhvAizTrVPnwGQNLZF76q-EIwAe61xV7ArMo5DOBAR7ZQwHNTYBWK4KvTcdPxDSe2ExmOWcdmaeqmJV7qpUdtcCHQ1w2qXbNW04C44EodAfWExv2mVijXN0Fc3KIuMab2-SxPAW7i9oPMcYIHZ81NhThJdgnOccuC1RIqqjFqDG3vz8UIlVwda8X-51IuCkFaWyc6ekpEzEYq9i0SWZEjR9JF0aR_QrjGbaCeRINMXMj257NExTl8sePHPI_744qgZ_vUL0KYnxAI4m9kbkd1HKyof6VURMCEHHo1sUZRGgVzXnRjTf8rKQonnQAVjn1tg1Hps6lTDufHMJ8vP-tK_h1Gf-Aq6xebydDdRZc9bVV3oEVc6eEwAgma2Vj397eRbul

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame C7DD 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DczmmNcvEOG_VE_CEW6za_bcs_idPwWtxzOT8IVD01pePGpt5vlq3lk4ANAbtq4Xh2YcpB6ii5W9XtW93Gxms4HKY82owUd-Q2yF8lK7CJ2arWr_Mj-JAcqWJl9e5feOTQ6NT9LgStbFGJTOrb__TjvivcCw&cry=1&dbm_d=AKAmf-CmRKvapcTI3WhygD-NYjNYopHjFa9-Po9CFZ6WIRpRcvOxbss-KSKZaTAvsQQ0FBTaX8lmtftfiMHXDaRxr17cEhJTzyJ0elz0CzZCof9vOOmpwU_D0A0z2r4D44zsnB2moNYRSrYP0LqDC7_usXFTuNBvOue2S6hbsPc0wNDANSgEH116iAdc0epz4iQvknGW7Nu5sZhRrKqfNDMRh88IACIHX2quFwnZe-uIeeA7EF2GN8iS7Asb--NUxN8tdGtP3BZ3fTGMWBH7opeKMAmJ5PjRAR_8zUu8Rw1c_9wwVfoq8lsuptPwesleru7Q5wuPtd6f0vcodTAGCgTmYciALewstapnMqjPBL5L9wgvcyafr4w1qOZ2clc5ydNFHolsN6-H2_4lE23sZiUciTw2Tua5AoGdc7nWlqExvhtjbJoWd6tjnZ0A6M55QoDWmNIXMJB3VQXpthzQpoGx2ZjnUTqd40tgiFb4F97y0NmlJ2KZKdHMEXNVKTTN5_8lAL9AWB5r92vq7MX6Qh-0Qo1Zyl1-EOVoiV1-VB4zV8j7hvPwda0bbF_zNQo2MDn0HA0k6_L41hLIQ7zR1-7whXEznRXR2_8OHlZsC83zFKoJEZByakk9jn4w6uWBc0DmzqlAq9iXnkybu2jwCvfEfgZc3TKVJVn6PBCJmDS2U4skPiwtf3qvLcEYBp3HbSBIuNaF-wyIjskmDzpRy3P70Sa_phG9yLTVAGW7WHuU11yiE5yCPjZD7kCaoKGFNJLslM8UqvE23N38QHPfTLBbmosjxrtQnuK5fXdypF7gFQG249cNNkjBL2uIHW2MzggqO5sKESPp79Sal75hkrsv0eZZLBi6CouddPWVzWj8kJEGuYaCyu75L0tQkAVJv6HybQcVKI8srlD3VX4ntD2Ke6VN79s8UC3x2uiCKVRMj_MqSEKFNyez8LA75-SJC7NAGdCflo5Lrq5ZWSfhEqq2KDN8G9vs3c9RI3XnorzvlkJM2ddEhw2cAX2B5_HCzEDT3QwTjFb5u2mmacr1Sg3U_MObeznr0rNOepkTdFxUbAmBQSNWU0yAoXgmaolGwc4ZdNdCAJY6EWlV0P5ByAoHP8FPB1JH1kdgO6ef5aX311tU_PBwAfl8xFNiHSh_g5Pm49A3MpcJPgcb0_P5nmoDgs8huQKMYvuLBBZWFZ9DLnAuOjpo8Y5S8lQHU0quztyoRcyhdXMOrN-Z8hjzU6Sk3GR_lsbwiOgBHXgiP5XWn9Iq3gc-K0kOWGxeWffJNtvFc-cNZW254IpKaQ1n_QszyS0OcW7SnNDeVDbB5tVk5oyaUwot5gro7D0Tvc0xXth2rMaipu24YSs-7vULF_JcD1I39sPgnYmmrQvg0I3sJ27b7_Wq6GHH_977MZMzNmzJGMayLKBvhTeAOjP9TqcLDD_4WWn-lWkpC3PIYSvgXljjlT8sqVvRBdjhbA54Yf9EwQPQz1AxLDHLRCtYZ7CtIijTxTnQ4GRUSsmmnFw1bjhm_Qz00lTh9-T_D8f4pfThSlgbd2XFl_LKZqIQEmSAnY_-I6HmBJm7XP3xy7T9DRZm3s9GiM51Asup-Z7rSK8KV2LyY2ZJg2B-PDzeV-9Qzy296MRvTLRvMQ-zP_VcEJDoBOnObD42A2ybBiUGUDzVGZRT8mvPhM5mCd3vOp36dc17XMDwxsqmrHWrhn-3sA0GmemjkD4gDLrRIDCFnNkLi7dTmuPYk1mRiPHVljW_bvRiIxlVMPu6nC7dF_oLRMmDnaiJxgeCs3PECsDM2bh2QCdOhWme-1GkZp2KGMYtVoiheFgsYgt83oyKT9n-wD-lYHJIpI2JQzb6DvpOHXSTXGyDQaexER7s6rxFVrB94s1wa43xvLAJKnnQu3ZsAE7SL2DqM3jOAaMKUMap0D4bPZylh0n2HHfUjLxbY97agXiYMXZesgIr51ZpN7UXLBSNSP5x5791osWqkRsiPCGyEvJjDgobZTxCopQedteIm5bsChDIrxbjdVrRIXdTWi5jrdqif1nYGVJ8dXJtO37ZksIQAkBz-yUXCHUQsR732SXZmsEcLYaVAzFgelDy1bGBQvFnB4KPGT-6TIdt6YpMyEPUfICoUjkavyxrZjWtLtdx22mShG-z9wXyicfMDRe9Kui34O3Y6NEmQWeyJAWlv_eY2mkwnQmLHjAfPs6wUV3mLzKnQi24mzwQ2Ugezd9usykYkBD3Jymi4wTFlQEZVaNpFKU7MwAYduMy6F-5WJOaeL6gX8SG1pVrxy0y1aYONcC-oHkkDeRLLLLeIfG6_-oBuqgtFDk9GQlByR05tbjZ_mf9-dSdVAOBhI2US4ThyYFmQkvxVeMnlnPgzAORyDnKth9pobhQqNW_HCE7OYKR8Wmqcc1RxBQVl59Gywly5GVOXRdK_KunD2eYFfQaSVbkmbCf3lLEAZdrQ12d5qT9JXxpU4JPGpDk96P6qlUDL8WVQP7VrmPdPWQvpw7ubewcm_RgKeVmRcAuxd403MkKpRXnyncm3xvLbBNYIttYcHjWQ0vffN4SJK5t7PNMrgcH9GYdXInKY_ofnU9JnZVl0KFX1WKcXvFbxGEUbj_IL2-ikU4DJ9_cbNe8_qrG0MYuVMDai_hniGlWgI4zNOgYe8hvhaWmoIZheo000LOIwZEDdPsR2TjLhuAJ3IrnvDdJwxQQ-1Js14WJCY8e5GY_JVsVvt0jstf6ANsI2yDOrm5xoVTdG76d4Yuc9cYO7pzF_7BwM3hsYOCX-8TRwTtJTCgtrle5vmQTq347USC78sGYqbLZdQBcZYoY4Td_R-7sWW0T9suvIWo2N-PMT9TRwMXJwaiRIZmdx8lJUbUy-pw1_wIz4UYOvv5aiuneqzg1sDeL6UMJbDbeCohRsHBlvTikHOfbP0voz_cuamCHSyskvwoK15yKWIHTAx9qZCVHK6iMTOVo5i8V-5S6NXFE9ai_9_VpbYkukQh63Q06jbsQCB7vndfTNrWukFFQYl_jaoGbdfT3dX3QiL9Bp7YkVhIbPrVAUlET46t2t073RwI0-UEOsEYUS0uWhIQ9L9Mq4weq2N0oLYPg7fvq5ktyfMugM6Sy-ceUzdc3D87rTtWpldC_QD0D-kQGJkYkvIXRHYyD&cid=CAASEuRobmx4zupZ4Ix0M_jObZE_lg&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:38:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C7DD 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 15:19:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91161
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jan 2023 15:19:13 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame CF0B 24 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C2cujFZ1BrLCQ9_lA4BHbz1LfzpRREJnbzPK_t5C5EYJiacqlRQIpmfHDMJzDUmT0mAHXJd8AOZXV44Txcn-4B7vveJUZLy32mCuz_c5dhGUZNk4WT8fKDSbQKiMVZCSzgDPbKT8bS2o4UFQkDAL-VxrMGNA&cry=1&dbm_d=AKAmf-DONoKs4MtVvlaf_quIQL-SVQHHF6TwezV8rc_1fNMGDkTOCDNd35X2xndgKyY-xXaupS-Wd5QcZZK22JqONZqd1sVsrtuWb1-bDl49TSZZIEjmlAnQeOXQGWHAQ54jkmeW3KgIBMt7qLe_wty7RGT10IKf48x_hyGlo4zDvyxax8LCwmxbO_f6nYzzd_lPDbuWoBkS81p_QjgfQjcLYrOCz2fZdhrLnlys-WDaSp9iDW5LnP7EiWB2SlrwEB638B-Zt_CmwNsu3mWlvRtF2rPvyowCDgFdiMvbHTX8QQ25eB62hCoXZzHmpZ2xZVvTjNaHjeoNf0nJO9jiUEDRtac2UKYBc3VCQwCQuZnWPpRjVdggXX2KCapLyTaZz7da7alQEhdlXbMuvmjE-_Dglhy6iXHN8KLMVe5h15GJGSUid2y5ZR-Tc0ZeACN-6hdnh_UEHmlnM_ycZRzA4oifGLgTrcTEldlISr9uGw2LiQ9c1WD6jCVPWDJ72qleZVGamQYAt04tNkSnfA1zYNyzpbGdqiBfOcnOR04dZgO1rA4up_fgsDLIZvqpDAbLMwGFsa6TJ06G8VDDQppRnTd2fW9GO_1xKYNv8W06nS3Wie2N9FwsZk17ZdvW2a_BaIOxKTDMkz1_8iKdEhcbqauBkaTGzgH5SjoVX9DFosYamPBnYHSoQOeG-t27beWHf7T5w2r0xdwU1690bIO0_fC2apMRPUHCH8S5COlcqwAmTJxTYvmNGuJBc4sJKZxFyvZT4CfIwjl9C4sN5L8lwMhrwru4aikaIlJQmlF5A7d-BRPzp7oT3dEfEwh1AdaW7jZCOTOwX-8MJ0dPSjIGUoTostUEZ77Im2-c3o3dMyikPwH0Y73LMLm9rEOwSF3l7w_Xemi_zyR11BF54egJBVAvFQSdsJmqH_R-sbsqmK8GRjxiSOZj1a-c2Ok9Ua-nvQrt1v01vZvhEuFRE61ddEPjMqJZhpXw-n_YVQwXBbQSKKp9q5HPoeyaSyxH1pDyKQKD88Tsyiqx-9A7-oA7EG6wbZR6dBsNiZionwS8qBd95OibQTqIHm1E6M2ZmNL-E3E8JGiH32hhZc_EBzRL75m_Y8eoJBp_pWT4BZmUXFngQXYxK-u1WjJ0dQDJxCWg6tR7XmKmCwqnR2vHITr6hwPYfLrN3MMCa6XIUzdX8dTn2ZzcDBwDwMXqjOl_-FIfVNLxAmA33bDPqi7m7buXB2yOIiJhmivOMQMxoIL0JbzcLRPLqszdg4ujAp1__7VvZxI4-romH523efgFQyuEjH-P5IgWSBfCFMHKSFKLym4AcFISvmGWFS6SgkAG0qDTGmanUuG4rCpCEEVje0lKEWZYmSixsU8IjDSmaqs9FDALx-WNOVJ0Ohbg9rQdWa9_3G9wVJivgV9ATcdrL5JgRwMMp-3aw6FrZEyCNPPZjQ9wnYyFsh4z7NRhoo-_3k23cBNLuOj1703fI2DcP7l7ky_MRcMGZx33_hcFWC7c09ThO5Qd2lGDygu8BHZEY0Syt8eXb6HckLRjnLnGqAPOMwFV76mN0w_Jww1KfnINqhBbju5gYfMJysSDnAcbqYIvxUOZhftoz_EZQ6YaWZ5o3Q0lynEwf-tQ-vN7qyRGLBeg3KSlXXB3yH4DrotVitCVC3dgCq6dSOam8NWGodI30PjQ3_hSm4LpBPQnU13Bwj1D0xk6pMw3u53fnMSqhCJIlNZdgw7fdBpoBTKi0l3D-1n1DJk8aow1keHgjckvIoM-WIRCFfWGoh2bmfDkdWDbV7gyisf0ANknfXHqM17Gxz4COQfKayIcOmjyFK4ZTBlo1DcCPnAAd4DxMyZv5lGBPkXwBiySwLCyxgerSm0bMtebqhUxO__ey7WfAtMTPxFsiVGivcBL50cTblPnjahIkzFIiqGdDGSk9ivlEXywSfvr-wWtaWVGaSwrDZXh-B-BXB7iOrtXhIMD3WS6WAauVZW5D5REYtw1JhswXfZK_biyi7X6viwRsOJ-OOWpxZUtlx3NRoZ7fKeFYwFpelnUormNAecMAeq7URZPVJAbvO0oc86qJx9CAWRunTbJUMegHiurQW7VfeNyqeOW3lTHNjOxk-jV7dqrUodvomVPdFEQaSzj901960igdhtkDVSbcxLjC2TuWGBDw_H7CnPiG7UdK-SCecV89D6U6ZNa-BHxy7ltcvbgzwgR1KWp9Kkreb3m550-4_OwzehNnsnmOU845j9ziqbsYAwvRdVGEMODdYBBwnT4C_zkEcb_2OD-QhN_PxiUEymo4acwBTHpbcZfleRUM_vPU9_7jgCFqYp7ftIKdM8VpqcpJMJTOhRqacD1uHPi3sS_2J2W7uCCs1aOgKO1WLFGyUdq1Qr5DGf0JcqyBpbgXZT9BTpnVkmyBE8u6aNZFAbc-DaG1Wl1NjL99-umf4tFBzI25zUgCFJTZKhsWo1UamZmSMdBtinclJMT6Ff3cpqpwQmy5mLAt22iDR79z-S9BVb7NTlfOqxMYLMdeU8FHHPpKLmxRXMofkjNoIOGegEkRfwsAe0BcgFrrhymBhZSCL0tFIcBzikhhhlmHIlCAax0eWIk26g7rYOvtPokc_aU6662faisfSa0mMZMCKCfuhYHSAKI9-TmxUOihGI4pRWl1x3XcQs_1bUSQ0uLpnfCWaCHYqsv_kd7cxZ1zYKjgvb5mz9aHwggNvXksiVg4oR4aTl3oLzJ0p8N1PVZX2Ui1hdReWNiNzQ9KZNGzCFc5RLS-25XRmHmugShKBvavj-oldg_i6QDP6rV9Xn0bReGhVLJ3Baa5SJ1xZMa5I0sPKZ69lnHT2cRiYHOalTIQl_pcdk-JohpUtbMglvF-awcLsrSWChoRQTSg_DiTohBzz6rEdQ2DWvPyAqXvCJRO2ZKsaWz4BjbbW0_d3KREUuh_RX7Maef0vYmSM4R1UtK2pHSK8Md7v-nsgo2dbrEBSaT80SoTC-5rgt_Jz4fTLrWR3MLa7T2-HHvWtA1_rQYWBMns0EW6Q7Sxcv2nBNQqKG_OfQ6_PVBYXDtPZ6e4U5IMYnWvb7cJ39DOJqN0oLN2FH_Zg8OBydKGUxmih4bc9JSRv4hSLhLUJtQeuSoZtgyj7GBo0lbLM9rpH7MHnUD&cid=CAASEuRoq-zbL8as8n9ge9LWOFYS4w&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:38:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CF0B 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 15:19:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91161
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jan 2023 15:19:13 GMT

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 763F 35 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5A10 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=2904772729162426&bg=!LS6lLmrNAAaocxMpqHM7ACkAdvg8Wn00HUVI9CEYfgQnnORrgtmNCwiTL6atrI63WYe6k2lBqmqqBgIAAAFAUgAAAAVoAQeZAxpXkSSlThb0Mlt9f1dmRN6qoc8ErhIqUGa5Gi6ONrbUcU_6qx65QSHeybNEFxlj6YnfFJlNxtb3LWdz00J8t4de3J3-4OVL-lbCR8weWVM6cF34sAmGqZxPGAXSHKg0AAxIPRfpvfVwyuAkK8ZXNeZOqzwLty5AhgoifAAzDiUCDwFV4PcupCSg1a7JC_VieRgNJa79EM6Cd3YQuGClbV5s8u52D8IYuuZBEXwk-y1rHenzv0oknkM0Bhq46p0Mg2J5to5eh_HhSWoQigw5W-CLFIPxYFMdYM0jODeSJ2D8Ckf1czWWvEXgmYssBq4EkkuHTGTFGdi_LXQxWTbqj9VnfW-Gk-cLNm3O_GBtIHcKFNq7FKD4mIjCqOpmrJUu7bUejiy6dhrPbCJV_jkcrn2wXRVD4FkRGDtaEG_0QSwODbM8Z0xKK_KWOARALjPDMJZcPWjV2EDHa5wQGhMlbXRxre7lMYKd7WD-TPqNcttEWzBM7OFhzjN_liENux1mVZr83wWFcHGB1wyndNZ9XCFPz85sba5OY4VuVf8L7It2up7slGmh_r2MyWsG-Uj5RhQB7tXVNGanZa5mfIecD1v4HFfQviEisgdDTVroOu4e-yyJPQFK0T6k3b9eE2PsuAKLkizgjeGvwt9zq5P_mvIDgcSSg_VmLDlkbL0zzcjVoH38cmy3posxnCLcgQuZ1BGKbJ0RVkBk9Y5EzXyt1j7VVTKXekTXHuNXV3yP7aBYKfnABGMdBPPTBsXvoi9_3T3VosyCzaZtXXHTlFg5zJK266CAqSHWIe9Ons4ZJhDh5Se08eoNyXrX-0nvAjWGushP25Gvjj9mMeZoi7T9fIvOeDgPeGW6QivmVZA874x_bxNPmdGCug_C8gBhpunNh3pSoQv8bLMTZKiFwKMjOfocG0teNkg1_Ud4fGQsBYcElHUdh9H4hputM3iuoYOT93Z6apEj7TJnHqIcKHuBH16xyyH9UgOI5zXRSTK2fp7Mu3a4KE7ntCsnX2IND92rGwhhk3ojHbOX-bj_YX-AywtFoxeO61fiMAFLBA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 01EA 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?7Pj6qQ
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EFB8 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?4MITvQ
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 76FE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1&C=1

43 B
1014 B

51ms
50ms

Image
image/gif

184.87.213.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNUSZCgR9BP3HuPI5B13rY-ymqbQrPQoyL3gB60yI92k1r6OVlcgNlNrn4JieDF4aPepK-m_LCGn_V2LM3EEeCFIoPEIqULJqPQFr5qgUP8Lcfg_MQJJrtvA0CdSI_j-L7XvH_k5ArSajINch3GM4AQh0K1ebYMn5lgRHcTtU_EP9cFfftrxafU_ESVLeiu26FN6DHHU34Zu52ITIIiY0x7vycgAZA
Protocol: HTTP/1.1
Server: 184.87.213.8 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:38:34 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sat, 15 Jan 2022 16:38:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 76FE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL4ihouyMQJKZMZR1FFSQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1

43 B
1014 B

35ms
34ms

Image
image/gif

184.87.213.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNUSZCgR9BP3HuPI5B13rY-ymqbQrPQoyL3gB60yI92k1r6OVlcgNlNrn4JieDF4aPepK-m_LCGn_V2LM3EEeCFIoPEIqULJqPQFr5qgUP8Lcfg_MQJJrtvA0CdSI_j-L7XvH_k5ArSajINch3GM4AQh0K1ebYMn5lgRHcTtU_EP9cFfftrxafU_ESVLeiu26FN6DHHU34Zu52ITIIiY0x7vycgAZA
Protocol: HTTP/1.1
Server: 184.87.213.8 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:38:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBDD6W_HEQ3xr-33YchfxEc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 76FE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFQJKagTPJAQzLnNejJxeu8&google_cver=1

43 B
1005 B

16ms
15ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFQJKagTPJAQzLnNejJxeu8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNUSZCgR9BP3HuPI5B13rY-ymqbQrPQoyL3gB60yI92k1r6OVlcgNlNrn4JieDF4aPepK-m_LCGn_V2LM3EEeCFIoPEIqULJqPQFr5qgUP8Lcfg_MQJJrtvA0CdSI_j-L7XvH_k5ArSajINch3GM4AQh0K1ebYMn5lgRHcTtU_EP9cFfftrxafU_ESVLeiu26FN6DHHU34Zu52ITIIiY0x7vycgAZA

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bd51af74-6e9a-4dab-83cf-9d846b2337e5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFQJKagTPJAQzLnNejJxeu8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76FE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg3MDAyNDI0MjA4MzU0OTg4

170 B
188 B

42ms
42ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg3MDAyNDI0MjA4MzU0OTg4

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3c30971e-6034-44e1-805e-e2500700dfc4
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg3MDAyNDI0MjA4MzU0OTg4
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 0639
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOWXNcPB2slL2LdYP-2mxqU&google_cver=1

43 B
61 B

18ms
18ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOWXNcPB2slL2LdYP-2mxqU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW7gvMtnDwm8U-SQauTS6jo8qIDLjCR1JgoBN6E2Bqna87a0pdiFdqiCrvUcGP0j3hjNb2_B4Ar5Ims61_ocShTggHRyrEGiMKFK_E7tufPw53Xxq6eNDNzmzORUxN9Bbnp6CJTwB85Y_6MHqLWp3io6GlqGvVvPdYi2Wf82PlXzvhyTZ-7-LdiV6YRqU1gUNcz4-BmUBf2UbZI4DN6bLQBSaT9uQ
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
via: 1.1 google
server: OXGW/17.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOWXNcPB2slL2LdYP-2mxqU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 0639 43 B
207 B 18ms
17ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW7gvMtnDwm8U-SQauTS6jo8qIDLjCR1JgoBN6E2Bqna87a0pdiFdqiCrvUcGP0j3hjNb2_B4Ar5Ims61_ocShTggHRyrEGiMKFK_E7tufPw53Xxq6eNDNzmzORUxN9Bbnp6CJTwB85Y_6MHqLWp3io6GlqGvVvPdYi2Wf82PlXzvhyTZ-7-LdiV6YRqU1gUNcz4-BmUBf2UbZI4DN6bLQBSaT9uQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 0639
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEArUNuO-xB_pdH6_KFytdKo&google_cver=1

23 B
172 B

39ms
39ms

Image
image/gif

104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEArUNuO-xB_pdH6_KFytdKo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW7gvMtnDwm8U-SQauTS6jo8qIDLjCR1JgoBN6E2Bqna87a0pdiFdqiCrvUcGP0j3hjNb2_B4Ar5Ims61_ocShTggHRyrEGiMKFK_E7tufPw53Xxq6eNDNzmzORUxN9Bbnp6CJTwB85Y_6MHqLWp3io6GlqGvVvPdYi2Wf82PlXzvhyTZ-7-LdiV6YRqU1gUNcz4-BmUBf2UbZI4DN6bLQBSaT9uQ
Protocol: H2
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:38:34 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEArUNuO-xB_pdH6_KFytdKo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 0639 23 B
172 B 36ms
36ms Image
image/gif 104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW7gvMtnDwm8U-SQauTS6jo8qIDLjCR1JgoBN6E2Bqna87a0pdiFdqiCrvUcGP0j3hjNb2_B4Ar5Ims61_ocShTggHRyrEGiMKFK_E7tufPw53Xxq6eNDNzmzORUxN9Bbnp6CJTwB85Y_6MHqLWp3io6GlqGvVvPdYi2Wf82PlXzvhyTZ-7-LdiV6YRqU1gUNcz4-BmUBf2UbZI4DN6bLQBSaT9uQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:38:34 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame CF0B 11 KB
4 KB 57ms
14ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 90e6c74c154e1ecc603efa62795cd669c12280c043d8363eaed628bb945bb959

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3875
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 45F6 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 14 Jan 2022 15:19:21 GMT
expires: Sat, 14 Jan 2023 15:19:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 91153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame C7DD 11 KB
4 KB 50ms
13ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: ce0f964bea4f366c3d36f63f6538af3068d2952d1508cd373836555c410ef257

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3872
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 68FD 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 14 Jan 2022 15:19:21 GMT
expires: Sat, 14 Jan 2023 15:19:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 91153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 27CA 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fP4ryQ
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 157E 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011303&jk=1077986576278256&bg=!w8ClwITNAAaocxMpqHM7ACkAdvg8Wh3NX3_mKHOIpPHpzA9dTAvDiZ-SfBd0X_kdPzSbJRgqjW_erAIAAADxUgAAAANoAQcKAAQeW8LvmQLfN9tW-R7CzapAvp1mEJ3jOPYG03HxNFBJiq9wJs0jdZuDCGFCfyWWrh1X_4KfIlI0_HVrAXzwVubQBUSwxQ-dcHOpxrGv4KJT2KhCxejgDcr9EWYHZkxw0mGX3KHXweCvtTwOAt7Z_qToHxHfVyQZ3rAOaExNFDxMw1MnCI5m1-CFN53Gp1nzSzk6MiNTAOJ0tUQBLQomCTVv-WAtguaHLePWRF-hbBfzzKOA0zz_WzJAPlGTSoepRcKhoQqOqxWJ5tYr6xOugAofA8Gozyw3ZJZ2WwaeUIBu652i3VBEBkl3baqUeICzRpgsrxd7J4vrG6CGEa6pw6ERVMW-HCpSbfj7VzP6MGbZhDOP5nnpEoRMVkYpRIs3ZoHChScj_b5kS5Ey7L3IEvoSeygRxL2msZCFkLfgY82BtBbKrKaSF6BuSu0fQ4OIUQtyhKO_q2LINVZsyxTzwEQFkt4YDJcvSN0YLnpQhzmyVJo5PllLkoaqDTQR_ejOUC0j5lEF7TtAo39kLiYBVnWf7k7n__RkhWmMETa18Rj9g7ixGI2RTHKWPSDDIEBwGopTb8xT4zmeh5O9sY-FkIHlJafXQS8Y9NS1HWKGL9qazZVDJLTTRSa0ps-ld69g87U3Q0MyfFCAxD2hIDrN1dey9Vv1Q-8NZMiY_LA9W2wAKmafglmf6_iChEmPTm3ggIHDriv17NLIpFqFEdne0l4IwtqX9rQxrdg0FoiCrTWjo-ufcqDvUxEfMbXhVcD65Q0oz70n0i-7Sk2vof7d1iPPSUKwN2_dvY_csXYMOc36vLFJvKKaL6iddTOmbrN5AbEorw3LrjpYDmaf9AkpYLYoaBke5WFdjVrJyH4aHKA04d2dcWhlaQZ6kGj5BFlqs-fZIHPsNekOkZkfceBxlrwbiUD3XOMAKUPdrl1iy2UbAzsXIQi5pOnEYmdITjObzju8H06-s_Wq0UcnrLp83_M0l2lu1ce2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D14A 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=506487752664645&bg=!1dal1pLNAAaocxMpqHM7ACkAdvg8Wp1vR4qZUyzAExpdDmv9l8dZN3xCF--pPsNxSFnkg78EJGMEUAIAAAEVUgAAAANoAQeZAv9yzweNdkeUIyd4X9oEUp3qWF1r8m_B7HPEXyampM28AWrejUclzjalhoh55vsXJx8fp8Iu0BnD69NKyOA4cjCiXEK8cEnqfwEZU4qX7F9KGACJCh2vezEArxoNHuZiTqXEo1DhbfzpAIbi3YP5NqRVh2kX6yzkYeDJleY_Td3H16_3jzWFjYdAbtrkgOFu62D83BOHt3Z5OH0XbYQ9K6C5TrC5dEl3IEnTPK4wPMdM01amj2q8wb8hHzZJ9YZHB4LpifBOpOzDdyw6Qe6nlS2zWE-suV0-alEAVWFad70NcB7Rkrz3q_LLOzBrdmdwlcXwGSrjycLsHiV4bkprGHNtcohVvhpnTP9almZxBlPoK1QGms-Ec__8g1kEina3c1bPJq37G3A0MS3VfGP0YwCR_ydOwLUrYtr2KZXT_emPdz-sQ608y008lrxIK5JP5T3fochJ8NOADglDdZ58dUojr2MtvJiNmASWHek932G1c6AjiRO8AsvH3D5GQ24--1pfwgeQQQUC0-5U5TF2lcwbrUP25Di5l8p-BQUzAC1xa02pM8m8hKihsRv5sJO7VfLiXg3bzwAKYBI22uWOnXSuu9Wkn-Uob3mUZoonlk0v3sb8UykZFCrmf7LEe40umFLn7VhwHWZ475-mmEmhwezPS3EAC9InnLHUWufa4K-FtvhuRuNxGRgbJ57BzfIcgVXeazM0MLYO6mBauYmB3mndXtEyA77Jo8rcP1vZJb9Ti1vwy7dl6F5Mq-AtLPKFCmApi4qQQOhFhYBh72RqN0_vGKV6Hu196JX5weHYwZ9VYMBc2Glu_q4IKXIcMEh_YFk0Wl-mu6f0hgkLwTXCj1sRc4Ryq7E3KAwKKvHpDkwHlTicuIO_bn2hrSuVAB-QJhASSMkLqxrsd8Dg6lrXklEh1LAvD3dILsSEs-xisjo1MdKU6IEJBL-tsJEUstUDkzXoQrr2ev0WJEhWPAhwwrMo3CQ_Q41svYAaJysXbjZziCYhPBU8Ew9Da95QrZA_9A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal90003.redintelligence.net/ Frame C7DD
Redirect Chain

https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

146ms
122ms

Script
application/x-javascript

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.117 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 33068407911a3b697fbe203d9d0d8bb08a06199d4ad44a78e56ac409f19bbb82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 90002500173821700710612011840003
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1315
Expires: Sat, 15 Jan 2022 16:38:35 +0100

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:38:35 +0100

GET
H/1.1

200
OK

request.php Show response
hal900012.redintelligence.net/ Frame CF0B
Redirect Chain

https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

103ms
80ms

Script
application/x-javascript

94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 23e96bc008c6a4c5a941126dab9199bcc9d4708fbe7fbd01850eb39dc595fb3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 67535100169813100710612011840012
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1303
Expires: Sat, 15 Jan 2022 16:38:35 +0100

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:34 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:38:34 +0100

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 157E 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvmH2odPCtXzyYmo0MrpJFlCoKSfD-jq1w1V5MsbrQWIEv0ihu1oDOoskUdEdve07t1ya-gkMQt4bNkDhKg4eMPndIL_N5Ry3PgIfXKguGx4zqWTQes&sig=Cg0ArKJSzGMj6PS64y0FEAE&id=lidar2&mcvt=1002&p=205,990,805,1290&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=1250131073&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264713567&rpt=374&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D5D4 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=2652922557055784&bg=!aGulay_NAAaocxMpqHM7ACkAdvg8WuZUGMf5OpIIBp_UojAahl7p-LATyfEMJ0PFpAetVthCRAC8zgIAAADVUgAAAANoAQeZAvgVKxrc6AN26BPX9FmrwDoOg8rWzV-4L0OdIPfW_2pWwgVdO9q7xkHqvgKtVgU7SD_zSQYoNq9eKkwyzoyLMI67VrwfohpflEEUg70CPHD9GR-u2Urej13zwcxr5y9lCQ1OLGMCLRX_BXkvK5eJKCYk7k_-POqn9oucOWGTmwRxaaHHwXdU3hs61mnpBu-lgrZ3zXeHxOXO1Q2jv-paxf9ZOgdKtetvV-uvjiqYW3RHVDFUTSqeod5QgJEKwe-4HROn5bnzs0cSOLHIOsjGHntLC5IOGAQ17npROSYdYX6T3dkYHn4z8oqVxHDDt9h6vL4aQPcfZytwoVaV0hdnjWT5YPA9tDveRdtdTJB_lXTHd2gNMwz3I4omHwL7B_4_y7mRKc17P99v6L0Fsn1cTIcHT_EM1FasOHl8z_SCEuRD39j0oK5-PbA-Rm8VzgGrCIUptPrg2DPKbXvLOPcqGFsjsoetGX9lO5ImGv8Tu8CvZnbZjV8wYc-U3u-kRFHJ73iaOVaiXS2G2vmJYd6kG89Efe8zlIOmejMZzeWDkJWEhbOAHOJ6KEECwvdNQJlf7_rd6xXBWFxxjSspDzqLmDilh5eZfKyeNGPBWyvelGreg6xNS2QIKKmyi9wyoHLa-l-dewvZF8Bahtr1WwAjVnHT6zK3_wyMD7XsLXov6-jl06nsq7NmMTCSmEFZYA4YRYu-gZkxl-hB_PklBQc7r3mHhHxb59sbi529E-0dIecfYR55tMgKaNmdNyIO6X4MF4LWRDDChn7KtYY6Ar_sCSR9gw3MrLTPhKPiO7KS2GBlp5do7_2V_Z8MxbudtxDrL3jmoJ5MSn5kzYJpJbV4nazUqH6qztB4tnU8bINiTj8OQank4fb2MNjBiYMbmPUxnkzRxZiguDNbfeBZkg1frcytAr-I5iUmIkRNBOVTLm6pxRoDboO07qmka7cUz5-VNGQxwc2s8Ku6OWFFOjGadhoUmCIh8bTZJOyxKLvJJPvprNHB_mZ1dojr

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 45F6 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 68FD 35 KB
13 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 763F 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?2UghUA
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ADFB 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv4WHWA_YwYu4Bh7IhDQu1tVw_KqzgP28121cSlC9HRx04FJmWz7fejflDp5io_fmJj0beJjENtwGf6wKhd6EXJ9l3DugghcvzsuEf1aB23r5aMHiDJ&sig=Cg0ArKJSzAUZemGpYKDqEAE&id=lidar2&mcvt=1021&p=0,0,250,300&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1055926600&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264713839&rpt=159&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5A10 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuNLxOCKiOM3I3kB9Zj5kiE7Fp9w7nc0CIWtHkR30vpwlKYMhp5b9uDeJKI6GRzjq9ARRBTK43Phk3ew81abE6iBEm0DT6TuHMrPZ2r4SAcWg5oKq9v&sig=Cg0ArKJSzBYlegcRf6y1EAE&id=lidar2&mcvt=1022&p=845,990,1095,1290&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=2978949804&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264713205&rpt=797&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8470 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3789292906944693&bg=!1Nel15PNAAaocxMpqHM7ACkAdvg8WoUheB7k5YU4QX57oXtjiquvn19y3bwDtm2pccuF0bgIIiGIUwIAAADbUgAAAAJoAQeZAwVOJWkNMYwWFLi9Z6h5fO4zIBGvmC20qZKlHpgpkyb0smiKf8sXdPQ6QuRPJXROsloXGs24FJmldPAMfw_f2V3wMfLkSQJCY2VpirLETYcOLFLqEdfPq7lVDzWb7jYNRvIk-lSPT_jY9AoOR35nzqIJcHGLfocdaQ65vO3GiDWENHd8MMjcIxu78j9ZljpiGVjxv3RDbOcu6vWZZPPQeA7lIPITCL5b-A-HXePvEB7wlUweo8biFWr0zdu526SDuG2SyiYxla3JtUilWfl29QBqcmR4XVQVcO0x2MrkLVgx_Z_JhaHaq-x2ORfwhNoY6rUqVwhp_mGPK-LGiDzhQmKgH8aIQFiEafIVwxBPRkS2vX4lrU8pbX-eCP_bTMnWMvbobwecWVO3vImpbNdgnX800mR4ACIoeyfELQo9TzwCB61hGHZRgRFb_Am9XtUYVH8V8jaxHMti7k_takCRCWxRgwHY_KCAM4vj1OJ-MrW7tpzus9dCWcHMnz-ouRNx2wXo9yKATCzdFJnpdx7Aa8dgRjU0c4Jcsn1wjHIFoXyh1M8XKkrJK5TQa1ejQLsuePKHg31GLGWT5yZPtjs750Rv8k4_IjBmPgQ-_3aL3dcA0EzK0tDdZW8L8lX0h5y59ygb0DgCIyDVOqU0GBzORS_RtEMLbpAiy2tI_Hy-WjvVJkbuEIj49uf6GxMbZcGKjjkTy5UGFOQcq_J1uhEWTnyFlONHT4R-TMD2H5BiAA9R-HRoMNsEX3qzrghCNp6VPpWcazwwO7rwFc5uwIR_2qn6go6VlakLCuXp_cuu8XkQxvsnyOBgVWL1xa2WrWGxA3ldL3cej2e35a7jJ8WdVTa-cYbQU1VV2H3T5E-MdUT7ozCPzGkZNusq0vXf6sBrXfuLSGoBfpLGrhQ9vJSUEtodXto1afdn_VDYFQJ-Su4KCX_OE48VhijltaQCcxQ1P3b63KTsCrtkAC27WEWW_EM2dEMoCHW47vVfrbsGsMaqzLQrmoZpf75VtwWk0XGUnGt_M11-Jg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame A3DE
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=67535100169813100710612011840012&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=67535100169813100710612011840012&actionid=731824&produktid=businessgiro&dt_url=

0
201 B

83ms
74ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=67535100169813100710612011840012&actionid=731824&produktid=businessgiro&dt_url=

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Mannheim, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 15 Jan 2022 05:38:35 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 15 Jan 2022 16:38:35 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=67535100169813100710612011840012&actionid=731824&produktid=businessgiro&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: 8AC72684:8ED2_91EFC182:01BB_61E2F88B_BC5C3E4:297EA
X-IPLB-Instance: 40028
Cache-control: private

GET
H2

200

/ Show response
adv-srv.office-partner.de/ Frame 79DB
Redirect Chain

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

930 B
742 B

40ms
11ms

Document
text/html

5.1.80.163
CREOLINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.1.80.163 , Germany, ASN205948 (CREOLINE-AS, DE),
Reverse DNS: s17177.creolineserver.com
Software: nginx /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

server: nginx
date: Sat, 15 Jan 2022 16:38:35 GMT
content-type: text/html
content-length: 552
x-accel-version: 0.01
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

server: keycdn-engine
date: Sat, 15 Jan 2022 16:38:35 GMT
content-type: text/html
content-length: 162
location: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
expires: Sat, 22 Jan 2022 16:38:35 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame CF0B 1 KB
2 KB 286ms
144ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=67535100169813100710612011840012&nw=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: e3d0bbfd066067fd08ed67f8fc3a45e53b9f2ee05108bd0601ae687513e32a02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Last-Modified: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1231
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658 Show response
8019191.fls.doubleclick.net/ Frame B930
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658?

391 B
347 B

65ms
48ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

af3b4fb8ff2ad401f900a55dddb1e174cd6c1f96cdfe6ac220fa353de500d534

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:38:35 GMT
expires: Sat, 15 Jan 2022 16:38:35 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 324
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:38:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900012.redintelligence.net/ Frame 2866 7 KB
2 KB 36ms
12ms Document
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0eeaebc541&subid=&uid=ef0c639da8b13196&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1gc-ivjiYeO2Ddeq3gOMjK2IDrXN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9CY06Qg2YJpXwnRoJjSNtJr3ncNlWle6jTL8pvjdYYly4XPcxLEBUXAyzik9ZWWSNDU09WZnAH_NkzLRfbFwF6Z3CkZ74l1Iv8JyM3VO1AFvioeNZSLC78bEgZ3bSg97wkVe9tfwO-zxps7wxBibor-77TwihWSrYnnoW4ZvllFdYohoCqXZPvRsXLJjMEI-qhG7zWO31ggyUaygrjPsKwaQGqbDcRoH1-CYGcnjeQmRx_7wfRr5Oe6M_7IppqBvR0IMgXfp5qT1QuwZU2XEDeJ3KLf54ze74yqXqsdPYT_wVGU1ZWwjSopehNlTbUdBKxcHm1JZy98o8AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoq-zbL8as8n9ge9LWOFYS4w%26sig%3DAOD64_0IQFU42XB04kmTRQIBQGB6wGOlqg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-C-0WQ4vEs0-r1LmJqezjDMMzRU3pxfTMvBRO1IjbRo0LfVLtQhBe6UM7JfnR_sQfoQPd-IMjhNMo7AR7WnMk1-4Tv3AYTb4VTOENEvi6IxJM7MuE7qKgGMc6z-58Ka2pMSkSgXjyiBIFj41RiFhbW0SErb6g%26cry%3D1%26dbm_d%3DAKAmf-AjCUd7bPyDNXpTRfLxt82718MQPn7HqNkC_qE7A6Nrc4769q6iF1HgnvXN0fOOEprzDRRv-5Nco_b0NYmTCcyf79-rZ9mHYXYWOAuomlkd5KkxEw_MsgAq3uVzHuisq47H8epKifHn_Kd7dsQd8LJeVmMsBw680Uo6HuH0FLWQ7v_dJX5_e33KHUfsqsCVZuwJ8YTTZ9UyUcoDlufbbALL-ik9-r13LvCE5vMPJ4gl_gGhUbSn-LQ3OBX_v8tgZEAujBrg08lSokVEN7ixbTvwcPcZmZ9oKhoyrh1OeY4aolryN5NKQok8oh364MrgAYAaj_U0rIV1jKCkaRv99wFhANrj2Y3f82q0Jdnfbugm8ZIKIBelaku5NZXdarZvy_D2OKEwdpSMEzW9cioUBlT4_vYFgw%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5610836129169&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 6adb1f10c698bd6c81856d978057e238d049f55c74b6b734673f25df642d5b4c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:38:35 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2092
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame CF0B
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=67535100169813100710612011840012
https://ad-server.eu/wm/pb/native.png

68 B
312 B

183ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:43:46 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: 8AC72684:8EE4_91EFC182:01BB_61E2F88B_BC5B509:4417
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame CF0B 43 B
704 B 104ms
18ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=67535100169813100710612011840012&pv=1

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CC8B 1 KB
749 B 13ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 05:53:44 GMT
expires: Sun, 16 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 38691
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CF0B 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42c2504dbcb736d2457006a071c318c02694f68cc3d5f2ec4e73cd3019ef0fc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45F6 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bjsf9ivjiYbbzJtS2x_APnJGKyA4AAAAAOAHgBAI&bg=!ycqlyo7NAAaocxMpqHM7ACkAdvg8Wtn85Lnw9vewTrX5pufTSbd5GZ_XYmqWPTRcwonnTVKWxG58aQIAAACTUgAAAANoAQeZA0OZQx_CYqCdKL8PM4pgQfSNXxMgjZveBRx6aca0Eg2hkKnx_bXpjZjgfCSTr3Z9k3ME-oJ1TnMKDz4xan4NdinKFVwxhn9R_S0RoRWsVFa8l-B_88IVg2CW4Ctnl3qxOyekHuCsfypGTtoP65VY4GIvP_GTPQOmc4lwjLbN3POI7HdMamErM_T8E49CmCnpvWynbU9dNQNywY1w6ZzCWZrWmebJKlAZdjNvyxbZgw2oYJFgRSbfTNcHd8EgGSfREwWWwqRm3XXexpfm6eJQMAGqdVAD_j2UARe1xEEVdC5GcURyP1HumL4LA1tPkvkEXA222_etCWaapqoKDWF0zCfQrosyI_v1j9--xViyQUGvp_H-3vynNg6KqeYnUPX5XXa4gL2sa36esxk3xeSsYzduU3hK3Ykgd6qEWniR45yINkBuNQfX-rnA06fukCE5JuKeqD_kbnzSsAdajaSiw_AzYjWTsm095HfLpuNMifSlIznNvw4m0XIzDE0XC_bWn12O7TRnb1kCJxOFhUIRywdGIhz5YJi5Z0NdjrKe3QFUZhg88FSSpkgeRXDA1ut__LweFnPPnkAySwk861_SVaNwkAIuAT_qXflNrw7S4UwnrFJIUqpbjvRg6D5gASdFWuSBaeD04fhGW7EIkuCyn5_EiWzXQd-H3FQDHiYtn5E5ImSHtg2ncVDezcVRrMwDDyIjfeuDa0AZXlpMpdls0DKID4fb1CogrUkQUuasWW5zVQ2gCO-9Vw8YR-DReX0RkkFfRk3uVSivI_ZaTEl8cZ1A9hjfKvUTH0YV-3JeGUFPrvmQOF0R3VySJsj-gbOPP_M25EBpmT7K_B2ELzAJEZpH8QE1NJT0rzt_BTXEFcHqmTljxVlbmsQ2-bTwtEH_bQS6yLfVwks_atR94pa8VIOZnMZgXcXqayBq0x1g6_44aykF_PVPz0ROxuxc-bUKL3_KTZPQbXaTX-8pHUpn4KbyHxfAlfl-Cp_NbHF5PvDXPFnbi6LtmFGUVwOXwTeKzY29GAlvzEAVDhKL0VBr-7HueXx0enG6cgOOy6nh8D-y6VmKWvYsHu8XHpn1qxD82LbEUWYzRQ9UxqHIdBLrEk13fkRJ

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 68FD 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1QcBivjiYcahKMiH9u8PiZSKiAcAAAAAOAHgBAI&bg=!l5SllNDNAAaocxMpqHM7ACkAdvg8WlJ-TRZy5KGW8LjkFAvn4KEXzILOrrPGO2r-Oh4BzlRTlb44FAIAAAB7UgAAAANoAQcKABr4-KzTGJuifmMtSYnrEyH-iGmol7WXCcpDwZkDOzPrnAwLoh2WKrMFEDNgRJzHBhr0j5tZ4yfH0EhaNP6g0WSyL_9Lv-buErB9xhWNiW_ZWzvechf_9aMdTvD4Z-E1ZLMnjmZIRobB_KUj7u47rXck5ksQJmCZufaOZTS7WPYaRUQn77ypngXQFhmx1Fo1mWz14t60EFcr1vvAIZia4Nvn8b57Igd6MHGCm3sKlBWAFpA358ry5kAcOb_ATfxpQUKN-ABkZkAWfpJpYPO6bNCSVzd1FL98ucig6pCUqh23n2DtLxM99LSKafbd9w9iFCrb9gjTHJSeYE0la4lXqelAQCRqbzkwKy1OU1eEC2bnoi3c1MFwuKlM5rvBmI_jPrt2aarsoq5BO4ZP7kNjjmQEEsXQezWxvoVAGRCdQNJYsGhJcam7AOfsIfD063leDGey16HEhUHczOVsD6U13SNjhpmI7pmuHDz_7EOWtQEuWXHjSc8CDjns7ptYETdLUq39f6wWohsUmbXLzAS-UXb8Rf8zrnn3_P-KtjcQWYYG0KjiI5bJkpb1ePE-QbbjHBYjuBpmKXxdEaoyio-gnT5NzC_AnC4hocdj0ladU9qVRfwLQXFqBYvY05X0qADghBbQdl0DJTJHDD1LATKV-sxfAdTOAdxP3ureWMwNCb0aLAVMBs5JsY9VTqzKFIgATLEW51IHGFvQSCxWpTolA1gqvyUAahR_IxcUJVrR4d3jrJxsDvVw_9pZiofy0XzGbjhh_B1qh_cifKAYTSyGHCv8H1pYO0MzjbX0_OKmNds4fa_OtEQPJwv6lnAAGzcmhxFJ2U2VkGlhqsj7EdoL8mcic9WNpIxyYOouVFzCiQvWrHp5865lKVHJ84x-dWT5STOVyR45gg1aW3rdw2TB-icKJmirB2RTNF3Us9O3hA9WPgcQXxih7CKVYgMIZX3dqNCXdbbet2DffRn-T4G8PHGd09sA8idAHdF8Py1a8a2Rk7BueXrHW3-as6MM8X4f1ZQIgFhZe1Y4QHlhizhO9i4Z6zdxTzfVQFWniW6N0DMA0_AKJTD_Td4k3AZex3EoDrDjeG-I5jW3QRlfCZLFvAQxSdCs-VrdNl3qMINwaWzP8h_5QUCyy5wu

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 01F8
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=90002500173821700710612011840003&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=90002500173821700710612011840003&actionid=879111&produktid=ratenkredit&dt_url=

0
630 B

123ms
70ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=90002500173821700710612011840003&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Mannheim, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 15 Jan 2022 05:38:35 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 15 Jan 2022 16:38:35 GMT
content-length: 0

Redirect headers

Server: nginx/1.19.7
Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=90002500173821700710612011840003&actionid=879111&produktid=ratenkredit&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: 8AC72684:8EE0_91EFC182:01BB_61E2F88B_BC94E54:297E8
X-IPLB-Instance: 40028
Cache-control: private

GET
H2

200

/ Show response
adv-srv.office-partner.de/ Frame E223
Redirect Chain

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

930 B
741 B

40ms
11ms

Document
text/html

5.1.80.163
CREOLINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.1.80.163 , Germany, ASN205948 (CREOLINE-AS, DE),
Reverse DNS: s17177.creolineserver.com
Software: nginx /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

server: nginx
date: Sat, 15 Jan 2022 16:38:35 GMT
content-type: text/html
content-length: 552
x-accel-version: 0.01
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

server: keycdn-engine
date: Sat, 15 Jan 2022 16:38:35 GMT
content-type: text/html
content-length: 162
location: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
expires: Sat, 22 Jan 2022 16:38:35 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame C7DD 1 KB
2 KB 272ms
136ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=90002500173821700710612011840003&nw=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: a9d947841bb76426fd4b32ce72e4ad3ad5d8fbbf9d00f607364c5f4ce1487466

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Last-Modified: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1231
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353 Show response
8019191.fls.doubleclick.net/ Frame ADF9
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353?

392 B
344 B

87ms
72ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

65f39a1179acd4643b2bb05629342fca9805a38a6da7ca7505718b5b0eae81ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:38:35 GMT
expires: Sat, 15 Jan 2022 16:38:35 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 321
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:38:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90003.redintelligence.net/ Frame 5BE2 7 KB
2 KB 37ms
12ms Document
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=bd0463fbc0&subid=&uid=d713f66b6764f1e5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDsn1ivjiYbnHC9OP3gOY-JXgB7XN-YNX_Ni5q-UM8C4QASCIgL8UYJWCgICwB8gBCakCNPC05zUnsz6oAwGqBPoBT9AlRDRApLEOPFfR9yc03ewaTCqNUU6XfW0lvIb9mBD-k6ZX3LlqBYvgylHzvkk8sw9AcyYF8QDv-5SD9l1WsbmNLSkjjG79mYftdiyf_AqBx_SDxyvRgohQ2NlbfeLpTtmOKFAUDBvsxhS6sitgHcI2N4CCjN_J2V7blsmIPbo2jBJLa8JUbjSzPC3p8ke687eh6uHoRh0bsT3FzhdHPDHctvdDHH1a-uqxYbv-c_vhjx8aM6AeUVzD81UfXQWeeyqGC6C2a1bOyanHkx2XkKwiKOyU4vpKiF4J4_0hit-nKiNbg1Pgzjv9uIVdVF2ZE_Y_bH6ZndrVhMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRobmx4zupZ4Ix0M_jObZE_lg%26sig%3DAOD64_1iVCEtQ17mwhxtOekRntScZhAhMQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-B_0ZhgSsCVDvEbrt_ta-pPymHoiOEMTekh2u3dkYtN6qJhuSuBBtIwmu0F1uDUOq2xp5b7r7OSFmnqh9LUGZSse4iMy2JcMJ6I8E6l8nzp6Ht7UYUtJ_GDlxfBES_uRMIjrGw3NWTNCnk_tRj0jOgLRoNmJQ%26cry%3D1%26dbm_d%3DAKAmf-D40qszbmTm3B6lyAIy64vZTQN7ix9JW8A_oADPYN-lLbDFUV4CqTq534RIQkjiEBjuRmDPEwr6RtKglgK51_28rObGMVCH9fMrG2gRe4wq4vnfwICPf6E0MOXQy6mn8nOXu2FBHxxZrebVTGnZKFfWp4VSu6_bXFs40gU3JCWpdRHgjIaxQkwgO2lI_frLkbe0Io-aGewOtXRfl5ZClYlbY9FXzOQ6BO985FYtYjPzOs0mZC2rWYih-cdWgtDar4IOqrGAJw3Bb9tV7l2Jb9xJtHnHTm8QAJQMbuu9FlB5tIPRLaQXL7F8SMlX17i4b0eV8qi3nmEJATDvWSV1Lg8qhMkt7PzgH4RwtmLsURj1z4__28KdnDPSiy8VdA-iXrbKxjQkYwU0KIM-wrHkvtWh3wlGbA%26adurl%3D&documentReferer=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=8792591479062&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 87f5de91ff5cb090bc725799193a24b6323e6f51545f76d2335f2295bd33c6e1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:38:35 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2083
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame C7DD
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=90002500173821700710612011840003
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=90002500173821700710612011840003
https://ad-server.eu/wm/pb/native.png

68 B
312 B

174ms
30ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:43:46 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: 8AC72684:8EE4_91EFC182:01BB_61E2F88B_BC5B50C:4417
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame C7DD 43 B
704 B 38ms
12ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=90002500173821700710612011840003&pv=1

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6832 1 KB
749 B 10ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 05:53:44 GMT
expires: Sun, 16 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 38691
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C7DD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3b389d4d7d80a60a12be282ad147d045c038822125a5c37a3ceba0bbe480bef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D5D4 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvpQRtOtZyBsmaGKGJJrAnWb6txtPguzn_Wmcht5xPG53SHBnmnI4Jp_R4cjnLvL_3VGPG9Gs3XoYgYL3lS878pr9LP57XbnNpdo2omVKd0GmIDQWXV&sig=Cg0ArKJSzHkYtw7Tk6muEAE&id=lidar2&mcvt=1000&p=90,436,180,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=3960793290&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264713436&rpt=797&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
google2waycm.netmng.com/cm/ Frame CC8B 0
0

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame CC8B 0
173 B 57ms
15ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEKvP7zCDc_Uu_YCoA-sfMt8&google_cver=1&google_push=AYg5qPLcSp2ITvgIe2xw6RAHNWDUdqpy7tNPewzolKq2o_lmKHitPieF4JwbhVHjk64uyyzK8bUN3i97kDpC4ehHW9N7OwX5oPEi
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CC8B
Redirect Chain

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEGNr4eCNk9Kg_aStc7OyMCA&google_cver=1&google_push=AYg5qPK1WgII9Xm9U4gZTXfiVYBkZ2xuYZ4BGx8wfLbg9ZbTmTfJCvDqI3OIy03_zaQDR...
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPK1WgII9Xm9U4gZTXfiVYBkZ2xuYZ4BGx8wfLbg9ZbTmTfJCvDqI3OIy03_zaQDR9LjzLBL0XJBJDU2IXu1QtRRvqf1T_tw&google_hm=QXF4NFNKMG5jQlhMRUZRMVc5...

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPK1WgII9Xm9U4gZTXfiVYBkZ2xuYZ4BGx8wfLbg9ZbTmTfJCvDqI3OIy03_zaQDR9LjzLBL0XJBJDU2IXu1QtRRvqf1T_tw&google_hm=QXF4NFNKMG5jQlhMRUZRMVc5Z1FmNUE=

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPK1WgII9Xm9U4gZTXfiVYBkZ2xuYZ4BGx8wfLbg9ZbTmTfJCvDqI3OIy03_zaQDR9LjzLBL0XJBJDU2IXu1QtRRvqf1T_tw&google_hm=QXF4NFNKMG5jQlhMRUZRMVc5Z1FmNUE=
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET

pixel
cm.g.doubleclick.net/ Frame CC8B
Redirect Chain

https://s.uuidksinc.net/match/47/?remote_uid=CAESECI3sw1NsJab7GkTrwT9xgo&c_param1=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CC8B
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEIqbrQwS_raWV18_x02g2jA&google_cver=1&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKu...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEIqbrQwS_raWV18_x02g2jA&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKu...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKuaeDuhQtRxqcs4OG&google_hm=Nnk4R3RJeGZTbWp1UHl2...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKuaeDuhQtRxqcs4OG&google_hm=Nnk4R3RJeGZTbWp1UHl2TXZQY3c=

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPI8JqiHqqokw_s569AJ15VV3K5A8hUI1mkadCyTEWRez7Ewv7rJlDmoiG8sRGFU0eWXfZKvklz2HVbKuaeDuhQtRxqcs4OG&google_hm=Nnk4R3RJeGZTbWp1UHl2TXZQY3c=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK sync
rtb2-useast.torchad.com/ Frame CC8B 42 B
233 B 298ms
91ms Image
image/gif 2604:9e00:1:129::2:a01
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.torchad.com/sync?exchange=309&google_gid=CAESELpxsWnr7HNRmja8LAkUvrE&google_cver=1&google_push=AYg5qPKr8wXFblYAr55BTC0Iom4nA68-SRoDal7cj9EkN1RmYmt10_FJyWA_cjKLiQ5roInHZz_g-XYtItqvbAXwuJD65c-SZgk
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2604:9e00:1:129::2:a01 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CC8B
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEAyCMmz0h1oV54TsWjDKwW8&google_cver=1&google_push=AYg5qPLKp5B2gVrgnOcVm6oOjWPUtKk_p5z7r-LpqjptuHr3wzq4RqupEHCeiXCrVvuPrPREvJm87L9sSDUtQ7fW2FnDOOd...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLKp5B2gVrgnOcVm6oOjWPUtKk_p5z7r-LpqjptuHr3wzq4RqupEHCeiXCrVvuPrPREvJm87L9sSDUtQ7fW2FnDOOd5i9vC&google_hm=NjE3NzExNDM...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLKp5B2gVrgnOcVm6oOjWPUtKk_p5z7r-LpqjptuHr3wzq4RqupEHCeiXCrVvuPrPREvJm87L9sSDUtQ7fW2FnDOOd5i9vC&google_hm=NjE3NzExNDMwMzEwOTA0MDYyNA==

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLKp5B2gVrgnOcVm6oOjWPUtKk_p5z7r-LpqjptuHr3wzq4RqupEHCeiXCrVvuPrPREvJm87L9sSDUtQ7fW2FnDOOd5i9vC&google_hm=NjE3NzExNDMwMzEwOTA0MDYyNA==
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CC8B 0
12 B 17ms
15ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IMKMmIL5q80r_1COt2h0FxbJ3-SispfwLN4OluRZ85hQyzfS31vr7EiK5nfWPTN5wz2jguYQ

Requested by

Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET /
google2waycm.netmng.com/cm/ Frame 6832 0
0

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 6832 43 B
65 B 33ms
15ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESENgS_Kn1IqxxD8CKwF8sHLs&google_cver=1&google_push=AYg5qPKniOWlXztxS2iDMg5LNIGb0UGDGJDV8gAK4fZjFlLO75jp_Cgyz5OHRs3BE3VET3Lcecwp4_WGYmKWsvEABq3Tjk79f6VU

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jan 2022 16:38:35 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6832
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFwjvAFHuliHxa5SZIkqAgs&google_cver=1&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BLmm...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFwjvAFHuliHxa5SZIkqAgs&google_cver=1&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDA2OTQ1NTY1OTA3NjgxODc3Mw&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BL...

170 B
188 B

38ms
37ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDA2OTQ1NTY1OTA3NjgxODc3Mw&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BLmmaW33g7OcuBwiMUySDjY

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDA2OTQ1NTY1OTA3NjgxODc3Mw&google_push=AYg5qPJfJQMW3Z9_8hsH-SEbAC_8n7ubVJSnehDyVZkaDlhBH_uJUg8UsUVreSisz7BCQmHvw8D4BLmmaW33g7OcuBwiMUySDjY
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 6832 42 B
233 B 278ms
88ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEFquAI6kfhdv3fZE30-VLYU&google_cver=1&google_push=AYg5qPIJfT3Lv917LXmWrzvHIl4a_unUbSc-QFaY_h4CJ0FEfHIaYvh8hjaR9t4MvxAVUO-kn-nHvDVg7I2PbLJSBYziIjfNA_k8
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6832
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPEcsIv0fNsyST1Z-jGSOWc&google_cver=1&google_push=AYg5qPII9PB19yxNJcqN3VfTM3IJIyEE8Nhtz_IUzOubdVOqcdxNwDylZOusgjkVl3ArlajpOKF0G1-8sJYdF0b1...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPII9PB19yxNJcqN3VfTM3IJIyEE8Nhtz_IUzOubdVOqcdxNwDylZOusgjkVl3ArlajpOKF0G1-8sJYdF0b162RHAQj9cPs

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPII9PB19yxNJcqN3VfTM3IJIyEE8Nhtz_IUzOubdVOqcdxNwDylZOusgjkVl3ArlajpOKF0G1-8sJYdF0b162RHAQj9cPs

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:38:35 GMT
via: 1.1 bab8148a65b29113f79cf2725076287c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPII9PB19yxNJcqN3VfTM3IJIyEE8Nhtz_IUzOubdVOqcdxNwDylZOusgjkVl3ArlajpOKF0G1-8sJYdF0b162RHAQj9cPs
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: F0GVr5ay9z2RdUMFDtfsQ2-GjBfnq5uvBsDK0DwSwYuyv_dLfu1knQ==

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 6832 42 B
233 B 307ms
88ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEPOcABpl1S7ghrhtYirO3Rg&google_cver=1&google_push=AYg5qPKTwyeyEwYWouVKbSRdwPDzqioIS5DyfJPvD-QNTu7Lc5WGen-XqW_mpGdrHQMJC6CO_dFHLjhnq0feWq-1ypclcUyrykmsvw
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6832
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEMJtrrdw0XPN9KBh6Flb408&google_cver=1&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe...
https://sm.rtb.mts.ru/match/second?ssp=12&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw&exu=CAESEMJtrrdw0XPN9KBh6Flb408
https://tech.rtb.mts.ru/?dsp_uid=d87ec26b-e7e5-4b62-8d0c-a375b95f2b38&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3Dd87ec26b-e7e5-4b62-8d0c-a375b95f2b38%26g...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=d87ec26b-e7e5-4b62-8d0c-a375b95f2b38&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPq...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=d87ec26b-e7e5-4b62-8d0c-a375b95f2b38&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=d87ec26b-e7e5-4b62-8d0c-a375b95f2b38&google_push=AYg5qPJAwbXW1qc4L7WfvcgOTHupUlKzN4H_tTtUmpa9ZzZ_q9rd0SEkTdjZl1hanofyRahWAqSE8HS5FiIsgEPqe3nDGKY3vy4eqw
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6832 0
12 B 17ms
15ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L-0XXR-C6Lc4dnbrJ4PydqbKQDYx-kwwPz5KqjdfXzMxevxL02r1D8g6pCSuRHejeGV-AncRA

Requested by

Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 css
fonts.googleapis.com/ Frame 2866 1 KB
921 B 42ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 15 Jan 2022 16:38:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jan 2022 16:38:35 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2866 16 KB
16 KB 42ms
18ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 9bfe53279c4d9e75e2327bfc455660fea77591af5a5b2258c508803707f158c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2866 16 KB
16 KB 48ms
19ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: ee77c502f1d5c7d72b10904f686628842c426def8850a673ee3f13dbec6fbd97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16528
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2866 17 KB
17 KB 47ms
20ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: fd7de549603cd3b97a3190ea98694b9f366897f6cdbbd321f3630e2efd4a66e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16858
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 5BE2 1 KB
492 B 42ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 14:47:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 15 Jan 2022 16:38:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jan 2022 16:38:35 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5BE2 16 KB
16 KB 43ms
17ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: c10de9dc35a4604c9eeb7c4e93407c1ad0bf51f63e131c198b07d20f92d93223

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16248
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5BE2 16 KB
16 KB 45ms
18ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: ee77c502f1d5c7d72b10904f686628842c426def8850a673ee3f13dbec6fbd97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16528
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5BE2 17 KB
17 KB 48ms
21ms Image
image/png 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: fd7de549603cd3b97a3190ea98694b9f366897f6cdbbd321f3630e2efd4a66e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16858
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900012.redintelligence.net/ Frame 2866 0
150 B 35ms
12ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/viewability?s=67535100169813100710612011840012&a=d6c11cb9&vb=m
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/request_content.php?s=67535100169813100710612011840012&a=1c0d1691
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame 5BE2 0
150 B 51ms
27ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=90002500173821700710612011840003&a=05bfb816&vb=m
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658
adservice.google.com/ddm/fls/z/ Frame B930 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CO6Q7OeYtPUCFUARBgAdOEIBjw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6484296334967.658?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 79DB 82 KB
32 KB 35ms
17ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv-srv.office-partner.de
URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2ec2ecae8d41e5dc76422bed223fd4243a85e51d070c468f5ad21b3e2e76dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv-srv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32501
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:38:35 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame E223 82 KB
32 KB 47ms
30ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv-srv.office-partner.de
URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b12db2c94dacb6944cdddfbfdd04e8ae3bb93de96ec7aa5f538bf50fa8048414

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv-srv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32495
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:38:35 GMT

GET
H3 200 dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353
adservice.google.com/ddm/fls/z/ Frame ADF9 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLmU7OeYtPUCFQnM1QoddhsByQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3730030197665.1353?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame CF0B 51 KB
51 KB 93ms
11ms Script
application/javascript 18.66.248.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=67535100169813100710612011840012&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-117.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 a6848167f38570c4e775e8ba04d1f1d0.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 43492
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Sat, 15 Jan 2022 04:33:44 GMT
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: RivFz0siFINU9mjqGrzv5V0LHAGMcGpAYuOfkNfB1p5NYuWlZ5kdag==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame CF0B 85 B
541 B 109ms
38ms Image
image/gif 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=73524700137049100710616011840016&wglinkid=498343
Requested by: Host: bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
URL: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Last-Modified: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Content-Length: 85
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame C7DD 51 KB
51 KB 65ms
22ms Script
application/javascript 18.66.248.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=90002500173821700710612011840003&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-117.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 a6848167f38570c4e775e8ba04d1f1d0.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 43492
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Sat, 15 Jan 2022 04:33:44 GMT
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: 3Sif6PJELGPmZy4dh7HsrRy_tBt8RF3On9LWsUZYTjQ4chA1_yJiNA==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame C7DD 85 B
541 B 102ms
37ms Image
image/gif 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=69801300168731300710676011840019&wglinkid=498343
Requested by: Host: 1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
URL: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Last-Modified: Sat, 15 Jan 2022 16:38:35 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Content-Length: 85
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
a.adroll.com/j/ 46 KB
15 KB 68ms
11ms Script
text/javascript 2600:9000:2315:7a00:15:90db:9f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://a.adroll.com/j/roundtrip.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2600:9000:2315:7a00:15:90db:9f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: TrxFtQaM8s37m_Nm4h1GkMAOXYF47jUQ
Content-Encoding: gzip
Etag: W/"b8caabe626e64605e61edd5174246bf4"
Age: 111
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 b1dc6a0d7547e8d4ab339f8c4caf9ea8.cloudfront.net (CloudFront)
Last-Modified: Fri, 14 Jan 2022 00:11:04 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:36:46 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: DUS51-P2
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: kuiB0BNKMfKinzaBk2VkFq04LSYTbYPB9nkNoVoOWGBg0fsmZWalNg==

GET
H/1.1 200
OK chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 62ms
10ms Script
application/x-javascript 2600:9000:2315:5000:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=xe2x9dx84xe2xa1xbfxe2xa1xb9+Buy+Hydroxychloroquine+Over+the+Counter:+xf0x9fxa4xa9+www.HealsPills.store+xf0x9fxa4xa9+Uses,+Dosage+xe2xa1xb9xe2xa1xbfxe2x9dx84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2600:9000:2315:5000:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:27:40 GMT
Content-Encoding: gzip
Age: 655
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Last-Modified: Fri, 14 Jan 2022 02:25:57 GMT
Server: nginx
ETag: W/"61e0df35-8e96"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 271c2e1e305f31b0f14837cad3c843b0.cloudfront.net (CloudFront)
Cache-Control: max-age=7200
X-Amz-Cf-Pop: DUS51-P2
X-Amz-Cf-Id: hbIwGjUAnTUJeGQQTYu46yUbVtM51t2-8vKdsmg8LLMXHMhE4-G2Yg==
Expires: Sat, 15 Jan 2022 18:27:40 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 30ms
29ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a02374499910d34a84cd5b6f2c17a92957df109366549f5a46a0254f881848e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8582
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C631 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst48pxzHFSlXmteW5-AYkbhgT4NndAY43jgWSyP-JmT-GorQU72nMNpfmKuK5MFy4lQOEvJmHHaN8r-0DR-4VpbS8qKD7Lw-_RcxG5Q&sai=AMfl-YTj-utAqnvyABrpJchFxODcYJwiLpWGSw1OMHqG3e7kEJeWYD5SKgJ_H92oHayvSnqeI8l31pocs5X3hwgibaJkPPNJdWdx7fdI64wln_RO5gC4UG0Zq4gFe4VH&sig=Cg0ArKJSzP3thRUjzzXPEAE&cid=CAASEuRogbgfcFTQFUNhRbDUmruNRA&id=lidar2&mcvt=1000&p=206,991,688,1291&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=9&adk=371969004&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264714260&rpt=333&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:38:35 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B8D6 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 12:14:53 GMT
expires: Sun, 15 Jan 2023 12:14:53 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15822
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F4AB 783 B
536 B 19ms
19ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a03ff6167267125ff8a2d9c1ca01a4b1790da525489e8c732c8c38f235b78993

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vGoXqSYUXvYfxYxD6E9f9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:38:35 GMT
date: Sat, 15 Jan 2022 16:38:35 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-vGoXqSYUXvYfxYxD6E9f9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK ping
ping.chartbeat.net/ 43 B
294 B 193ms
93ms Image
image/gif 100.24.193.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ping.chartbeat.net/ping?h=www2.kusports.com&p=%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F&u=CU-vKoB0uIx6B0dIYz&d=www2.kusports.com&g=27638&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=3084&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=5008&t=CrpT85CfLKEVC7WwUhBQRkmeDt2UkI&V=129&i=%22xe2x9dx84xe2xa1xbfxe2xa1xb9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20xf0x9fxa4xa9%20www.HealsPills.st&tz=0&sn=1&sv=bMbZhCir3jXBPIQ3ZBzJwPdCDARXP&sd=1&im=04030400&_
Protocol: HTTP/1.1
Server: 100.24.193.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-193-39.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:35 GMT
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/X7723AQJHJDWVHXHZOPVBN/index.js
https://s.adroll.com/j/exp/index.js

28 B
762 B

10ms
9ms

Script
application/javascript

2600:9000:225e:9800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: VxC0v7SN4NsT_sJxZYoy27yA4ALlRfhC
Via: 1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 41640
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Mon, 18 Oct 2021 21:07:54 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 07:42:18 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: LAmHZpAyYVvdcJEDmyBgLUXWf5JOsPuOw_uKkkjE7Q5_Hwd9O5CSQA==

Redirect headers

Date: Sat, 15 Jan 2022 08:33:30 GMT
Via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
Age: 29105
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: RDZsymw-Ehssp4HkOhUIfPZeCOfe3ZUJWmA4ybVVx3Y9ycyAKW49lw==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
733 B

10ms
10ms

Script
application/javascript

2600:9000:225e:9800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 46919
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 06:01:32 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: PCh2ag0V-T1cy99mU_EmBJfPHBlR-X9-o7IYFzxbB07OemWH82zM6g==

Redirect headers

Date: Sat, 15 Jan 2022 08:33:30 GMT
Via: 1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
Age: 29105
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: BKVbn7NuLdQHo2vDRnEds5oKSAj-k7dgsgCtmVCzJgqNdMXFnJY8QQ==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/ 0
782 B 240ms
176ms Script
text/javascript 2600:9000:225e:9800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/index.js
Requested by: Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: PHYDd.jWZgmyRybOMIene6Hn8N8ueYLb
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: RefreshHit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Tue, 11 Jan 2022 23:24:23 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:38:36 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 2HHxj1CCSJDmefKOdRy0m3Ene6cyp8fC8eiyWLSae4ZZKVxx8M2Deg==

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F4AB 0
0 44ms
44ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3299341192545222&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame B8D6 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172329
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 16:46:26 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B8D6 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9NJyXA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 X7723AQJHJDWVHXHZOPVBN Show response
d.adroll.com/consent/check/ 393 B
862 B 160ms
33ms Script
application/javascript 54.228.17.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/X7723AQJHJDWVHXHZOPVBN?arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&_s=ee7d08292ad3ca0f90d183d56835f5e5&_b=2
Requested by: Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.17.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-17-128.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 2f2180e07af7d6a2d552aa4a44ad922fa0c1a77e0743585c51978db3af88aa84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-type: application/javascript
content-length: 393
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3299341192545222&bg=!FxSlFFDNAAaocxMpqHM7ACkAdvg8Wj5omBYp4VCv0GUoHbRAA8DnOVkkENLteUzkGsTRtUXMgS0cdAIAAABGUgAAAANoAQcKAEjB9n5LOsOjr80gyyUwNjaDvHWsZb1D-NVl3D6Et9ThAPGvMhBlsmu8UEaLv695ykiIJEuv3wHbpvOhEBM3OCyItmYvKWlEuC6ZAtJSd4Dm6SlCQpIku9gBfzboPWGK_GnSVMoxrQvyhD8Upe0XijewrG5oVlPJ1q1UYuwTlsl6yGUBY1Vl0oBFShP4e42TuVSfAtalKJP0hwWsb9SW79MXJKuXd2J_lnyU5baGK6fVadTRl67zbsQE86s6rHIPEtgsr3LbFmoU4tfgNqlQRufd1LmGc1OrszDdB3aOw4cP9ZrvBUEY_08mr8QHjUqqY7LUTfkvomKYgo4O_axycAxhlqhEYhcJlulZbC59zTQWmUAZZ3QP3GDlBF2i4YuZOESdQQG_u01f4XpMbUPW9p-vl6irw8mE7vA26a8uPKGuSj6tYh_hGcofBhxpef-cFEcPcMdTmbpgcAD2UdRTLUX1Kkz3IX4yZn70IRVVhLUA4UMzp-arpZMhAfyJ-P6zgi0ZpaVjifQb0FZvEXtAT7Rm1TodpbF_PwfVs1BWt-KOjaaB9I2OP0hKQdRSoUaETLiexazmVZYx-qYnmu_tFNVNgudqBKcCj32H8WLVIEwcd0vN26YZ6LG79QQSqumYb2syFUkbOwGvmhO_FTKHjHncmWEE9N5V6NXMIIyuHnwZrMVvSQAfEx-kbMCQV4zqzsLlradhlelnAJx2FkDw3ZmV6Fve2c9b-b5uRl7ItjF5xb4Efv-16ccL5ROnQClJERI2HITX3RKY0HSDCm59g2Y7UW00dIl5USoIl3nPe8onsovuVetDIL6VsJ_3V6-ioWfpfQ1y3dad5K_EtwWVjIpS55LKicfM6u8utt2rgI1e2Y2efXNH15KCuh5PvwsOm0cw6bL0xzRVBvU0w8sDccKrCSBCEupmpXMoLbCpJavSz7tphQwCr0-0TNFIhD5yCF1BRatCsr63xuvkJ2H6Yu5wNoEX6_wsjSywg8mgRCj89_PItir2Ki2j8i7jJNFo6bcgO6kfo03YHqQ0kmtkK2SNrs4o2Q3ErBav1XWCew

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

NT3YRS4RBBEJXN5JBMR5A3.js Show response
s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/
Redirect Chain

https://d.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotog...
https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js

2 KB
2 KB

595ms
595ms

Script
text/javascript

2600:9000:225e:9800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:9800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1d938d97331866e733f47f9ba4b748530a8b4f684ae1bf3a19c01f32854104f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: esNmzW3uroWKwh70CFyRK9.ni.LnG9dW
Content-Encoding: gzip
Etag: W/"e2fa21a3c5e4ee334e1fbbe2e9290ca2"
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
Access-Control-Max-Age: 600
Connection: keep-alive
Access-Control-Allow-Origin: *
Last-Modified: Tue, 08 Dec 2020 23:30:33 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:38:37 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: cTvd33W4egFlCaetCrwK4De3pQkeVeJCylr2IHFUAUDIa-mE_upLVg==

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.20.0
x-rule: *
date: Sat, 15 Jan 2022 16:38:35 GMT
x-segment-eid: NT3YRS4RBBEJXN5JBMR5A3
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: XTQPGD4JMZBBLO774N2I4E
x-segment-name: *
x-advertisable-eid: X7723AQJHJDWVHXHZOPVBN
content-length: 0
x-conversion-currency

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C7DD 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsud-xusvcKWZG7G2x-5erzdoylY-4QhO_bAKX4SdQi8yG48GvEsoZJl8bZEDeljwipe14Bs789eU8oo7zUD7mXmBGL_UPjgUUYsWmlX&sai=AMfl-YRlKgDYJ4OEYQ0lWRYQj9y0Zz_lhoCg5kFo4-HmkwFswVvIVF7wyO9civuKgJM2ciFg2lUmsnFQucaeH0xI0ts7X4YQ8K4KOMI&sig=Cg0ArKJSzFkCrVgT4OSDEAE&cid=CAASEuRobmx4zupZ4Ix0M_jObZE_lg&id=lidar2&mcvt=1083&p=0,0,90,728&mtos=1083,1083,1083,1083,1083&tos=1083,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3055526604&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264714457&rpt=767&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame CF0B 16 B
232 B 78ms
78ms Fetch
application/json 3.248.87.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.87.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-87-88.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 15 Jan 2022 16:38:36 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 181ms
30ms Preflight 3.248.87.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.87.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-87-88.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 15 Jan 2022 16:38:36 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame C7DD 16 B
232 B 101ms
101ms Fetch
application/json 3.248.87.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.87.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-87-88.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 15 Jan 2022 16:38:36 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 166ms
30ms Preflight 3.248.87.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.87.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-87-88.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 15 Jan 2022 16:38:36 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame 5BE2 0
150 B 36ms
12ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=90002500173821700710612011840003&a=05bfb816&vb=v
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/request_content.php?s=90002500173821700710612011840003&a=7711fbf0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

204

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xb...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
447 B

74ms
21ms

Image
text/plain

2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Protocol

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:36 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 165
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xb...
https://x.bidswitch.net/sync?dsp_id=44&user_id=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY

43 B
495 B

10ms
10ms

Image
image/gif

18.198.122.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY
Protocol: HTTP/1.1
Server: 18.198.122.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-122-33.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:38:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY
Date: Sat, 15 Jan 2022 16:38:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xb...
https://ib.adnxs.com/setuid?entity=172&code=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY

43 B
1 KB

239ms
239ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:38:36 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a174782a-cb50-43de-a084-c376f4f7adba
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=MzM0NDBmMTEzYWNkYjEwNzUyZTM3YTI2MDY4NGM2YzY
pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 32ms
31ms Image
image/gif 54.228.17.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xbfxe2xa1xb9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2Bxf0x9fxa4xa9%2Bwww.HealsPills.store%2Bxf0x9fxa4xa9%2BUses%2C%2BDosage%2Bxe2xa1xb9xe2xa1xbfxe2x9dx84Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.17.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-17-128.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:38:36 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.20.0
content-length: 42
vary: Cookie
content-type: image/gif

GET
H3

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xb...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=33440f113acdb10752e37a260684c6c6

43 B
61 B

18ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=33440f113acdb10752e37a260684c6c6
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
via: 1.1 google
server: OXGW/17.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=33440f113acdb10752e37a260684c6c6
pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 87
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=9af507d818b06b07ec1c46ec32c33506-1642264715953&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3Dxe2x9dx84xe2xa1xb...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=M0QPETrNsQdS43omBoTGxg
https://d.adroll.com/cm/g/in

42 B
536 B

32ms
31ms

Image
image/gif

54.228.17.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 54.228.17.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-17-128.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:38:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK common.js Show response
maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/ 77 KB
29 KB 120ms
119ms Script
text/javascript 2a00:1450:4019:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/common.js

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4019:80b::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

565a604b8d2449fcbbe6a76e51f0b8f5c6b85e912c87e81bb9aa2c7f86b8cd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 21:02:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 243388
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 28716
X-XSS-Protection: 0
Last-Modified: Tue, 11 Jan 2022 02:10:25 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Vary: Accept-Encoding, Origin
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 12 Jan 2023 21:02:09 GMT

GET
H/1.1 200
OK util.js Show response
maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/ 298 KB
92 KB 237ms
120ms Script
text/javascript 2a00:1450:4019:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/util.js

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4019:80b::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8749b19ba5041e508d173b873b9ac49b4d2fa9bab220cd1299e654fdd0f27a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 21:02:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 243388
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 93199
X-XSS-Protection: 0
Last-Modified: Tue, 11 Jan 2022 02:10:25 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Vary: Accept-Encoding, Origin
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 12 Jan 2023 21:02:09 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: media.adfrontiers.com
URL: http://media.adfrontiers.com/pq?t=j2&s=1779&ac=19&at=2&xvk=96787708.95998482

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEDlVh00w4FlDfjw_RisSCUM&google_cver=1&google_push=AYg5qPJb4M401aSCa4SPeWvOr2gK6zqMZlsJjnjX9xkF6NinvVSLYolm-2UXo2uKKg2v64pyNMqsh6NCgDk4ywCckrLAn1jXbIzW

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEDlVh00w4FlDfjw_RisSCUM&google_cver=1&google_push=AYg5qPJPqir63x-QEjn6_qR41Mw8GIfKRTEDxRExxgR39AhjW9DqUjpB5IImw5Eqp5nnGWBHUf-u5CbpwkNVVDRMt30fD_Fl0HCx

Verdicts & Comments Add Verdict or Comment

181 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

73 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sitescout.com/	1970-01-20 08:56:40	Name: ssi Value: 3e34e960-9393-4580-903f-8e1e067a2174#1642264712935
.kusports.com/	1970-01-20 17:42:16	Name: _ga Value: GA1.2.921026946.1642264713
.kusports.com/	1970-01-20 00:12:31	Name: _gid Value: GA1.2.2002762806.1642264713
.kusports.com/	1970-01-20 00:11:04	Name: _gat_UA-381152-3 Value: 1
.scorecardresearch.com/	1970-01-20 17:27:52	Name: UID Value: 16DP4ORJHWPXD12NLCGTFJg1642264713
.kusports.com/	1970-01-20 02:20:40	Name: _fbp Value: fb.1.1642264713143.242393325
.sitescout.com/	1970-01-20 00:54:16	Name: _ssuma Value: eyIzNCI6MTY0MjI2NDcxMzMwMSwiMiI6MTY0MjI2NDcxMzMwMSwiNCI6MTY0MjI2NDcxMzMwMSwiMzkiOjE2NDIyNjQ3MTMzMDEsIjciOjE2NDIyNjQ3MTMzMDF9
.doubleclick.net/	1970-01-20 09:32:40	Name: IDE Value: AHWqTUkhnzwrkwJoVKzHkgVQrCBswfFhmUdAoWi9uYeY8nlToGKySQwx7QRwAwzP02U
.tapad.com/	1970-01-20 01:37:28	Name: TapAd_TS Value: 1642264713466
.tapad.com/	1970-01-20 01:37:28	Name: TapAd_DID Value: 7c27e12c-98b8-4df3-a045-4deb5f608150
.tapad.com/	1970-01-20 01:37:28	Name: TapAd_3WAY_SYNCS Value:
.demdex.net/	1970-01-20 04:30:16	Name: demdex Value: 22197250298784171262001839418251326399
.crwdcntrl.net/	1970-01-20 06:39:51	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 06:39:51	Name: _cc_id Value: 66609f3f2db34638f78d36cb3e65cd7a
.crwdcntrl.net/	1970-01-20 06:39:52	Name: _cc_cc Value: "ACZ4XmNQMDMzM7BMM04zSkkyNjEztkgzt0gxNktOMk41M01OMU9kAILERz86QTQUAABeRQu4"
.crwdcntrl.net/	1970-01-20 06:39:52	Name: _cc_aud Value: "ABR4XmNgYGBIfPSjE0hBAQAiXQLF"
.dpm.demdex.net/	1970-01-20 04:30:16	Name: dpm Value: 22197250298784171262001839418251326399
.quantserve.com/	1970-01-20 09:41:19	Name: mc Value: 61e2f889-c5bcc-33675-feb76
.kusports.com/	1970-01-20 09:35:33	Name: __qca Value: P0-1748328209-1642264713626
.www2.kusports.com/	1970-01-21 02:27:52	Name: _awl Value: 3.1642264713.0.5-c9441e2cecfc20238de2f6299cc3a7d0-6763652d6575726f70652d7765737431-0
.kusports.com/	1970-01-20 09:32:40	Name: __gads Value: ID=b37c601c8de5d276:T=1642264713:S=ALNI_MbsyM8Wi68R9YznNReZ70QbhBSHng
.yahoo.com/	1970-01-20 08:57:02	Name: A3 Value: d=AQABBIr44mECEFOrtNmb7nuCJ9pv_kTgq7UFEgEBAQFK5GHsYQAAAAAA_eMAAA&S=AQAAAtb1YJ1gVn0qQBMcXRrnvuE
.pubmatic.com/	1970-01-20 00:12:31	Name: KTPCACOOKIE Value: YES
.analytics.yahoo.com/	1970-01-20 08:58:07	Name: IDSYNC Value: 18yx~22og
.pubmatic.com/	1970-01-20 02:20:40	Name: KADUSERCOOKIE Value: BD180738-C844-4FCD-9B68-6341DEA862B7
www.lead-alliance.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5i37p4ve5ek4jo9ms7cg72f0pq
.lead-alliance.net/	1970-01-20 00:21:09	Name: ppv1225 Value: 2022011517383462167447795X117667V1225131106MSviewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet
.adnxs.com/	1970-01-20 02:20:40	Name: uuid2 Value: 287002424208354988
.360yield.com/	1970-01-20 02:20:40	Name: tuuid Value: f2bd2798-1fd6-45f8-b010-cb58cec32313
.360yield.com/	1970-01-20 02:20:40	Name: tuuid_lu Value: 1642264714
.media.net/	1970-01-20 08:56:40	Name: visitor-id Value: 2852663140733205000V10
.media.net/	1970-01-20 00:31:14	Name: data-g Value: CAESEP9foxjwveKLapAzxlQVkVE~~3
.casalemedia.com/	1970-01-20 02:20:40	Name: CMPS Value: 3239
.doubleclick.net/	1970-01-20 00:11:08	Name: DSID Value: NO_DATA
.blau.de/	1970-01-20 00:21:09	Name: nscT486 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTExMDAwMDAwMDA2MTY0MjI2NDcxNHZsZWExZGUyMDIyMDExNTE3MzgzNDYyMTY3NDQ3Nzk1WDExNzY2N1YxMjI1MTMxMTA2TVN2aWV3b25laWQ4UmRGRGY4ZmVkMVBVZ0hZdEV0eHRrazJVR1M1dFFma29uZWlkX19kYm1uYXRfUHJvc19BbGxuZXQxMTc2Njc
.blau.de/	1970-01-20 00:21:09	Name: nscQ486 Value: V
.blau.de/	1970-01-20 00:21:09	Name: webShopPV Value: ?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_117667_-HTLP&utm_term=AFF_la_117667_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2022011517383462167447795X117667V1225131106MSviewoneid8RdFDf8fed1PUgHYtEtxtkk2UGS5tQfkoneid__dbmnat_Pros_Allnet&wfid=117667
.casalemedia.com/	1970-01-20 08:56:40	Name: CMID Value: YeL4ihouyMQJKZMZR1FFSgAA
.casalemedia.com/	1970-01-20 02:20:40	Name: CMPRO Value: 1126
.casalemedia.com/	1970-01-20 08:56:40	Name: CMRUM3 Value: 2d61e2f88b2760CAESEBDD6W_HEQ3xr-33YchfxEc
.casalemedia.com/	1970-01-20 00:12:31	Name: CMST Value: YeL4imHi+IsA
.redintelligence.net/	1970-01-20 02:20:40	Name: 8lcfmzhxc8d6_uid Value: a883872410cc645a
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 379097:2519595
.awin1.com/	1970-01-20 00:21:09	Name: awpv14098 Value: 296283\|1642264715\|954c80e2-7621-11ec-83e9-2236f8f860b8
.uuidksinc.net/	1970-01-20 08:56:40	Name: jcsuuid Value: zFB3Eg5H7KFTYC5Wx5Vw
.blismedia.com/	1970-01-20 08:56:44	Name: b Value: 61E2F88B485C40DF6A9BA335BLIS
.medialead.de/	1970-01-20 08:56:40	Name: trscj Value: MTY0MjI2NDcxNXxMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRNekJoTjJSbU9HUmxaR0UwWVdFMlAzTjFZbWxrUFRZM05UTTFNVEF3TVRZNU9ERXpNVEF3TnpFd05qRXlNREV4T0RRd01ERXlKblE5YUhSc2NBPT18YUhSMGNITTZMeTlpWWpKa016UXdOakJpWkRnMk9HVmpNakZtT0RSaU1ETTJPVGd6WW1Zek5pNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D
.adform.net/	1970-01-20 00:55:43	Name: C Value: 1
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA12dax09s2tMsgwzA8zNQkpDs9y8S4PtwAAyQb4ER4AAAA
.rfihub.com/	1970-01-20 09:32:40	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA12dax09s2tMsgwzA8zNQkpDs9y8S4PtwjiNTQzMTIyMzE3NDU2sXjFiMoHAHbOM1k9AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjM0Nzc0NDE2MDY0sDQwMTAzMhHiM9QtKUzKjHT0SM8sLcgGAEHtMy8lAAAA
.rfihub.com/	1970-01-20 09:32:40	Name: rud Value: H4sIAAAAAAAAAOMSNjM0Nzc0NDE2MDY0sDQwMTAzMhHiM9QtKUzKjHT0SM8sLciW4jU0MzEyMjMxNzQ1NrEAAKKkz2U0AAAA
.rfihub.com/	1970-01-20 09:32:40	Name: smd Value: H4sIAAAAAAAAAOPiNTQzMTIyMzE3NDU2sQAAgE7vOg8AAAA
.mts.ru/	1970-01-20 08:43:43	Name: dspid Value: d87ec26b-e7e5-4b62-8d0c-a375b95f2b38
.adform.net/	1970-01-20 01:37:28	Name: uid Value: 4069455659076818773
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: 4jgwejh5pyxvdsc5rhjnsfmv
pb.media01.eu/	1970-01-20 17:42:16	Name: DTU Value: 0875D8D4501FC521A718A83B6B6CACD4
.office-partner.de/	1970-01-21 00:11:04	Name: source Value: {"webgains_webgains":{"timestamp":1642264715451,"clickCookie":false}}
.mts.ru/	1970-01-23 14:35:04	Name: mts_id Value: 0b407eac-9ac7-41de-8a83-45f10d786b39
.mts.ru/	1970-01-23 14:35:04	Name: mts_id_last_sync Value: 1642264715
www2.kusports.com/	1970-01-20 09:39:52	Name: _cb_ls Value: 1
www2.kusports.com/	1970-01-20 09:39:52	Name: _cb Value: CU-vKoB0uIx6B0dIYz
www2.kusports.com/	1970-01-20 09:39:52	Name: _chartbeat2 Value: .1642264715667.1642264715667.1.bMbZhCir3jXBPIQ3ZBzJwPdCDARXP.1
www2.kusports.com/	1970-01-20 00:11:06	Name: _cb_svref Value: null
.zemanta.com/	1970-01-20 08:56:40	Name: zuid Value: 6y8GtIxfSmjuPyvMvPcw
.www2.kusports.com/	1970-01-20 08:57:02	Name: __adroll_fpc Value: 9af507d818b06b07ec1c46ec32c33506-1642264715953
.www2.kusports.com/	1970-01-20 08:56:40	Name: __ar_v4 Value: %7CX7723AQJHJDWVHXHZOPVBN%3A20220114%3A1%7CXTQPGD4JMZBBLO774N2I4E%3A20220114%3A1%7CNT3YRS4RBBEJXN5JBMR5A3%3A20220114%3A1
.bidswitch.net/	1970-01-20 08:56:40	Name: tuuid Value: 96e4f017-7826-4565-94dd-489f3a7f008e
.bidswitch.net/	1970-01-20 08:56:40	Name: c Value: 1642264716
.bidswitch.net/	1970-01-20 08:56:40	Name: tuuid_lu Value: 1642264716
d.adroll.com/	1970-01-20 09:39:52	Name: __adroll Value: 33440f113acdb10752e37a260684c6c6-g_1642264716-a_1642264715
.adroll.com/	1970-01-20 09:39:52	Name: __adroll_shared Value: 33440f113acdb10752e37a260684c6c6-g_1642264716-a_1642264715
.adnxs.com/	1970-01-20 02:20:40	Name: anj Value: dTM7k!M41$CxrEQF']wIg2C%wiMdbL!]tay8i_iqf!oN/@E'zz<*Z0Q`r5Z<e>X/p3C>o]X33r@2Cfwa?DE(^S8=gR(j'kE-(o:a=^'R^]-gFWBg$md9]9_=dz9ph_[ybT[c<859DAg?9XlCYBu@$DloT2.]!1cs.J7//.wL4W1Qw2kJxwc]

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911= Message: Failed to load resource: the server responded with a status of 404 (NOT FOUND)
security	error	(Line 5) Message: Mixed Content: The page at 'https://3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html' was loaded over HTTPS, but requested an insecure script 'http://media.adfrontiers.com/pq?t=j2&s=1779&ac=19&at=2&xvk=96787708.95998482'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8r0nmB_WRfiwEMtYzsMjEw&google_push=AYg5qPIhIR4H1Jrhtglx4BGzuTuzJLtR61f6p9SqdOcAiLbPzVTt__cuFcUdOs0Ln0V90bwTJAi8uEv8HHxsFFsBfXdHcyx5JL7J Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPJQ5111TQ_-6aYJJQPP8GpLfrririHMP3n_7Lnou7mD2WmPVk0v5joOEWPA8lZu_DudvBm9b6Ugn8v3RNgQoEWTKfIPEDIy Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0f0060131989266658dfdb2e4be1ee34.safeframe.googlesyndication.com
1734937abb0749667fb43a6649a4eadd.safeframe.googlesyndication.com
1f9f1f9ddda978925835210afa42f047.safeframe.googlesyndication.com
3e770f3151c0ad0be8f4c5130c9ed3e3.safeframe.googlesyndication.com
79064acfee7eb39937587e3e674cac41.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
83cea4fead56748f876ab613b983dac1.safeframe.googlesyndication.com
a.adroll.com
a.rfihub.com
ad-server.eu
ads.yahoo.com
adservice.google.co.uk
adservice.google.com
adservice.google.de
adv-srv.office-partner.de
adv.office-partner.de
analytics.webgains.io
analyticssystems.net
api.webgains.io
as.ad4m.at
b1sync.zemanta.com
bb2d34060bd868ec21f84b036983bf36.safeframe.googlesyndication.com
bcp.crwdcntrl.net
butterbulb.com
c1.adform.net
cdn.includemodal.com
cdn.taboola.com
cdn01.basis.net
cm.g.doubleclick.net
connect.facebook.net
cs.media.net
d.adroll.com
d3plfjw9uod7ab.cloudfront.net
dpm.demdex.net
dsp.adkernel.com
dsum-sec.casalemedia.com
edge.quantserve.com
fonts.googleapis.com
google2waycm.netmng.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900012.redintelligence.net
hal90003.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
insight.adsrvr.org
loadm.exelator.com
maps.google.com
maps.googleapis.com
media.adfrontiers.com
medialead.de
ogden_images.s3.amazonaws.com
pagead2.googlesyndication.com
partner.blau.de
pb.media01.eu
ping.chartbeat.net
pixel.quantserve.com
pixel.sitescout.com
pixel.tapad.com
pv.medialead.de
quizzicalzephyr.com
rtb.openx.net
rtb2-useast.e-volution.ai
rtb2-useast.torchad.com
rules.quantcount.com
s.ad.smaato.net
s.adroll.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
servedbyadbutler.com
sm.rtb.mts.ru
ssbsync.smartadserver.com
ssp.adriver.ru
static.adsafeprotected.com
static.chartbeat.com
stats.g.doubleclick.net
sync.go.sonobi.com
sync.teads.tv
tech.rtb.mts.ru
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
ups.analytics.yahoo.com
us-ads.openx.net
us-u.openx.net
worldonline.media.clients.ellingtoncms.com
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.lead-alliance.net
www.telefonica-partner.de
www2.kusports.com
x.bidswitch.net
cm.g.doubleclick.net
google2waycm.netmng.com
media.adfrontiers.com
100.24.193.39
104.89.30.126
104.90.104.248
104.92.94.3
116.202.46.88
13.35.253.75
138.201.63.117
142.250.185.198
142.250.185.226
142.250.186.130
145.239.193.130
15.197.193.217
151.101.193.44
151.101.66.133
174.137.133.49
178.162.133.149
178.79.242.181
18.198.122.33
18.66.248.117
184.87.213.8
185.33.223.38
185.86.139.94
193.0.160.129
198.47.127.19
208.91.60.6
208.91.60.7
213.87.44.187
217.66.147.165
2600:9000:2156:8e00:1b:5138:8a40:93a1
2600:9000:223e:6800:13:a391:88c0:21
2600:9000:224a:6400:8:48e:53c0:93a1
2600:9000:225e:9800:6:9280:1080:93a1
2600:9000:2315:4600:6:44e3:f8c0:93a1
2600:9000:2315:5000:18:1fcd:34f:cdc1
2600:9000:2315:7a00:15:90db:9f40:93a1
2604:9e00:1:129::2:a01
2606:4700:3030::6815:251b
2606:4700:3039::6815:c034
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1288:80:800::7000
2a00:1450:4001:801::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:829::2008
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2004
2a00:1450:400c:c07::9c
2a00:1450:4019:80b::200e
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a0b:4d07:102::1
3.126.56.137
3.248.87.88
34.249.68.36
34.254.143.3
34.96.105.8
34.98.64.218
35.190.90.202
35.201.98.64
35.227.248.159
35.227.252.103
37.157.4.40
46.236.13.147
46.4.62.19
5.1.80.163
52.216.89.236
54.171.15.192
54.228.17.128
54.76.176.197
64.74.236.223
66.155.71.150
78.46.90.238
81.222.128.215
84.200.5.215
88.198.250.30
94.130.102.164
94.23.99.218
03f40b2a01bbba09852e901342f46c741a9a3f8fb9450bfa29a5e13f568af04e
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
06ea3f6c711322097aef91b87415a2b67cdacce2b8a08baf5129935fed10591e
078e7366898dfe7da10d96bfabedce2efde4784e45a0244062ba979e61348660
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
09b9ed3f186c259f19c67e8b8a472f7cfacca3c7786be1b19f3993ec73084561
09bf6330ca7f445eba2f2dd8e580f47b1be62938b9616579eaa1743ed2ab79d2
0b40cf83571688b6b0472a50c2882e9465b1d12fbe9da8de2bf1eaca5ccf4ba3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb5eb51c0ee0972c3b2b6ebf6bcb3b0c1cbb7c4c93b0acd442110005c1c3289
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0cf691a0b5100ffd49ff7c64ae9f3fc38b004a4df1d220cf67e5b6550eb6ea8b
0d35142f32786296129b89d4acaee1ff5201114af38d139b384412fa38777d7a
0de9144bce06e89231efdcb0acd8d48483ca86649c44e991895fbf4dff221cf9
0e25495ffd09f6b677ce228b97bc09623d45aa81fc770413c46259a040b81fbc
0e9793afd5d57a188f900a3561b714829cb7fddbe1fc7dd454dc94f6515121ee
0fc0fbb7321bca17d95d35cbb2bcbc81ac7e78c61a50b2af2ed130a1fe6f1691
1097c01b38cb84d60d03c6ceaba1616b06740a5bb2bbd3d82ec559ab07204035
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
143db111a0fe687d66e54ce972b57f10f01e09758bd76220e773c9579fdef6c9
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
15cd950fdf0a22946139981c83584014730ea322856de684bbb7b9a638e99330
17b91841811d67da94317ebd549a5a35e66e380be5a2ca51a34a8139f9a1415a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1979e136df73c0182593b957b1ccb3c6b659c018e3ae61b13f9db6ca3377acbd
1b67d92a3588252269bc6cdeca8fbfccb5446d70e0cfcdcdaf78898d815d9c62
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d8749b19ba5041e508d173b873b9ac49b4d2fa9bab220cd1299e654fdd0f27a
1e6d070b6dfc55e901e9280547ca443bf3089030043408df167cf7ae5b1025c7
1f432ee221d58ae484a657edf14cc91f16384d3c2fd15cdc5c923a27e964f228
1f948542cbf403190419dcda166e91b7bc31060453cd75d25b40be61acb15600
2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb
23e96bc008c6a4c5a941126dab9199bcc9d4708fbe7fbd01850eb39dc595fb3f
25049c305b208bde887cde10dc3fe87d0e39d98d7f126acaa42338f2fb51cb6a
2649d411849441560a08d65ecc699902799d2219cb10ddf8c365b9803ae66acc
26e2c6e5dcba43026ac44b78c9c73bb51d099a786ca808c9a2061c3ed81625e2
270a415eeca200186413a409116f9516e4eeac282606b1ac0f09151c3c5d8381
288f482d268fcc58cace4cc9839e03365e42be2e5c1b9d33c22da08218e4805a
2b911d51ed949642e3d9b146c0ac22914c134bcb104a0acfe8df42353d168a3e
2c313697279d286cadf8c885a827f4c2e44ee4e99a5da6184a69871affe24499
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7b133667cf862ce360aec2578c08adcf317bdeffb5b5ae26f22c7928bed85f
2ec88fa56bee4e6c91bffda5c8ec99756df9b613b762092075ec89157b9e1078
2f2180e07af7d6a2d552aa4a44ad922fa0c1a77e0743585c51978db3af88aa84
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f86987acb8ba6f3703a815c5dbb09d282cf25c1714ae91d1c2afd9d9af7c08a
2f9c35e984c1b63a7e6b13f07d6afb5d8335a1aba0e382d7e0c66e23b049de68
3023b8c8a44629993a179f9b49e46244f8d9ec755e3068d1532bb48c0235ecd6
3078ac23a7807fec8fb5009ddd6a12235bcc17441cc599c911bcb372e50c480a
30f8d650e5003e7ac2ddaaae9a57212d7972c7c0dd451ea43f094d5d1fb60cd5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33068407911a3b697fbe203d9d0d8bb08a06199d4ad44a78e56ac409f19bbb82
33a7f1daa51a3d81a190b331e6ce2bdca98966dc7846894d5619c87a3ceb319e
3497a136020ad61017fb3ba6910d5e65c2e3689c2d6313696abae966ce387316
34983bb02be1afc41c4bd28a7bf5f89d84138fc3d37b09ad61d3fbe680fc466e
35b7a88273fe7b0057d9eb92aa0452b03787c6d2f86ec6063d7e2ff47a703ae4
3752258f545f1cd6c4be6593f9f64ec4eb2d377b8d7e5ce52a1b908d9dcf1875
37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
395dba5457bcf80d4c45b77b341dd65137f5752c6cee21176c061ab9d52ddcfb
3d313e573148b8aa541b772ed63b36b5b05520fd0ca9e20dce848bb65916c1ce
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ef9eb512c0c23203065668fb9d963a082d972d2798b9e0e660c523c23e778da
3fde16febe487398469364de1dad7fa7640a9fb9dfe2c109c616d6df38d91ba6
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42c2504dbcb736d2457006a071c318c02694f68cc3d5f2ec4e73cd3019ef0fc7
46f91934dfcf2858e78684bf1255b45320ef80059f80d4f376bc829446f5505c
482c5ca644f49f87f08ea6ad0e046a21d98ca5009192127e25c3c7342bd81ba1
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
49234fe43ce7263e0c8fdc11d41c249c5dccde1331725a814057ece4cda76a7b
4af952994baa0cdd0cee4927dbb7f207a7a28f34bd4b748f4cf5ef30c9a6cde4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ca98a9f6e5b6b5acb8c8c474b3366e13372946d998d4c12470ce606b05df393
4d64cca2d081e3574a789840fb2d888796a38e8a6cb8c09df541c03a7c2fe627
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e96a7bf0a4c51ebc38843c741f5cbf4f4fe71ef08268420f185b3223b0afc72
4f7260fa496298892887fbc8880a57550d221851edb5fec73fa80d8b726f2bbc
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51d53492d7322fd92bdeb78693bda92a5810de0906203c9d800f36f3650e7c58
51fafa8da3b03ac77d9ac2fdeafe93a313829891e3a922a596801146ba41444a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
561efbd8ea18ac526a913da03b3f3e4557994af182ca61c586212f0aa71a634b
565a604b8d2449fcbbe6a76e51f0b8f5c6b85e912c87e81bb9aa2c7f86b8cd07
571a26d7c84347a9b52a45a361dad3181651776bbda4164e397fa81d842a4caf
57bc4098e7246495115ca3e04cb9cb979a038d9af889d6bd670408d841777c34
5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b
60933049f0cb956ee6582339ae827ae62a1cea00761eaa3ae0accd20b52d02e8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623d4350b84c3db35766c93aa589955ad02710b1cbb5bb8fe0fbfdda1bdba321
65f39a1179acd4643b2bb05629342fca9805a38a6da7ca7505718b5b0eae81ac
6a4bc10915058d500ff48f7acc432da94ae98e56b89e838bac4bafd30219f7dd
6a51f447b50472226b369dcfa96bdc8afd0f2a1696b9636f4cfe51276b36b1e2
6adb1f10c698bd6c81856d978057e238d049f55c74b6b734673f25df642d5b4c
6dd9c52de77964061f706c1650a89766e99348f63be12b7b6467970bb34ccfbe
6e2b0325ef67998661d5f64f5444948d6e33e0bd729d8723c71944f3cb5cd7c9
6ff6c41c1b3e156f7f83074f774356106087b7149eb7fa198673d2c50eaa9490
71f59d13d69d502b117d87f28fa286757c478447b06f87d4b02c44361c4a4855
728a9a5773bddf02be49c8ac1c8e4f64086c4814abe7b5e95a4d14fdaa9d7486
75ec39394b1be1bddf34e1a92d4003868a96e7f734008ead985d2db20563b722
762f2135d7f709ed01ed2a4829ac28b051d6df007aec607df238d60950b03453
768d3f2d48b39441cd87c549817b315597435466327a59aa2481230f859c18a0
770f39534d503d9feff3bf990db12b6775bcb8bf7a06a178d326dce53d0ab5e9
777fd3cae235313f40770e1af8a7fa1c1a326e040d79014f2bd732a1f5153a51
7ac61bbd491ea91981ae5f8c99a162d2cf7f6836e80e2283448ae4c29fdf2420
7b770f7ca4e0add0192ef0e6b3af06258a99453263ec73bb08d8f57bdcd2a138
7e2ed03bbc185372cb541663170321544300747ae296389772dc8f722551eb3c
7e4ae6f9a8d55fc34570249a89624fd22e19aed34c3b0fe461743e10e0649ff9
7fb8971ef6ae60c7189c1f81e62685d3fbee02f60538eee2f2dc23f8be400645
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858a0e23502aa2fcb9ae9e6a1f746e3b9f9e0967f383215898bae4ca797fc67c
87f5de91ff5cb090bc725799193a24b6323e6f51545f76d2335f2295bd33c6e1
8a215ebe4733750286ea1780bcb0c9500c96aa14ebf1abe588193e76b7763f1e
8ca119bc1f1fc4736ccedf20d3aafcc50aead2109a92e32c89bf74af72a1e057
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e3c124520f136bd31f51db7504c41590e86a39c13e8ea479547e2c2cdfeb0db
8eb0885d968635a6e7a706c190c00a8a6f1d88f0b528201eec558e441395d7f8
8fda2396e315276e1fc4e8fe3a0a265fdfbfdb0e45f8005d142b78015a76503c
904341d95fce95e7520a3a6ecb4d0b337038c2f5d277874a563e0e24fd90e709
90e6c74c154e1ecc603efa62795cd669c12280c043d8363eaed628bb945bb959
920e87e5d58a8efda5e38f7c1f1fb86693a6fe60a41b74a509f6a27e86d8e2c4
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
944f511fa489e866b08f83cb5bb98f12687c99f142572837087f78107822a8a6
945d81de37368bdb21409830e9bd81a52fe4eea9e698d444ad510eddc77ca1a9
95af646b01ee702570f9abad3701e98b1713487822310baba992363f92513e26
96c10b12a6bcac488c359bd1cbefb7f39d342567b4934a67a00e7d18e7c58676
97192cf227b40aa5c09387cc46230ef31fa177e946cc91fa98a55e89c1c436ff
9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1
9bfe53279c4d9e75e2327bfc455660fea77591af5a5b2258c508803707f158c0
9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f
9c544e529fe4045be9024bf8bb2f0f9c504af93b7e8586cb3a5d62aa00f02547
9dbd96226c9062b37e0b719221e8f02b684d2acd495e47bacbefb96b7fc0d246
9e25ba946939ee4a3d6b5acc652b3a3d3c87f0b982d9a35b9fd19f37b3bee4ab
9f0e38142f0b67f679d1eaff046562070e44443234a81c1f313f6d0ff41e6f86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a02374499910d34a84cd5b6f2c17a92957df109366549f5a46a0254f881848e0
a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80
a03ff6167267125ff8a2d9c1ca01a4b1790da525489e8c732c8c38f235b78993
a04b971d335d737b89946f19095fd6e18c88561d3846404081729739ca81a80d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0ade8be33af5ef85df33f2895b652fbf135bb6966231e1c9477189b57fb8474
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f45a49d27117af1323c98b6f17499f08f49e5e60db826db929e583f2e8e65f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a25e7e9bd63b8c5010f34dbacafba5239d4c7c472068b8f0d31145e57263cb36
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a557542b7272593a0cc7e39167a1e0f8f79f2a2f3ba344dc59accd7f2aefcbaf
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a78176cd900882ba8ed23d3bf267c54851e64716fe62e793861caa87add3e649
a7f2eca1f5be8472ebc264bf863197108c238e54aef2546d3b72aebe3a74d835
a821eac48e731c18eb2ed4bce2c2804add93870078ce7a75b643357e6a98a9fe
a9d947841bb76426fd4b32ce72e4ad3ad5d8fbbf9d00f607364c5f4ce1487466
aa5f185e7c327bc34525d29785309cdb9ecb8a470be2af0bfbef85d6317feb61
aad4f11790ae41d11a7c7bb613b9f82206f37eb4894966fe15e5f880c5d9b72a
ae29a158008df7918b0319c1996538eb4ccdca320ce3a5da8056e8511a47dbcc
ae36c2e7542c7a670c171f078afdb88b1a896c48555a90911e43fd79db731b68
af3b4fb8ff2ad401f900a55dddb1e174cd6c1f96cdfe6ac220fa353de500d534
b00dec76f7bd930c41b4b779f73fc4bce681079b8ef9d5f9abe488c6193bd096
b12db2c94dacb6944cdddfbfdd04e8ae3bb93de96ec7aa5f538bf50fa8048414
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2c4af40afb1e40563e65b50bf08c21a4b1543fab3050440be96974445edf7dc
b3094bd6c20ebdde1e03ad0f9e5f271b6d56d5a9c32b0bf7d731f5bb72dfeb25
b5dbcc1f81f5a98a4403ae9afd1d2a1773f4afe1f0b8cefa89eca201f40483c1
b6da32ba96bad1f198d89b88163c9f79b56c02b991035996d167092f6ed093a5
b78362d3e11d02a90489865565e984d658e9cbc2d442ee7884fd956fb71b0159
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
b7ddb8bf7fa9fc6f7369beacac443573b0b175d43002d4cfe2421231f0e602c4
b98008ad770fed8298d565a3ee5da7d233895b23d0a9e13cae7f92c5ac15d7e9
ba17a6a569b64b5d243273cde129feedf2b7fc5180be7bca1eb297572aafb809
be18e4f5d4b03d521cd77cab0bd078809764b28e93abd36def170df9b9a93411
c10de9dc35a4604c9eeb7c4e93407c1ad0bf51f63e131c198b07d20f92d93223
c302efe6c47d24adb92d327f1c3a8383d9593acd29699464309e0b295700d4f5
c3f7543f5920fa1dfa5bee0b790fa30d0d26e5f58cd20f7373133415dce6b040
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0
c7896ab2971da619c3f6752f7b95f8be4277afaffb259f1936fd889208999737
c8bbd5afa4c30e05186b03ce140ee8bb262f7bf321d74d04042d11fa05eadfae
c94e49334083ad99ce4fe5cc543eaf92320f702c473b1a134d8e0d2751683786
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca03203fdd79bb26a6787fcaa3d8bb2d74514e04cea540daf0441d35308e0827
ca29fa98b9edf564b5abb0a0f06c7fc1658a5db5ac05759183e34f44a58db9eb
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cced19cb69d5b40e430d7ce95459ce7ee4112682605433c376191949faaa9109
ccef7c15c0af13ab8c5f8008e24095ac3d6e6376b6d7ac86f60c5b85578855ba
cd3699476d188453684876ad11b8813508e578f49a02f4639fed3b3ce8a74a58
ce0f964bea4f366c3d36f63f6538af3068d2952d1508cd373836555c410ef257
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d18dcadfae802c4f885cce2b295a81020113f2e37136734f0d6798d288291fff
d1aec0f91475a9d3eefd64516c068aff487a6790a76ff4b8ac14a52e7a367ceb
d1d938d97331866e733f47f9ba4b748530a8b4f684ae1bf3a19c01f32854104f
d3b389d4d7d80a60a12be282ad147d045c038822125a5c37a3ceba0bbe480bef
d3d2e3b3a0920c303a390c99806c3a825fcd674c489f5a03267764244fffb222
d4f8bc08ed1a374a36388cfe41f2609c5f1025de20422d698368be48f1896ce1
d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20
d6a97846477d5f74dc49c320addd8360addfd351e22f14206c145c4a44d13bdf
d80e5177d7cc173424caf8c3a5a3d5f260123d61ae92678b1a3e9a6bbf99ada5
da1360e9617591ce97b284615498f1a406c4b00fcdddfd59724e5356769c667c
da4a8af41e0c193b767ae3891524c23961693fa7280a9e593a65198ad027f981
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deea56467e818b9345873eec410a3e53c1be3a1ea2f4f3486a42e8ff64534e6a
df79e61186e6f38bfe193b619c426fd6e7fb7cf732f14a2e358329a739461ef4
dffb2854fbfb6bfb95e6949a623fe55063e7cc929b3755ed7b27adf7f31b52eb
e0c5c27ad304e1d5b111c4c67d9c3aa45d64b35e6d322c2bc4c7462813b1d204
e105b5557bed3c3e48db77e8c938e64e52a5f00e0f0d948efe889022a5331c9c
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e2d3f8696617c48a1f82529015ed2050d19c0a961a7249466dbb16456fe733bc
e2ec2ecae8d41e5dc76422bed223fd4243a85e51d070c468f5ad21b3e2e76dd0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d0bbfd066067fd08ed67f8fc3a45e53b9f2ee05108bd0601ae687513e32a02
e678f057332a81514ac9719a101737d107488a36cdfa6b612799283695492545
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
e93f3187fcfb44d155e7119c58627506ff3765fa4afe66dc87f338b6b8a13a54
ea34350c35f040000c1a15858d8ea1a1bbd71c439f4b4a59cf4235b6d709544d
eb81dbb47530932dd4d6eac5041f8c4462f17c0b87c8ef699b24dbafc5a8c861
ed713f264d7323b8d2aab5e7086902d87dcbcf3f4f7185da6bf5ad40ad80a93d
edce0f5742c946e7271ad95325d3ab2c2ad012adc0a790e52b69c04a37a6a9f7
ee77c502f1d5c7d72b10904f686628842c426def8850a673ee3f13dbec6fbd97
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0eb8a4eac4068c80d1249dfde9bcc0adbb127f197edd147ed6e2304e8d01f5c
f2023b1b62da87163faad2f2ed5d116be69bae647670048d738f3526167c2632
f515ed490405435b0c8a7ede74fd2c8e7834ee45c81aa76db3736fe50dc1da87
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f7059be255f87b9ee45ab619650998acb10637aa0d41a3e34f12cb563a31e824
fa1bbe501b149144f7d0195697ed240c0bbfab218313922bd1733fa02d4f3bcd
fb9234052ac419d5c2aab3ec5f16365d70ff41096426b821c2b693593a1a559a
fc98d0a05f35dbe183a65f8aa5371168f175e3f8578d7afa3dbd07e84c15f80c
fcf8a02102c695c381e74234f4a4bdf158f63d9c405697970f46816e572550bd
fd7de549603cd3b97a3190ea98694b9f366897f6cdbbd321f3630e2efd4a66e4
feeab718072b4a4d047a582abb7dede4ee9f8ee0b3ba36cfd6828a5afa78c572

www2.kusports.com Open in urlscan Pro 208.91.60.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

441 Requests

65 %HTTPS

36 %IPv6

70 Domains

98 Subdomains

71 IPs

11 Countries

4882 kBTransfer

11400 kBSize

73 Cookies

16 Outgoing links

Redirected requests

441 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www2.kusports.com Open in urlscan Pro
208.91.60.6 Public Scan

Screenshot
Live screenshot

Full Image

441
Requests

65 %
HTTPS

36 %
IPv6

70
Domains

98
Subdomains

71
IPs

11
Countries

4882 kB
Transfer

11400 kB
Size

73
Cookies

441 HTTP transactions
13 data transactions