blondinenwitze.de Open in urlscan Pro
2a00:1158:300::66b Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.teengallery.net/
Effective URL:
http://blondinenwitze.de/
Submission: On August 22 via manual (August 22nd 2021, 9:16:14 am UTC) from DE

Summary HTTP 88 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 13 domains to perform 88 HTTP transactions. The main IP is 2a00:1158:300::66b, located in Strasbourg, France and belongs to GD-EMEA-DC-SXB1, DE. The main domain is blondinenwitze.de.

This is the only time blondinenwitze.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a01:4f8:c2c:... 2a01:4f8:c2c:abf5::1	24940 (HETZNER-AS) (HETZNER-AS)
1 17	2a00:1158:300... 2a00:1158:300::66b	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
12	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	142.250.185.195 142.250.185.195	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
3 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2012	15169 (GOOGLE) (GOOGLE)
1	142.250.185.178 142.250.185.178	15169 (GOOGLE) (GOOGLE)
88	16

1 2a01:4f8:c2c:abf5::1 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

www.teengallery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1158:300::66b (Strasbourg, France) 1 redirects

ASN8972 (GD-EMEA-DC-SXB1, DE)

www.ftpserver.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.blondinenwitze.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
blondinenwitze.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net

p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i1-v6exp3.ds.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.178 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f18.1e100.net

p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i2-v6exp3.v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	849 KB
18	doubleclick.net googleads.g.doubleclick.net	114 KB
16	blondinenwitze.de 1 redirects www.blondinenwitze.de blondinenwitze.de	300 KB
7	google.com 4 redirects adservice.google.com www.google.com	978 B
5	googletagservices.com www.googletagservices.com	177 KB
4	gstatic.com p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i1-v6exp3.ds.metric.gstatic.com p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i2-v6exp3.v4.metric.gstatic.com	3 KB
2	google.de adservice.google.de	287 B
2	google-analytics.com www.google-analytics.com	19 KB
2	cloudflare.com cdnjs.cloudflare.com	4 KB
1	googleadservices.com partner.googleadservices.com	266 B
1	googletagmanager.com www.googletagmanager.com	40 KB
1	ftpserver.de www.ftpserver.de	411 B
1	teengallery.net 1 redirects www.teengallery.net	220 B
88	13

	Domain	Requested by
22	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
15	blondinenwitze.de	blondinenwitze.de
12	pagead2.googlesyndication.com	blondinenwitze.de pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	www.google.com	4 redirects tpc.googlesyndication.com
5	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdnjs.cloudflare.com	blondinenwitze.de
1	p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i2-v6exp3.v4.metric.gstatic.com
1	p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i1-v6exp3.ds.metric.gstatic.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	blondinenwitze.de
1	www.blondinenwitze.de	1 redirects
1	www.ftpserver.de
1	www.teengallery.net	1 redirects
88	18

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.twitch.tv
zhhh
www.trenvay.com
policies.google.com
catchthemes.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.ds.metric.gstatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.v4.metric.gstatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh

This page contains 18 frames:

Primary Page: http://blondinenwitze.de/
Frame ID: 6885A98E284E41828E8A864307AFAC3F
Requests: 34 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210816/r20190131/zrt_lookup.html
Frame ID: 424F26948F9B86C13AFBF0546A07D364
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89
Frame ID: B1828AE7B6383CC998EEE99C24A9E848
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97
Frame ID: 4F492725C2B18CA3749EA3A0A0881931
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103
Frame ID: 0B2DC63C4570FFC00BD98327FFBAC0FF
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106
Frame ID: 21CA65A1CC7407AD24321A1C2939B680
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&adk=1812271804&adf=3025194257&lmt=1629594792&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fblondinenwitze.de%2F&ea=0&flash=0&pra=7&wgl=1&dt=1629623755650&bpp=1&bdt=233&idt=99&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280%2C300x600&nras=1&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=5&uci=a!5&fsb=1&dtd=104
Frame ID: 06051DC201363C9E08F8381AE66AB502
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D46FA1E8F5831773715A78D4DD7F5844
Requests: 2 HTTP requests in this frame

Frame: https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: FDD9BF528E21C94EBCA318121EC55CD5
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BC3F1855BDBF94AA1AE046D6CD684B06
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: EB5FC59C530F170297ED00E8192F0BBA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js
Frame ID: 71AD14FC6137FC596D1AB616FAB410A3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js
Frame ID: 1275B28B19A710B23F46BB1395487EBD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js
Frame ID: 026E68D69E61A42CE5DE9A68197F4AF7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 7C9B0FB3F366FE03CCB332AF277299CC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js
Frame ID: 9FF0B9DC63E5A57DB406FEE82263FDD4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F66F1E047CC35EB57570E93BF65521AB
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B9C588E883E243C07C238E6F12E02927
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gute Blondinenwitze

Page URL History Show full URLs

http://www.teengallery.net/ HTTP 301
http://www.ftpserver.de/ Page URL
http://www.blondinenwitze.de/ HTTP 301
http://blondinenwitze.de/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

88
Requests

81 %
HTTPS

82 %
IPv6

13
Domains

18
Subdomains

16
IPs

3
Countries

1522 kB
Transfer

3051 kB
Size

15
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.twitch.tv/
Title: New

Search URL Search Domain Scan URL

URL: http://zhhh/
Title: desoskekk

Search URL Search Domain Scan URL

URL: https://www.trenvay.com/
Title: folyo kaplama

Search URL Search Domain Scan URL

URL: https://policies.google.com/technologies/partner-sites
Title: Datenschutz & Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://catchthemes.com/
Title: Catch Themes

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.teengallery.net/ HTTP 301
http://www.ftpserver.de/ Page URL
http://www.blondinenwitze.de/ HTTP 301
http://blondinenwitze.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.teengallery.net/ HTTP 301
http://www.ftpserver.de/

Request Chain 10

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

Request Chain 44

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 55

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 66

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 79

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css

Request Chain 81

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

88 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
www.ftpserver.de/
Redirect Chain

http://www.teengallery.net/
http://www.ftpserver.de/

120 B
411 B

31ms
14ms

Document
text/html

2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ftpserver.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 63536f69a3e7d0e6eb22ed94625199f9a2c133ab6af2b04de111fcd836c13c07

Request headers

Host: www.ftpserver.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Server: Apache
Upgrade: h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 08 Jul 2021 19:20:50 GMT
ETag: "78-5c6a18d8b0ee5"
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=100
Content-Type: text/html

Redirect headers

server: nginx/1.21.0
date: Sun, 22 Aug 2021 09:15:55 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
location: http://www.ftpserver.de
x-redirect-server: cs2

GET
H/1.1

200
OK

Primary Request / Show response
blondinenwitze.de/
Redirect Chain

http://www.blondinenwitze.de/
http://blondinenwitze.de/

58 KB
12 KB

36ms
19ms

Document
text/html

2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 78eb4b121d308785471e1d2abb3e6098c5515e9cb3f4b8ce08fce96bda825dd4

Request headers

Host: blondinenwitze.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://www.ftpserver.de/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.ftpserver.de/

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Upgrade: h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 22 Aug 2021 01:13:12 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Mon, 29 Oct 1923 20:30:00 GMT
Content-Length: 11549
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Server: Apache
Location: http://blondinenwitze.de/
Content-Length: 233
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK c8eeg.css
blondinenwitze.de/wp-content/cache/wpfc-minified/7jsoijfl/ 112 KB
33 KB 19ms
18ms Stylesheet
text/css 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/cache/wpfc-minified/7jsoijfl/c8eeg.css
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 5621ca2ad7bb8a712767af5769fdbeb6160965d60a8bdbdae8f990802b4977ca

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Jul 2021 23:47:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 33167
Expires: max-age=2592000, public

GET
H/1.1 200
OK c8eeg.js Show response
blondinenwitze.de/wp-content/cache/wpfc-minified/driqyue/ 148 KB
49 KB 42ms
34ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/cache/wpfc-minified/driqyue/c8eeg.js
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 174cfe565e4c68c92f95fe9aecfdfe915369ea7f76e88195cc484f75dc0f8ae7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Jul 2021 23:47:34 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2c
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=100
Content-Length: 49701
Expires: max-age=2592000, public

GET
H/1.1 200
OK c8eeg.js Show response
blondinenwitze.de/wp-content/cache/wpfc-minified/2bjcy3by/ 15 KB
5 KB 25ms
17ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/cache/wpfc-minified/2bjcy3by/c8eeg.js
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 47599a06e244687a8c1f646bf48f50ced883bb41229d3aef489447e790787d85

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Jul 2021 23:47:34 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2c
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=100
Content-Length: 4807
Expires: max-age=2592000, public

GET
H/1.1 200
OK Cookie set jscripts.php Show response
blondinenwitze.de/wp-content/plugins/wp-spamshield/js/ 775 B
1 KB 128ms
119ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/plugins/wp-spamshield/js/jscripts.php
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache / PHP/7.2.23
Resource Hash: cf6a820731f174190b993c52956a11854b01149de9109a383f5439d363dd85c6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
X-Powered-By: PHP/7.2.23
Surrogate-Control: no-cache, must-revalidate, max-age=0
Connection: Upgrade, Keep-Alive
Content-Length: 511
Pragma: no-cache
Server: Apache
X-Robots-Tag: none
Vary: *,Accept-Encoding
Upgrade: h2c
Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0, no-transform
Set-Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; path=/ 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; expires=Sun, 22-Aug-2021 13:15:55 GMT; Max-Age=14400; path=/; domain=blondinenwitze.de; HttpOnly ckon2108=sject2108_ce928bc512216; expires=Sun, 22-Aug-2021 09:20:55 GMT; Max-Age=300; path=/; domain=blondinenwitze.de; HttpOnly
Content-Type: application/javascript; charset=UTF-8
Keep-Alive: timeout=5, max=100
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 30ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: blondinenwitze.de
URL: http://blondinenwitze.de/

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2d2846040ce0726ba6ace389110fad3b2c7f1cc23caf00adc4f8a016892ad57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 14305058684536401169
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 49909
X-XSS-Protection: 0
Expires: Sun, 22 Aug 2021 09:15:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: blondinenwitze.de
URL: http://blondinenwitze.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2d2846040ce0726ba6ace389110fad3b2c7f1cc23caf00adc4f8a016892ad57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49909
x-xss-protection: 0
server: cafe
etag: 14305058684536401169
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 22 Aug 2021 09:15:55 GMT

GET
H/1.1 200
OK portrait-2123109_960_720-1-248x300.png
blondinenwitze.de/wp-content/uploads/2018/03/ 117 KB
118 KB 21ms
16ms Image
image/png 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://blondinenwitze.de/wp-content/uploads/2018/03/portrait-2123109_960_720-1-248x300.png
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 4607f47ea58a4cc07d8a04102e7923ac9fea1ab6fb1374db5f24c72784114a5b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216; SJECT2108=CKON2108
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Sat, 31 Mar 2018 14:39:42 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2c
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Expires: max-age=2592000, public

GET
H/1.1 200
OK girl-162122_960_720-227x300.png
blondinenwitze.de/wp-content/uploads/2018/03/ 74 KB
74 KB 17ms
16ms Image
image/png 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://blondinenwitze.de/wp-content/uploads/2018/03/girl-162122_960_720-227x300.png
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 894e09df376c6a9c251ff8ce18fb37445d07f051906ce0f0ecedf793b886a70d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216; SJECT2108=CKON2108
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Sat, 31 Mar 2018 14:43:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: max-age=2592000, public

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-6599247-26

Requested by

Host: blondinenwitze.de
URL: http://blondinenwitze.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a893d449257f7257a0bedbec00aa7daeb0bb87ede8351556ac12fc6a94c244bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40997
x-xss-protection: 0
last-modified: Sun, 22 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 22 Aug 2021 09:15:55 GMT

GET
H2

200

cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

4 KB
2 KB

17ms
16ms

Script
application/javascript

2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

Requested by

Host: blondinenwitze.de
URL: http://blondinenwitze.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6349107
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1618
cf-request-id: 0a944e899800000631e2a7e000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-11d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1LrF5I51WcSpbp2NKOytvVJOGqjGXxyVbpgOUNC29UuCLh7qaY6DBjwwuzYynwdK71tMqvV6viudREzaBLO3VgzR9TUFLakyYdqpZQ0ZD0LLpjGWUSW8biEUeoB6AJa3y3lq3vILNOOE%2BXTu8Txuk71"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 682affd7d9b42fa5-FRA
expires: Fri, 12 Aug 2022 09:15:55 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK frontend.js Show response
blondinenwitze.de/wp-content/plugins/accesspress-anonymous-post/js/ 6 KB
1 KB 14ms
14ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/plugins/accesspress-anonymous-post/js/frontend.js?ver=2.8.0
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: e5158f25cdcfffe9f97cbb63bfefce9628e50e59bd125420b99391a41a583df7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Sat, 27 Mar 2021 10:35:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1098
Expires: max-age=2592000, public

GET
H/1.1 200
OK navigation.min.js Show response
blondinenwitze.de/wp-content/themes/catch-base/js/ 1 KB
917 B 14ms
13ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/themes/catch-base/js/navigation.min.js?ver=20120206
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0df76cf0461454b231957ecab478f90d2b3e15cbf2369f417f42a844b4988b9d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Apr 2021 22:40:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 538
Expires: max-age=2592000, public

GET
H/1.1 200
OK skip-link-focus-fix.min.js Show response
blondinenwitze.de/wp-content/themes/catch-base/js/ 484 B
667 B 11ms
11ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/themes/catch-base/js/skip-link-focus-fix.min.js?ver=20130115
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0120a25437dd8faf0818ca24725d230f9154ccb4258d429ff38eef2389e7344b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Apr 2021 22:40:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 288
Expires: max-age=2592000, public

GET
H/1.1 200
OK comment-reply.min.js Show response
blondinenwitze.de/wp-includes/js/ 1 KB
959 B 12ms
12ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-includes/js/comment-reply.min.js?ver=4.9.18
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 6b2e2d56e7b0e80d919bc65dd94f8cd95e57ad9298fc4fecc005301ea8339c9f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Apr 2021 14:08:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 580
Expires: max-age=2592000, public

GET
H/1.1 200
OK fitvids.min.js Show response
blondinenwitze.de/wp-content/themes/catch-base/js/ 1 KB
1 KB 15ms
14ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/themes/catch-base/js/fitvids.min.js?ver=1.1
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9ad5f9f1acf7b1d2e32607221022b810bb7132568d4f0976ec6ec3449223f7bc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216; SJECT2108=CKON2108
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Apr 2021 22:40:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 697
Expires: max-age=2592000, public

GET
H/1.1 200
OK catchbase-scrollup.min.js Show response
blondinenwitze.de/wp-content/themes/catch-base/js/ 358 B
580 B 12ms
11ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/themes/catch-base/js/catchbase-scrollup.min.js?ver=20072014
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 60d9e059c4a7d0290d827444e202e62ba63df66084111c06a28e275e4f170757

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216; SJECT2108=CKON2108
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Apr 2021 22:40:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 201
Expires: max-age=2592000, public

GET
H/1.1 200
OK jscripts-ftr-min.js Show response
blondinenwitze.de/wp-content/plugins/wp-spamshield/js/ 1 KB
1 KB 16ms
11ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-content/plugins/wp-spamshield/js/jscripts-ftr-min.js
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 22518ff32f769e282e7b884f80b238038242e11fcd7c9ddf11a53285f6f4993a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216; SJECT2108=CKON2108
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Sun, 14 Oct 2018 12:04:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=15552000, must-revalidate
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 677
Expires: max-age=2592000, public

GET
H/1.1 200
OK wp-embed.min.js Show response
blondinenwitze.de/wp-includes/js/ 1 KB
1 KB 27ms
18ms Script
application/javascript 2a00:1158:300::66b
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: http://blondinenwitze.de/wp-includes/js/wp-embed.min.js?ver=4.9.18
Requested by: Host: blondinenwitze.de
URL: http://blondinenwitze.de/
Protocol: HTTP/1.1
Server: 2a00:1158:300::66b Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
Software: Apache /
Resource Hash: 5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: blondinenwitze.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://blondinenwitze.de/
Cookie: PHPSESSID=db45c4d5f061e3f47d7e39a89c8e1948; 923a37c518d07b6a8a690e2f5d1fc3e9=29bbbafb6c4d778afbdf4c99bc668b5b; ckon2108=sject2108_ce928bc512216; SJECT2108=CKON2108
Connection: keep-alive
Cache-Control: no-cache
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 09:15:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Apr 2021 14:08:12 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2c
Cache-Control: max-age=2592000
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=100
Content-Length: 739
Expires: max-age=2592000, public

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Origin: http://blondinenwitze.de
Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108190101/ 252 KB
93 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108190101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8084705259377832&plah=blondinenwitze.de

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e50923eeab2fab42aabd0b1dd0295ed74f9bf5eec3f91bdcb4b36316a40860bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95447
x-xss-protection: 0
server: cafe
etag: 5134495107379379254
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 22 Aug 2021 09:15:55 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210816/r20190131/ Frame 424F 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210816/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210816/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 22 Aug 2021 08:37:30 GMT
expires: Sun, 05 Sep 2021 08:37:30 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 2305
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-6599247-26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 134
date: Sun, 22 Aug 2021 09:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Sun, 22 Aug 2021 11:13:41 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1029522046&t=pageview&_s=1&dl=http%3A%2F%2Fblondinenwitze.de%2F&dr=http%3A%2F%2Fwww.ftpserver.de%2F&ul=en-us&de=UTF-8&dt=Gute%20Blondinenwitze&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=818835759&gjid=52951325&cid=336621831.1629623756&tid=UA-6599247-26&_gid=373941357.1629623756&_r=1&gtm=2ou8i0&z=1193763070

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 22 Aug 2021 09:15:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://blondinenwitze.de
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 207 B
266 B 48ms
47ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=blondinenwitze.de&callback=_gfp_s_&client=ca-pub-8084705259377832

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108190101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8084705259377832&plah=blondinenwitze.de

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

7f1f8a8f1a9370f9ab85e76999356458d0e6d920e1d388b8021c972476326c82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=blondinenwitze.de

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=blondinenwitze.de

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B182 69 KB
26 KB 516ms
515ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11d4892cef3caa7d286a919779594db95521101e6af24d3a17a834959667a070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 22 Aug 2021 09:15:56 GMT
server: cafe
content-length: 26178
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Aug-2021 09:30:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a2478978968eefdc87127bfe6619a9de514b2ccb89b2a95824a53e6bea1f9cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458978809797"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27677
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:55 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4F49 69 KB
26 KB 402ms
402ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

142743f815c13da699872f7ce96089f154a4320a899f087787a63c78a4813675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 22 Aug 2021 09:15:56 GMT
server: cafe
content-length: 26202
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Aug-2021 09:30:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0B2D 80 KB
28 KB 684ms
684ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecb6e7fcead7be55522141872f285da756f7e1b559fc69119770cabc64176a21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 22 Aug 2021 09:15:56 GMT
server: cafe
content-length: 28267
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Aug-2021 09:30:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 21CA 69 KB
25 KB 553ms
552ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8c43a25d8e6e794f6365a81afaa8a8fb8527f6b4e056f3beb4325723e61e94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 22 Aug 2021 09:15:56 GMT
server: cafe
content-length: 26070
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Aug-2021 09:30:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=blondinenwitze.de

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=blondinenwitze.de

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 Aug 2021 09:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0605 12 KB
5 KB 190ms
190ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&adk=1812271804&adf=3025194257&lmt=1629594792&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fblondinenwitze.de%2F&ea=0&flash=0&pra=7&wgl=1&dt=1629623755650&bpp=1&bdt=233&idt=99&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280%2C300x600&nras=1&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=5&uci=a!5&fsb=1&dtd=104

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ed887d635a17ce869059668c2f87bee4714cfcaf53397c375b0ea223946fdbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8084705259377832&output=html&adk=1812271804&adf=3025194257&lmt=1629594792&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fblondinenwitze.de%2F&ea=0&flash=0&pra=7&wgl=1&dt=1629623755650&bpp=1&bdt=233&idt=99&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280%2C300x600&nras=1&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=5&uci=a!5&fsb=1&dtd=104
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 22 Aug 2021 09:15:55 GMT
server: cafe
content-length: 4762
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Aug-2021 09:30:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:55 GMT
cache-control: private

GET
H2 200 12560354683053305748
tpc.googlesyndication.com/daca_images/simgad/ Frame 4F49 132 KB
132 KB 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/12560354683053305748

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e821eeff293b8bea66c69c6fd3221426351d7507b81eb41d15f6bfd0fc7cdb85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 09:26:37 GMT
x-content-type-options: nosniff
age: 85759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134867
x-xss-protection: 0
last-modified: Sat, 14 Aug 2021 07:48:49 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 09:26:37 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/ Frame 4F49 18 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:02:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 4F49 2 KB
1 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:15:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4F49 124 KB
37 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458990649126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38246
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:56 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 4F49 14 KB
6 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:15:34 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 4F49 26 KB
11 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 07:56:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10743
x-xss-protection: 0
server: cafe
etag: 8915488205478863544
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 07:56:17 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4F49 0
0 31ms
31ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C_1oMyxUiYYOBLt2U3gPUq4CIC56Ygtlk-JKAq88Ov-EeEAEgq5mWAmCVAqABg8CulQLIAQKoAwHIA8kEqgTIAU_QRKfk4QxkIJDdMwCnBz5MljhjCgRsokk0IvzdBx3-21GTKNMS0wzv5wKGv1OcCpZwBh3qa00oNpmweuAesHThroP1yYuRfGyW68n-Fzp1D14_2naGlRTdRo13yqhAQ0F8xkvDllbw0MoN5ifNjXfKgpM672ZopHk5H8-HAdmALpYII1vACyQtlt3q7kENsiRgRmzXaKy9Lm_KgAI_v5sCxXfL79CrOw0Vc1Ix9MBTOuEZU8zRCxb2YsOnxRUYBp5XlSRELf-KwATDsLG_4wOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAH5b_R6gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ1rEL0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTgwODQ3MDUyNTkzNzc4MzIYAA&sigh=56aeEiPfoZs

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 22 Aug 2021 09:15:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:56 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D46F 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2639296853&adk=528326920&adf=230229480&pi=t.ma~as.2639296853&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755639&bpp=1&bdt=223&idt=93&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1147&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=GVRMXHfqy9&p=http%3A//blondinenwitze.de&dtd=97

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 22 Aug 2021 08:16:33 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame FDD9 247 B
806 B 105ms
33ms Document
text/html 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

37633da4cbc3d45bce583b8b00298e46b2f1839e7fe9335988031b124e3f945a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/redir.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-uw568o8NB8pAU65J956d3g' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 205
date: Sun, 22 Aug 2021 09:15:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D46F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

44ms
39ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 22-Aug-2021 10:15:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4F49 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd35ff1bd349330c632cc2853668ebd70d7171ae95bb19234512e2c8dcd8435a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 12560354683053305748
tpc.googlesyndication.com/daca_images/simgad/ Frame B182 132 KB
132 KB 8ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/12560354683053305748

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e821eeff293b8bea66c69c6fd3221426351d7507b81eb41d15f6bfd0fc7cdb85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 09:26:37 GMT
x-content-type-options: nosniff
age: 85759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134867
x-xss-protection: 0
last-modified: Sat, 14 Aug 2021 07:48:49 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 09:26:37 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/ Frame B182 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:02:13 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame B182 2 KB
1 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:15:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B182 124 KB
37 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458990649126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38246
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:56 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame B182 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:12:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:12:17 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame B182 26 KB
11 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 07:56:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10743
x-xss-protection: 0
server: cafe
etag: 8915488205478863544
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 07:56:17 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame B182 0
0 31ms
31ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnP8ByxUiYZKXLYH43gO19angD56Ygtlk-JKAq88Ov-EeEAEgq5mWAmCVAqABg8CulQLIAQKoAwHIA8kEqgTFAU_QpmbV1nKuAyhTxYAT0xo-aM9_4TM8c3RPpm7PRsUntGKEgrr-XptUYHvYToPyBJgRl38B69s-QsQ9NsHDbpBpCzDv0r2VsQlRJVsP8M6Gf4hYIbeNm9oc-lDD-n19cBPh_q-aOW27C-Q1oOUaWjgXxidUlgAYIvungMks6yNSQKPH0nui7VAoI9KpxCKeuxBAFeNVsH7xMiV4mtpdPAqaEUdaHtmmuqWgeZfIXAoXgHs3b7kFOcZXooOZXjIZgeZAF0GowATDsLG_4wOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAH5b_R6gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQn8gH0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTgwODQ3MDUyNTkzNzc4MzIYAA&sigh=lO-a0E5Xp_g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 22 Aug 2021 09:15:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 iframe.html Show response
p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame FDD9 4 KB
2 KB 68ms
35ms Document
text/html 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

eef55419ea69e6b16c54a81a824f3b9b1cbadd087b8e5ebaba4ab617f5d4331e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-BJlKCsLG0OS-dK70fiKyuQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 1862
date: Sun, 22 Aug 2021 09:15:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BC3F 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 22 Aug 2021 08:16:33 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BC3F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

74ms
74ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 22-Aug-2021 10:15:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B182 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7ea30ed08342c1a4d89fea9d7f683488e5083c5760325c0b31a8da6b1062676

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 9321894097551927584
tpc.googlesyndication.com/daca_images/simgad/ Frame 21CA 75 KB
75 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/9321894097551927584

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74df7ac2e9cc7af1c5ed06619da911d93a22b1d1a52078d3b70e99dc63d8ac3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 09:51:16 GMT
x-content-type-options: nosniff
age: 429880
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76893
x-xss-protection: 0
last-modified: Tue, 17 Aug 2021 07:27:24 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 09:51:16 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/ Frame 21CA 18 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:02:13 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 21CA 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:15:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 21CA 124 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458990649126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38246
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:56 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 21CA 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:12:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:12:17 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 21CA 26 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 07:56:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10743
x-xss-protection: 0
server: cafe
etag: 8915488205478863544
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 07:56:17 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 21CA 0
0 32ms
31ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSsJPyxUiYY7JLp6z3gOi1bCgAuSepthktY6P4pcOv-EeEAEgq5mWAmCVAqABg8CulQLIAQKoAwHIA8kEqgTLAU_Qn3HcxQRJwjSTIg7ctgNZ9bzdel2t-xD1cByZKFnR6mFNUtu7PDG6Nwj9igkTkGier0lk9ihw4Hhkl1ps3v7wsbaFWAznXHdTjuVcMosIa8L1G_Rs_wK4R3ZNUkWIlH-Gus6zGGYcvX6ILL9KpBYT2ffCXDo7hqEh6GOq83ng3I26jSjt559yAVtlmOoyIUFakNIRrKqTF5faV5AoHYmwc4UrkENnIjKuMOczfTJYzay01UdHJVPWahNRlPthG9R1urr4XM1fN7VowATzkoLGzgOSBQQIBBgBkgUECAUYBKAGAoAH5b_R6gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH_p6xAqgHpr4bqAfs1RvYBwHyBwQQybwJ0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTgwODQ3MDUyNTkzNzc4MzIYAA&sigh=mZXEMoxKoM8

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 22 Aug 2021 09:15:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EB5F 143 B
163 B 7ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=600&slotname=5470051121&adk=228519892&adf=2448842579&pi=t.ma~as.5470051121&w=300&lmt=1629594792&psa=0&format=300x600&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&wgl=1&dt=1629623755641&bpp=1&bdt=225&idt=104&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&xpc=vUmUv5Qixx&p=http%3A//blondinenwitze.de&dtd=106

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 22 Aug 2021 08:16:33 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js Show response
pagead2.googlesyndication.com/bg/ Frame 71AD 35 KB
13 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6e0cf33bd31faca2542d9376cc2a8b9722904e24cc4d3bfc121048e46c244ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13303
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Aug 2022 19:04:32 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EB5F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 22-Aug-2021 10:15:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 21CA 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e09adcb533d1002d445f8c01c3171463dec800398e30a2ec5111735333622674

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 12560354683053305748
tpc.googlesyndication.com/daca_images/simgad/ Frame 0B2D 132 KB
132 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/12560354683053305748

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e821eeff293b8bea66c69c6fd3221426351d7507b81eb41d15f6bfd0fc7cdb85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 09:26:37 GMT
x-content-type-options: nosniff
age: 85759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134867
x-xss-protection: 0
last-modified: Sat, 14 Aug 2021 07:48:49 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 09:26:37 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/ Frame 0B2D 18 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:02:13 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0B2D 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTQ_jyxUiYaCiLpbl3wPjnISgCZ6Ygtlk-JKAq88Ov-EeEAEgq5mWAmCVAqABg8CulQLIAQKoAwHIA8kEqgTIAU_QSo7jzWbf4rNORXTudmztryLweF-QXOZuXcuaQ0zAM3gKYGtCUaSy2dsM5BEw3VKEZUPHaEkrEFfkiyIX_687k-vk7r7htv6wfIrLqepHGjTa6Fa6tGRD3ffxHzYgvwPfTUpQq1jAOozjav77Y1-QK-J3gWyGmV2F3llEC-LPXMndISxksm0Ne2Ply2OAFBCEpGZBczKJsc9ArtVL3RsMRojZQaA1gIvsu5nZ9sGZvrX0sRaV0wBb7XRcSaPhl3NQgPew526TwATDsLG_4wOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAH5b_R6gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ_bUF0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTgwODQ3MDUyNTkzNzc4MzIYAA&sigh=HX5rirNQIs4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 22 Aug 2021 09:15:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js Show response
pagead2.googlesyndication.com/bg/ Frame 1275 35 KB
13 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=2650822804&adk=272975221&adf=2037562816&pi=t.ma~as.2650822804&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1629623755635&bpp=4&bdt=219&idt=76&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&correlator=1387563235345&frm=20&pv=2&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=GVTXJLA9XS&p=http%3A//blondinenwitze.de&dtd=89

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6e0cf33bd31faca2542d9376cc2a8b9722904e24cc4d3bfc121048e46c244ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13303
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Aug 2022 19:04:32 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 0B2D 2 KB
1 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:15:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0B2D 124 KB
37 KB 25ms
21ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458990649126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38246
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:56 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 0B2D 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:12:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 09:12:17 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 0B2D 26 KB
11 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 07:56:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10743
x-xss-protection: 0
server: cafe
etag: 8915488205478863544
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 07:56:17 GMT

GET
H3-29 200 1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js Show response
pagead2.googlesyndication.com/bg/ Frame 026E 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6e0cf33bd31faca2542d9376cc2a8b9722904e24cc4d3bfc121048e46c244ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13303
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Aug 2022 19:04:32 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7C9B 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8084705259377832&output=html&h=280&slotname=1385639527&adk=7383113&adf=1322833778&pi=t.ma~as.1385639527&w=780&fwrn=4&fwrnh=100&lmt=1629594792&rafmt=1&psa=0&format=780x280&url=http%3A%2F%2Fblondinenwitze.de%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1629623755640&bpp=1&bdt=224&idt=101&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&prev_fmts=780x280%2C780x280&correlator=1387563235345&frm=20&pv=1&ga_vid=336621831.1629623756&ga_sid=1629623756&ga_hid=1029522046&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1971&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066110%2C42530671%2C21066432%2C31062313%2C20211866%2C31060033%2C31062297&oid=3&pvsid=163734562888065&ref=http%3A%2F%2Fwww.ftpserver.de%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=JSxyiMt9TL&p=http%3A//blondinenwitze.de&dtd=103

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 22 Aug 2021 08:16:33 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0B2D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda015b1412974ed8f9907ee2830aeafc19daed1f4eb9ba0befb9c336d8d0f71

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

dark-bottom.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css

3 KB
1 KB

20ms
18ms

Stylesheet
text/css

2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0ffccca0958c2710d1eb8b56616436104e48271e70c3dddf1ba4eb0a9df065a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 898726
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 700
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-c27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imR2YRGbVtqOwpsLINZYNFBicLH8soBCvFGuVGOdcEPJ9uTpujtmNcs0okLrSmtQeQbyZsaWWUAOFF8lHBhBml0yhrvcg1763kNUGAOuHxLm8lXzyfanqSKRZwfr50%2FWodd1LdGKubVpWTiRVpOmxQys"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 682affdf0a3305e4-FRA
expires: Fri, 12 Aug 2022 09:15:56 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css
Non-Authoritative-Reason: HSTS

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 33ms
19ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210816&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a38ff9f7a04e7f36c48ce9fffe9a6f4c58e9deacb96e6dc6e716e92e73ec39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8500
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7C9B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 22-Aug-2021 10:15:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 22 Aug 2021 09:15:56 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js Show response
pagead2.googlesyndication.com/bg/ Frame 9FF0 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6e0cf33bd31faca2542d9376cc2a8b9722904e24cc4d3bfc121048e46c244ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13303
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Aug 2022 19:04:32 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 09:15:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 22 Aug 2021 09:15:56 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F66F 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sun, 22 Aug 2021 09:10:19 GMT
expires: Mon, 22 Aug 2022 09:10:19 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 337
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B9C5 783 B
535 B 30ms
29ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6eb45ba32a5cca46341323a02394b7ee9ee2fdd061d5bb4892ce3418086b41d8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-z2tJWZk+tdx+EeTpKq6tGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://blondinenwitze.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://blondinenwitze.de/

Response headers

expires: Sun, 22 Aug 2021 09:15:56 GMT
date: Sun, 22 Aug 2021 09:15:56 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-z2tJWZk+tdx+EeTpKq6tGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js Show response
pagead2.googlesyndication.com/bg/ Frame F66F 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1uDPM70x-solQtk3bMKouXIpBOJMxNO_wSEEjkbCROo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6e0cf33bd31faca2542d9376cc2a8b9722904e24cc4d3bfc121048e46c244ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13303
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Aug 2022 19:04:32 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 28ms
28ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210816&jk=163734562888065&bg=!29il2JzNAAZvV8FTb1c7ACkAdvg8WjcNrt6qT33u98MpLtWmvR3xN288ctKa5JRAcwqyZNSUd5XI6gIAAABXUgAAAAhoAQeZAnf-y0-WB9heBDxe_SX0lk2VS_oL2taiInepxexFuCS6j5ExYJWeYen7tI6xrlnmhfp4elXjC7FB51M7pE9UbsxcECPtIQohez3VvzJ1vkUndC_Aam-5FWiZCa9rIR4TYm-oJMaYIU7yVSs3cJgicJWLnsFJm-I1AplnIoFZpTBSybJum9phq_Nh5uem2MjhB1ju12YxdGziuiojWZIKmJ8bpKgmE-VOpvMIpqe54t-pYCBMD8wdgL1022_cqXD6SvnDHEyVdbF2SrgW8G1YBvwTMPcqLZvyfsvZOkj-O0jk7lG0FEDANZdrY4xBQz_Cj0wxIwvamXGMmMftPNHoSE-atiYpgNULxYuYE5PKP3pbzHRD3siY_sqD3lC0XVnrHu0u5r9sMmz4PPzWKt7S6sAaIYn3V7CgB7nFmLEq8rb9tAytBJ74BlbEDKutI1X3v5O2kECXb32hzhBht3rumYdwaF9WqPVzCxL3c2ei6VKrsMStdLAa9lV6xX9ND4ZzmW_I3MiyDWrLt4cdqoFdIheJ1Wg4JZcNd6xAujnDLoYMLAqycpx3nIMok3b8VBFAl3Cba6YlfI2OmQGv8fQujrOxAP4ewup0RjJDAT-58qgiVmBl53YHJwErLFxtKDuxkhdnGYhexXU3zZ_C2jsdkvwzsyx3T1eyv5y7bH9SfFjtnQhWuYIY7So_-5UhqomMMvuKb89k0sWcGu2B_c8uMzLd27GVXbTg-d4x72MG0OkIPNtVgHlX2Ava_GYdyU7dQV-8toJjdUBrQLngUOKhD_KkPHEAez3NGkiiQL_5Rx8PoK1JEXuyG2lgPWioBEVgErdgbMQVF_9Z

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://blondinenwitze.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 Aug 2021 09:15:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B182 42 B
64 B 30ms
30ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssqeR82WjJLsJMnfoNtQQJxrvkPjnjJy7gugjibmBLrtA-8wBiIFf7sO04M0Cc7SHOSsR5c6lRBoIJhUtK13ijZ3oydl6MY7tKWm7uBoZBRMMGE9laOammKhvEYQA&sai=AMfl-YRokchwQelGSGAh2sFAZZFCjuecrcHmnc4Cxe1E5TeCzlxm9wGr-o8rw5WCFYAgAgM5RBldsM7lRAkd&sig=Cg0ArKJSzCFLyLWZc9bsEAE&id=lidar2&mcvt=1000&p=298,240,499,1020&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210820&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=272975221&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1629623755726&dlt=536&rpt=54&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 Aug 2021 09:15:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 21CA 42 B
64 B 29ms
29ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCb2TdHFLgJIRG5HP84tEvKeAg4l_W7wz9iu1Jc6-dOMfA8TijhSdWLrcrTsfds2rr8m0_gW-0r-WmIxFVnQnSoPr1nILOhTtcjCbI68FIpaYI2CAO8QCosyzOuQ&sai=AMfl-YRj_CTjNIs4z8SFrdvtv7ojKxGpnB2CXOab6g0XlpypLsNl0lLysHKgDiW0wYSP0A-cpgrnz12SaXdY&sig=Cg0ArKJSzD3Hcu2o4B9ZEAE&id=lidar2&mcvt=1001&p=296,1060,896,1360&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210820&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=228519892&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1629623755748&dlt=560&rpt=29&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 Aug 2021 09:15:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i1-v6exp3.ds.metric.gstatic.com/v6exp3/ Frame FDD9 35 B
427 B 48ms
14ms Image
image/gif 2a00:1450:4001:82a::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i1-v6exp3.ds.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 Aug 2021 09:16:06 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i2-v6exp3.v4.metric.gstatic.com/v6exp3/ Frame FDD9 35 B
427 B 106ms
33ms Image
image/gif 142.250.185.178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i2-v6exp3.v4.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f18.1e100.net

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 Aug 2021 09:16:06 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 20:40:24	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-19 20:40:27	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 06:01:59	Name: IDE Value: AHWqTUmMWTjpwrHTXg20AuOpkohVCUfMaSmAEvGLfedq0fqlh9VzgMuI0SjDE9uE6Eo
.blondinenwitze.de/	1970-01-20 06:01:59	Name: __gads Value: ID=e54a78efbf348179-22f41ac7b2c900c2:T=1629623755:RT=1629623755:S=ALNI_MaEMTbzuK0f56o4E9R1UbaHxJLxlg
.blondinenwitze.de/	1970-01-19 20:40:27	Name: SJECT2108 Value: CKON2108
.blondinenwitze.de/	1970-01-20 14:11:35	Name: _ga Value: GA1.2.336621831.1629623756
blondinenwitze.de/	1970-01-19 20:40:27	Name: _wpss_p_ Value: N%3A0%20%7C%20
blondinenwitze.de/	1970-01-19 20:40:27	Name: _wpss_h_ Value: 2
.blondinenwitze.de/	1970-01-19 20:40:23	Name: _gat_gtag_UA_6599247_26 Value: 1
blondinenwitze.de/	1970-01-19 20:40:27	Name: JCS_INENTIM Value: 1629623755581
blondinenwitze.de/	1970-01-19 20:40:27	Name: JCS_INENREF Value: http%3A//www.ftpserver.de/
.blondinenwitze.de/	1970-01-19 20:41:50	Name: _gid Value: GA1.2.373941357.1629623756
.blondinenwitze.de/	1970-01-19 20:40:24	Name: ckon2108 Value: sject2108_ce928bc512216
.blondinenwitze.de/	1970-01-19 20:40:38	Name: 923a37c518d07b6a8a690e2f5d1fc3e9 Value: 29bbbafb6c4d778afbdf4c99bc668b5b
blondinenwitze.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: db45c4d5f061e3f47d7e39a89c8e1948

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://blondinenwitze.de/wp-content/cache/wpfc-minified/driqyue/c8eeg.js(Line 10) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
blondinenwitze.de
cdnjs.cloudflare.com
googleads.g.doubleclick.net
p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i1-v6exp3.ds.metric.gstatic.com
p4-gxqr2ige7meru-kas56mpmdh4yx72v-620998-i2-v6exp3.v4.metric.gstatic.com
p4-gxqr2ige7meru-kas56mpmdh4yx72v-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.blondinenwitze.de
www.ftpserver.de
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.teengallery.net
142.250.184.226
142.250.185.178
142.250.185.195
2606:4700::6810:125e
2a00:1158:300::66b
2a00:1450:4001:808::200e
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::2012
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a01:4f8:c2c:abf5::1
0120a25437dd8faf0818ca24725d230f9154ccb4258d429ff38eef2389e7344b
03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0
0df76cf0461454b231957ecab478f90d2b3e15cbf2369f417f42a844b4988b9d
11d4892cef3caa7d286a919779594db95521101e6af24d3a17a834959667a070
142743f815c13da699872f7ce96089f154a4320a899f087787a63c78a4813675
174cfe565e4c68c92f95fe9aecfdfe915369ea7f76e88195cc484f75dc0f8ae7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
22518ff32f769e282e7b884f80b238038242e11fcd7c9ddf11a53285f6f4993a
37633da4cbc3d45bce583b8b00298e46b2f1839e7fe9335988031b124e3f945a
3a38ff9f7a04e7f36c48ce9fffe9a6f4c58e9deacb96e6dc6e716e92e73ec39d
3ed887d635a17ce869059668c2f87bee4714cfcaf53397c375b0ea223946fdbe
4607f47ea58a4cc07d8a04102e7923ac9fea1ab6fb1374db5f24c72784114a5b
47599a06e244687a8c1f646bf48f50ced883bb41229d3aef489447e790787d85
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b
5621ca2ad7bb8a712767af5769fdbeb6160965d60a8bdbdae8f990802b4977ca
60d9e059c4a7d0290d827444e202e62ba63df66084111c06a28e275e4f170757
63536f69a3e7d0e6eb22ed94625199f9a2c133ab6af2b04de111fcd836c13c07
6b2e2d56e7b0e80d919bc65dd94f8cd95e57ad9298fc4fecc005301ea8339c9f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6eb45ba32a5cca46341323a02394b7ee9ee2fdd061d5bb4892ce3418086b41d8
74df7ac2e9cc7af1c5ed06619da911d93a22b1d1a52078d3b70e99dc63d8ac3e
78eb4b121d308785471e1d2abb3e6098c5515e9cb3f4b8ce08fce96bda825dd4
7a2478978968eefdc87127bfe6619a9de514b2ccb89b2a95824a53e6bea1f9cf
7f1f8a8f1a9370f9ab85e76999356458d0e6d920e1d388b8021c972476326c82
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
894e09df376c6a9c251ff8ce18fb37445d07f051906ce0f0ecedf793b886a70d
9ad5f9f1acf7b1d2e32607221022b810bb7132568d4f0976ec6ec3449223f7bc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a7ea30ed08342c1a4d89fea9d7f683488e5083c5760325c0b31a8da6b1062676
a893d449257f7257a0bedbec00aa7daeb0bb87ede8351556ac12fc6a94c244bb
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b8c43a25d8e6e794f6365a81afaa8a8fb8527f6b4e056f3beb4325723e61e94e
be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3
c0ffccca0958c2710d1eb8b56616436104e48271e70c3dddf1ba4eb0a9df065a
cda015b1412974ed8f9907ee2830aeafc19daed1f4eb9ba0befb9c336d8d0f71
cf6a820731f174190b993c52956a11854b01149de9109a383f5439d363dd85c6
d2d2846040ce0726ba6ace389110fad3b2c7f1cc23caf00adc4f8a016892ad57
d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270
d6e0cf33bd31faca2542d9376cc2a8b9722904e24cc4d3bfc121048e46c244ea
ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326
e09adcb533d1002d445f8c01c3171463dec800398e30a2ec5111735333622674
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50923eeab2fab42aabd0b1dd0295ed74f9bf5eec3f91bdcb4b36316a40860bc
e5158f25cdcfffe9f97cbb63bfefce9628e50e59bd125420b99391a41a583df7
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e821eeff293b8bea66c69c6fd3221426351d7507b81eb41d15f6bfd0fc7cdb85
ecb6e7fcead7be55522141872f285da756f7e1b559fc69119770cabc64176a21
eef55419ea69e6b16c54a81a824f3b9b1cbadd087b8e5ebaba4ab617f5d4331e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149
fd35ff1bd349330c632cc2853668ebd70d7171ae95bb19234512e2c8dcd8435a

blondinenwitze.de Open in urlscan Pro 2a00:1158:300::66b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

88 Requests

81 %HTTPS

82 %IPv6

13 Domains

18 Subdomains

16 IPs

3 Countries

1522 kBTransfer

3051 kBSize

15 Cookies

6 Outgoing links

Page URL History

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blondinenwitze.de Open in urlscan Pro
2a00:1158:300::66b Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

81 %
HTTPS

82 %
IPv6

13
Domains

18
Subdomains

16
IPs

3
Countries

1522 kB
Transfer

3051 kB
Size

15
Cookies

88 HTTP transactions
5 data transactions