faceitfinder.com Open in urlscan Pro
2606:4700:3033::ac43:8961 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://faceitfinder.com/
Effective URL:
https://faceitfinder.com/
Submission: On February 01 via api (February 1st 2024, 11:02:03 pm UTC) from US — Scanned from DE

Summary HTTP 121 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 31 IPs in 8 countries across 20 domains to perform 121 HTTP transactions. The main IP is 2606:4700:3033::ac43:8961, located in United States and belongs to CLOUDFLARENET, US. The main domain is faceitfinder.com.
TLS certificate: Issued by GTS CA 1P5 on January 4th 2024. Valid for: 3 months.

This is the only time faceitfinder.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::6815:1aa5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 17	2606:4700:303... 2606:4700:3033::ac43:8961	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1 6	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
3 4	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
4	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
2	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	3.9.158.88 3.9.158.88	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	92.123.148.9 92.123.148.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1	108.157.4.70 108.157.4.70	16509 (AMAZON-02) (AMAZON-02)
1	18.154.63.65 18.154.63.65	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2	13.42.93.91 13.42.93.91	16509 (AMAZON-02) (AMAZON-02)
121	31

1 2606:4700:3030::6815:1aa5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

faceitfinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3033::ac43:8961 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

faceitfinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.34 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.149 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 116.202.48.214 (Krefeld, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.157 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.121.248.44 (Paris, France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.9.158.88 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-158-88.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.148.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-9.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-70.dus51.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.154.63.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-63-65.dus51.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.42.93.91 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-93-91.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	506 KB
21	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 ad.doubleclick.net — Cisco Umbrella Rank: 163 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 126874	134 KB
18	faceitfinder.com 2 redirects faceitfinder.com	514 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38309 hal90007.redintelligence.net — Cisco Umbrella Rank: 229090	38 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	78 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	439 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	2 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	21 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 28599 api.webgains.io — Cisco Umbrella Rank: 69568	19 KB
3	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 41332 medialead.de — Cisco Umbrella Rank: 40963	851 B
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	3 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	195 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 11938	1 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 69384	3 KB
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 16092	704 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 55633	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 148117	923 B
121	20

	Domain	Requested by
20	pagead2.googlesyndication.com	faceitfinder.com pagead2.googlesyndication.com www.gstatic.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
19	tpc.googlesyndication.com	googleads.g.doubleclick.net faceitfinder.com tpc.googlesyndication.com pagead2.googlesyndication.com
18	faceitfinder.com	2 redirects faceitfinder.com
8	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com faceitfinder.com
7	www.gstatic.com	googleads.g.doubleclick.net
6	ad.doubleclick.net	1 redirects faceitfinder.com googleads.g.doubleclick.net 5994599.fls.doubleclick.net
6	www.googletagmanager.com	faceitfinder.com www.googletagmanager.com adv.office-partner.de
5	hal90007.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90007.redintelligence.net
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal90007.redintelligence.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net hal90007.redintelligence.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net faceitfinder.com
2	api.webgains.io	analytics.webgains.io
2	5994599.fls.doubleclick.net	1 redirects faceitfinder.com
2	pv.medialead.de	hal90007.redintelligence.net googleads.g.doubleclick.net
2	www.googleadservices.com	faceitfinder.com
2	fonts.gstatic.com	fonts.googleapis.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	counter.yadro.ru	1 redirects faceitfinder.com
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	5994599.fls.doubleclick.net
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	www.awin1.com	googleads.g.doubleclick.net
1	medialead.de	1 redirects
1	track.webgains.com	faceitfinder.com
1	adv.office-partner.de	hal90007.redintelligence.net
1	stats.g.doubleclick.net	www.google-analytics.com
121	31

This site contains links to these domains. Also see Links.

Domain
steamcommunity.com

Subject Issuer	Validity	Valid
faceitfinder.com GTS CA 1P5	`2024-01-04` - `2024-04-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
adv.office-partner.de R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-10` - `2025-01-10`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh

This page contains 19 frames:

Primary Page: https://faceitfinder.com/
Frame ID: 9F06801AF1FED1814966C6EE2ACECCF1
Requests: 31 HTTP requests in this frame

Frame: https://faceitfinder.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Frame ID: 0F0587B49A034D0FF834266A49988B97
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20190131/zrt_lookup_fy2021.html
Frame ID: DE596786D8BB2B4821B653539EC2D200
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3958485131510337&output=html&adk=1812271804&adf=3025194257&lmt=1706821845&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Ffaceitfinder.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706828518949&bpp=10&bdt=322&idt=312&shv=r20240131&mjsv=m202401290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3433473771013&frm=20&pv=2&ga_vid=1699676303.1706828519&ga_sid=1706828519&ga_hid=55040137&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C95320378%2C95320868%2C95323006&oid=2&pvsid=2598499035429544&tmod=891621434&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=325
Frame ID: 3B2CBAAB8092EF50FF2FBF2DBD4499BB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3958485131510337&output=html&h=280&adk=4144480424&adf=2712143399&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1706821845&rafmt=1&to=qs&pwprc=2429781691&format=1200x280&url=https%3A%2F%2Ffaceitfinder.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706828518959&bpp=1&bdt=332&idt=322&shv=r20240131&mjsv=m202401290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3433473771013&frm=20&pv=1&ga_vid=1699676303.1706828519&ga_sid=1706828519&ga_hid=55040137&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=299&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C95320378%2C95320868%2C95323006&oid=2&pvsid=2598499035429544&tmod=891621434&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=323
Frame ID: 55004220F03D2F91E656FCF28FBE7E20
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Frame ID: 07AB4E5067756763EE12D6AAEB78F5AD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: DB602FB58005ADA9C836E988D7609475
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 7884C73EA01F4568021769C642F498B0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWdIej4lA9c_s5ttHEE9mSNUFBYAEl_znD6ZyaU1aScdNzfaS-Ifjq_QeJBFpMAalo4KTfGy3Ht_-aPcrAAV4j965H0xy308bhxqIbV1iKZJhm77DiAECu5RlBK_GyArtUv7oLtgL6L4Y8XQ0hhx27mPwG8CmTxR5QI2XS4NaUcjGhhyKk
Frame ID: 23FE3263917BFCDFD45998FE362A5E2A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 513CFFFBD7AC60F242C5AF553E58C9DF
Requests: 21 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6DF061C0DDDD4D2E07FF04C8312742AE
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Frame ID: 8336806625CF54D8759268E54FC16DA0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 69681C2A0A342D648882928BD9EDFA8A
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 6BFDA2310AFDC7C19966155FF5A140FD
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 81B2E3ED865FCCDAA3C544CC5BB98030
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057
Frame ID: 13F0D2B6D006847F32E738AF1B42B6FE
Requests: 3 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Frame ID: 7E81E093501B460E6F08F336D2970D94
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 85E0CC46A29500A518414A0FA4FE50D6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7CE9F98B32D53E0339A7652B3FAEEE9F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Faceit account finder

Page URL History Show full URLs

http://faceitfinder.com/ HTTP 301
https://faceitfinder.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Liveinternet (Analytics) Expand

Overall confidence: 100%
Detected patterns

<script[^<>]*>[^]{0,128}?src\s*=\s*['"]//counter\.yadro\.ru/hit(?:;\S+)?\?(?:t\d+\.\d+;)?r

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

121
Requests

92 %
HTTPS

50 %
IPv6

20
Domains

31
Subdomains

31
IPs

8
Countries

1953 kB
Transfer

4490 kB
Size

26
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://steamcommunity.com/groups/faceitfinder

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://faceitfinder.com/ HTTP 301
https://faceitfinder.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://counter.yadro.ru/hit?r;s1600*1200*24;uhttps%3A//faceitfinder.com/;hFaceit%20account%20finder;0.49638150939579084 HTTP 302
https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//faceitfinder.com/;hFaceit%20account%20finder;0.49638150939579084

Request Chain 18

https://faceitfinder.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://faceitfinder.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

Request Chain 49

https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2&nis=5 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_pre=CJnlkd2fi4QDFdU5VQgd21YCgA;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2&nis=5

Request Chain 50

https://googleads.g.doubleclick.net/pagead/adview?ai=CS2kS5yK8ZdX5FrfU_tMPsY6dMK2X7NF17LX61rAS2dkeEAEg5-WpGmCVspWCpAegAfLZ-IMDyAEJqQL2hjxfsh-yPqgDAcgDywSqBNoBT9DF_TiHxdQ_ebj5TTYQzLWDtPtLv84xCoACL5LDi-tFtcq1AWv3a2XA9AwWYl1ZgZaP13pQuFxHSEA-pBpL8PJKi00o1g9yjGUJtsaWFV_K8yKlx8EtJcxJn8bBBveFi7ZaVQzfHzXI5HMlNa6hxCDBuI9ireuAN03Tj7B-s79H2C75PLivZ086pVZjxEVZ9wFGXhbWxC6Ubl0bNC7x1hfjUkN_rELQUHdEYpULimoV6wz-s9RNb-K8sDXVJkkgteNrPpPbbIjT9DRy7g7bb1GfUkQ6NG-bP2PABKvPiqvNBIgFrYKR6UySBQQIBBgBkgUECAUYBKAGLoAH9qWHfKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEPWWA9IIJQiA4YAQEAEYHzICqgI6CIBAgICEgIAESL39wTpY28HX3J-LhAOaCccBaHR0cHM6Ly93d3cuaW9ub3MuZGUvP2l0Yz1TSkY5NUY4QS1USDUzWTgtVUREQVRWSyZhYz1PTS5QVS5QVW81Nks0MzAzMTRUNzA3M2EmdXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1jcGMmdXRtX2NhbXBhaWduPURJUy1ERS1CUkEtQlJBWC1HRE4tUFVSLVRWQ19IUC0tLSZ1dG1fY29udGVudD1QTUJfU0lfSFAmdXRtX3Rlcm09VFZDX0hQX01peIAKAcgLAbgT5APYEw3QFQGAFwGyFxwKGggAEhRwdWItMzk1ODQ4NTEzMTUxMDMzNxgA&sigh=XHay9K4G3zM&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_g17bgIRJiuy8Yf2EH4PwTPHLUKsGSiiEi9JL4oIyzfFQ6yOCB1JvDiSKa-mecGL3WXjw5F1bQ6XJWjVFUD7sDylZhx5gfIUZ-QoYAQ&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213238485881633776692%22,%22debug_reporting%22:true,%22destination%22:%22https://ionos.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22813575410%22],%2222%22:[%22true%22],%224%22:[%2202-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215639914783305508241%22}&andc=true

Request Chain 74

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1

Request Chain 75

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbwi6FOe47pbNWPG20ahwwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHx4q1-DYP4j_-qBpG91brk&google_cver=1

Request Chain 77

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2MjQyMjYzNjM2OTg1OTY0Nw%3D%3D

Request Chain 88

https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 93

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057

Request Chain 95

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=

121 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
faceitfinder.com/
Redirect Chain

http://faceitfinder.com/
https://faceitfinder.com/

6 KB
3 KB

91ms
35ms

Document
text/html

2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2dabe4f65e60b199d339f76f8b25030cc96166086ca050c88b7dbe167f898e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6673
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
cf-cache-status: HIT
cf-ray: 84edd1c139641965-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 01 Feb 2024 23:01:58 GMT
ff-cache: MISS
last-modified: Thu, 01 Feb 2024 21:10:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mbDM%2F6rrLEeFD4f16WWJ9U%2BKobePK%2BnraBgsPVYM1sBR8lpXaAFD1obqpnZBY5wql2VLNJTCpBa27iFZQLuXDA%2FjqHnByz5V8xA0iWGVe1McjvS%2FcgymekwtSiDyAbus4xCGRb10zyz%2BTA7n0msd"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

Redirect headers

CF-RAY: 84edd1c09b971eda-AMS
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 01 Feb 2024 23:01:58 GMT
Expires: Fri, 02 Feb 2024 00:01:58 GMT
Location: https://faceitfinder.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFJdZ8xXAJ9uht%2BikyfrbDQZE%2FgxK3XXY8nVlsYSPwlDXgCPVUK%2BrHvKPH9ZEFR5H8oraNQiWyazhvVqJ909jHlxcBuRDx6C1GV5oIwo%2BV%2BpdBC2giuayLSRdnF87kDBOgjQ6PPRtXwjctg6EuUS"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.css
faceitfinder.com/css/ 15 KB
3 KB 94ms
92ms Stylesheet
text/css 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/css/main.css?0094

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ecd9e1473dcf281ce74e8a4c12e5d4d2e8c329ab53aa8a84d5afd839e481892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3243
cf-polished: origSize=19879
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Fri, 05 Mar 2021 15:15:53 GMT
server: cloudflare
etag: W/"4da7-5bccb8f5dc5cb-gzip"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64aSuTlpcbr%2Bg1pnoJxC1kXBFUMP8Bfb9lQQiasharG624KDpADLtF7nGvedZePPjz0QiWYQDtNsszugCXEGF7jbnXz55Y5qxQxEjGuwP%2F6dWF9gMG9Mo3pfTYH3HzVX9WNO7dmEC5Fsuto0csiJ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 84edd1c179ae1965-FRA

GET
H2 200 fonts.css
faceitfinder.com/css/ 2 KB
618 B 36ms
35ms Stylesheet
text/css 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/css/fonts.css?0005

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

684a9b9c4d4254b5c428b87f6906f8fc6acd7bb5aa61f659efbd18a0159c8b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6224
cf-polished: origSize=2193
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Fri, 05 Mar 2021 11:49:52 GMT
server: cloudflare
etag: W/"891-5bcc8ae954528-gzip"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ru%2BPvaA16ZW7z2WhXtPDHMCOEzu7gQ2Q3cfcEEIq%2FjgGTQz0YT%2Blp9tx9kL7CIFHeoNutSfEBIUwTbTD6KkMKNrw1xbETqj7pkjtXq3PtZBbQbRifM0yhHXG32m%2FvZ9EAeh%2B4YyM9J9EM%2FLwmgNE"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 84edd1c179b31965-FRA

GET
H2 200 faceit_logo.svg
faceitfinder.com/themes/dark/images/ 41 KB
6 KB 68ms
67ms Image
image/svg+xml 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://faceitfinder.com/themes/dark/images/faceit_logo.svg

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d761c74afe1079066dbfef46f00421f29185150399fce75e57de437451fe872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3243
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 28 May 2020 08:16:43 GMT
server: cloudflare
etag: W/"a573-5a6b0f2eb7f40"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkpDtY4puNGI%2FeUa7EQU2YA4uDhGoH0lsfwexWro1eK4JOFdmK625P0LVb46UoC1r9ry%2FOAwuAauQSOFQ2M%2B%2BPhD1becsJu7WWlOtiPvd0GBGQkz%2FKh48EU1ZsWBZeSofGy%2F4RSp8pi2xBXKkzbz"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=31536000
cf-ray: 84edd1c179bb1965-FRA

GET
H2 200 PTSans-Regular.woff2
faceitfinder.com/css/fonts/woff2/ 100 KB
100 KB 39ms
38ms Font
application/octet-stream 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/css/fonts/woff2/PTSans-Regular.woff2

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed5b08a6412963d5a329ef170786120eb8f5ae465abb12372d92969a524717b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://faceitfinder.com/
Origin: https://faceitfinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3717
alt-svc: h3=":443"; ma=86400
content-length: 102000
x-xss-protection: 1; mode=block
last-modified: Fri, 05 Mar 2021 11:46:08 GMT
server: cloudflare
etag: "18e70-5bcc8a143df39"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4oJBY%2BK%2B8blfQuN2psjtaA5Hlqs9YgnnLplf2OmJ835uEf7LU7l%2FeJK2tssW55okzOmswPfK1wPpJTIdj6QmeESKHTbJSI2UZvrq8%2B6yGxBPfMCLLgURAJ%2BwlXGKPLjVSPSNwAceOZiwODkrNK2"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 84edd1c179b51965-FRA

GET
H2 200 PTSans-Bold.woff2
faceitfinder.com/css/fonts/woff2/ 102 KB
102 KB 67ms
67ms Font
application/octet-stream 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/css/fonts/woff2/PTSans-Bold.woff2

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed0c6eaa3478a00c70e1b2f691313bde5c397ccea023d1b491095da8dc03d070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://faceitfinder.com/
Origin: https://faceitfinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3717
alt-svc: h3=":443"; ma=86400
content-length: 103948
x-xss-protection: 1; mode=block
last-modified: Fri, 05 Mar 2021 11:46:08 GMT
server: cloudflare
etag: "1960c-5bcc8a13e515c"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YOGoh3xSCakLpB6qa%2FJMMwAvg0STt7pS6gAFr3N9g1iojhHh1pMcAcyGY1d5BoUlVORxuzT73Sz%2F1nBdi0kOhA9c6KOd3jw6drv61Cw3EzFiJ87U%2BeTa4%2FOfriKW7f4%2Fb%2Fya0iQ%2FPQ%2FehlskWhVA"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 84edd1c179b61965-FRA

GET
H2 200 PTSans-Italic.woff2
faceitfinder.com/css/fonts/woff2/ 94 KB
94 KB 93ms
92ms Font
application/octet-stream 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/css/fonts/woff2/PTSans-Italic.woff2

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62b8288d1cf7df39ae7edd87d9a77b67a100e214d7d0f41da64b4ba817ad6198

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://faceitfinder.com/
Origin: https://faceitfinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3717
alt-svc: h3=":443"; ma=86400
content-length: 96032
x-xss-protection: 1; mode=block
last-modified: Fri, 05 Mar 2021 11:46:08 GMT
server: cloudflare
etag: "17720-5bcc8a14100da"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wAhiQo%2FiMACKpyNK7M%2BcEzQ2MRXjpplRQ2riE9avSdhDWwUyoklyz0e0qhKvr7dImzEb2fEAMkHl8pE5m8%2BWUI7DVs7y%2BT7O1pqb6j9wt9sOjmqqbaEkxSfSifzPYDIisKWPEmrxNiBS3Ez58WG7"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 84edd1c179b81965-FRA

GET
H3 200 main.js Show response
faceitfinder.com/js/ 3 KB
1 KB 51ms
50ms Script
application/javascript 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/js/main.js?0006

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57b860b7c8106a64843cb74b602546309ed83c2438c71637f33a60ee70fbe683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 107
cf-polished: origSize=4484
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 24 Feb 2020 10:29:46 GMT
server: cloudflare
etag: W/"1184-59f4fd9a59ec0-gzip"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zRO4CeMTKmuLimL0xPgsH9kDx2%2Fzjpeqz7Yeppr1brRoQZ5lqgYh7GmWsJKBfZg2tVG2fhena8l99AD7%2B5GmlOUnFDC2kd4MS1YxTa6qxL1vjU0XQv1f2xU1jD%2F7CUujR5Ra2I1trEaNt0bHLOeW"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 84edd1c258b063ce-LHR

GET
H2 200 webp.js Show response
faceitfinder.com/js/ 3 KB
2 KB 67ms
66ms Script
application/javascript 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/js/webp.js?0001

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c713683c2b78d0a32002487fd8f92dbbcd4d442a16471429bad89f543b1c3245

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3243
cf-polished: origSize=2860
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 23 Sep 2019 08:56:20 GMT
server: cloudflare
etag: W/"b2c-5933497f38a40-gzip"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKI%2BpaovxRHQ4kb%2FylXntjDvk68vKw9UcY4zaKhS4iIHPB7Zcd%2BCDsxbX9kWt%2BHlV8TdNdIbidreMnweFwZ0ZZv9tUdU2zmhGJ0Xh%2BW5PR12uM0SDlUVpNcfG8zrQxMYeqrKXr7bjrKs6uTgt6Mn"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 84edd1c179b91965-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 190 KB
69 KB 99ms
39ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-118288288-1

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24fd717e9812621da174e90d6b80ba1d67619e4f0ec965b60c30ba01fc91115a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 69971
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Feb 2024 23:01:58 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 137ms
77ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3958485131510337

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041e69fec0d260a89a5c691adce86ff258af96155b631a0dbb386a4c2099b3a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Origin: https://faceitfinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51546
x-xss-protection: 0
server: cafe
etag: 10153696398582782555
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Thu, 01 Feb 2024 23:01:58 GMT

GET
H3 200 steam_logo.svg
faceitfinder.com/themes/dark/images/ 2 KB
1 KB 52ms
51ms Image
image/svg+xml 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://faceitfinder.com/themes/dark/images/steam_logo.svg

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07fd9852819f87c34be27fa4870de8e2fc4ffced013567e87b48cca4a211b0b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 107
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 23 Sep 2019 08:56:27 GMT
server: cloudflare
etag: W/"709-5933498655ee0"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbgFwOTdnSt8L%2FUpeZ4QG0zYMiUo4PVrVdjdeyeSCHx1mR4gaFOAM8HLTQ6ep98UK8SvtuNBM3BMyyFb%2FuWX7wnKi%2BE7IYI8Wzh9eYmAWscfRmI3AE4M2xRvC4OzqNHLDTYY1rksUboLyY0ZRsdT"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=31536000
cf-ray: 84edd1c258b263ce-LHR

GET
H3 200 email_icon.svg
faceitfinder.com/themes/dark/images/ 2 KB
1 KB 49ms
48ms Image
image/svg+xml 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://faceitfinder.com/themes/dark/images/email_icon.svg

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9af596230d1f26dac2a074ba1aa4d3615a4b298801d1137ea62856d47c24d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 107
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 23 Sep 2019 08:56:27 GMT
server: cloudflare
etag: W/"705-593349861f3e0"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gdzBK2DISeNEhqLQ9VEaxzI3EX2Z1OXnuxxxiubKFX4ha2jzZrnVTF4AjDMjvjwaI5n4DoOgaSpCFqNYYrEu5JQS9VPPiWnIRI%2Bp3rWSL1wouOAawCoqR4vccoEjBhpQCv0UDQ9S5x4Sv%2F2u0wdc"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=31536000
cf-ray: 84edd1c258b463ce-LHR

GET
H2 200 doge.webp
faceitfinder.com/themes/dark/images/ 28 KB
29 KB 67ms
67ms Image
image/webp 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://faceitfinder.com/themes/dark/images/doge.webp

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8d68cc031382cdd2c54300f97099645b5ba9c5b1411f7231f45dbd11664748f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3243
alt-svc: h3=":443"; ma=86400
content-length: 29106
x-xss-protection: 1; mode=block
last-modified: Sat, 06 Mar 2021 10:42:08 GMT
server: cloudflare
etag: "71b2-5bcdbda3a2b81"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fG92ACJ8vL%2FSmxCcaHv1QmuDqNx2DBT3SbSrg%2Fv3A6%2B00kT2GKcfbjfgJicqUzrITjdyCiUp6kFmTVQpsuXBjvRSNIwspSeHw4cpiD0LeouOVu492%2BIpVI%2BVzI4z7LF8hwOYXR2SKMCAvjZcfsv6"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 84edd1c179bc1965-FRA

GET
H3 200 email-decode.min.js Show response
faceitfinder.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 45ms
44ms Script
application/javascript 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Jan 2024 11:50:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b8e293-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uXcnHW8OKb2ANXQRTXJUNZYC44zqE%2FQq1UlaDHrPUrG63bn9yzNSd7mtfkAEhMe0F5bMNJ7z2sEWkiJ3MDphNWQpk1utS71EK5cxAJN7XOVPzxZQ4V1A1vOBQ9yfnUp2dkbNa26FFp6JlS7EarIp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 84edd1c248a963ce-LHR
expires: Sat, 03 Feb 2024 23:01:58 GMT

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 141 KB
53 KB 105ms
46ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PP4FCDT

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d663e5297a1146a6922c3b70728386a9f7dbca4dfb83a64ed4fe8fc4b4e5ee05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54572
x-xss-protection: 0
last-modified: Thu, 01 Feb 2024 22:07:55 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 01 Feb 2024 23:01:58 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?r;s1600*1200*24;uhttps%3A//faceitfinder.com/;hFaceit%20account%20finder;0.49638150939579084
https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//faceitfinder.com/;hFaceit%20account%20finder;0.49638150939579084

43 B
528 B

67ms
67ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//faceitfinder.com/;hFaceit%20account%20finder;0.49638150939579084

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Feb 2024 23:01:59 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Wed, 01 Feb 2023 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 01 Feb 2024 23:01:58 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//faceitfinder.com/;hFaceit%20account%20finder;0.49638150939579084
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Wed, 01 Feb 2023 21:00:00 GMT

GET
H3 200 background_inferno.webp
faceitfinder.com/themes/dark/images/ 163 KB
164 KB 49ms
48ms Image
image/webp 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://faceitfinder.com/themes/dark/images/background_inferno.webp

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/css/main.css?0094

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4c4a3a9987791faab19896e0f54f2bbb3812a51f25a9bfb296f50c56085ec5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/css/main.css?0094
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 107
alt-svc: h3=":443"; ma=86400
content-length: 166840
x-xss-protection: 1; mode=block
last-modified: Mon, 23 Sep 2019 08:56:27 GMT
server: cloudflare
etag: "28bb8-5933498633c00"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Yljt956DzTLpRb62aTmUvozxBDIz2hxxGURrIQ1v6sqyEZR2LUOanmjniiXkftMtF%2F2PiiJxwuHo52I5PkCWxHiuezrU1PYP2feU3l8NOH8NT4MCEVTu2IO206%2FLf376L30FlwOmoO3P3mQSafl"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 84edd1c258b963ce-LHR

GET
H3

200

main.js Show response
faceitfinder.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/ Frame 0F05
Redirect Chain

https://faceitfinder.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://faceitfinder.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

7 KB
4 KB

48ms
48ms

Script
application/javascript

2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://faceitfinder.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Server

2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc520acf60510e5cf6a743d22abf660d91c3d7ba178ce3a7e78e79eb712d6f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OwKjaDHsYFMzT8MZLzhWjBpubzaraAei3ZL7D6zOWclLTIRD6wci2ZWBgJrtzledY8elh7Be%2B7Ifw5Xu98cv5zHi%2F0VN2VtNOyroMiyOLh08YwdP5N9AdyJNL%2FqinaC3kycJP4V4gzkM5N5HXf8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 84edd1c3a9d563ce-LHR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 01 Feb 2024 23:01:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BTC3%2BdfLiPBeQuMXHfxf2ZxeFxGmjo0D66hH32pX2T6QMy3%2BsuYNGOq%2BiZSX%2BGPqW5jk4LCDyzRMYDQtopWbNv9079KSMhLL%2FRAouS4K6a8Cg4T4BnHHfcztVSa7HciFtxzBcSPlZhxJQR%2FFK3BX"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 84edd1c2a8f163ce-LHR
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 187 KB
68 KB 42ms
41ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-118288288-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PP4FCDT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

878ab770830667949c6f60cb6ec92a7ef3f88f8b37640a059b5cecf87169dbfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 69175
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Feb 2024 23:01:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
93 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BVTETLD9RS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-118288288-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0667eda68fb825ddcd3b6943d1cd4d05dba270234371d217faefaf3bef078c94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94894
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Feb 2024 23:01:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 85ms
25ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-118288288-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 01 Feb 2024 21:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4430
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 01 Feb 2024 23:48:09 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401290101/ 406 KB
138 KB 145ms
91ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3958485131510337&plah=faceitfinder.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3958485131510337

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc8cf21bad06420e37b6e80f0b95335a9e24714b25dd64796f631afe9085a279

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140913
x-xss-protection: 0
server: cafe
etag: 11344800371537962128
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 01 Feb 2024 23:01:59 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240131/r20190131/ Frame DE59 9 KB
5 KB 83ms
25ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240131/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3958485131510337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25037
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 16:04:42 GMT
etag: 3890843268177463596
expires: Thu, 15 Feb 2024 16:04:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 93ms
33ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BVTETLD9RS&gtm=45je41v0v9105714150za200&_p=1706828518756&gcd=11l1l1l1l1&npa=0&dma_cps=sypham&dma=1&cid=1699676303.1706828519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1706828519&sct=1&seg=0&dl=https%3A%2F%2Ffaceitfinder.com%2F&dt=Faceit%20account%20finder&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=588
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BVTETLD9RS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:01:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://faceitfinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 84edd1c139641965 Show response
faceitfinder.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 0F05 0
597 B 58ms
57ms XHR
text/plain 2606:4700:3033::ac43:8961
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://faceitfinder.com/cdn-cgi/challenge-platform/h/b/jsd/r/84edd1c139641965
Requested by: Host: faceitfinder.com
URL: https://faceitfinder.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8961 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Feb 2024 23:01:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2typ%2BtPnUvaYEkZlEvZBBlPzPoEeBkE2mU8MdNjFceDoAQ%2Fte1kcQ9vUfmi%2BRF9gribPQ1bXGN9VgeJpN2oACPGuZJB4nHGIF3MtNyYZimWo67NH1FVkqod5kFynhQ7K7xeCfGrcbH8xVJ6cvt4f"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 84edd1c45a7363ce-LHR
alt-svc: h3=":443"; ma=86400

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
207 B 32ms
30ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=55040137&t=pageview&_s=1&dl=https%3A%2F%2Ffaceitfinder.com%2F&ul=en-us&de=UTF-8&dt=Faceit%20account%20finder&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1213244114&gjid=1356720695&cid=1699676303.1706828519&tid=UA-118288288-1&_gid=672500750.1706828519&_r=1&gtm=457e41v0za200&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=2145953493

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://faceitfinder.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:01:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://faceitfinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
346 B 101ms
34ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-118288288-1&cid=1699676303.1706828519&jid=1213244114&gjid=1356720695&_gid=672500750.1706828519&_u=YADAAUAAAAAAACAAI~&z=148486433

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://faceitfinder.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Feb 2024 23:01:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://faceitfinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3B2C 226 KB
61 KB 683ms
683ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3958485131510337&output=html&adk=1812271804&adf=3025194257&lmt=1706821845&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Ffaceitfinder.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706828518949&bpp=10&bdt=322&idt=312&shv=r20240131&mjsv=m202401290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3433473771013&frm=20&pv=2&ga_vid=1699676303.1706828519&ga_sid=1706828519&ga_hid=55040137&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C95320378%2C95320868%2C95323006&oid=2&pvsid=2598499035429544&tmod=891621434&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=325

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3958485131510337&plah=faceitfinder.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bffdb3cc40bb936f2b9832bcccd51a91a4217720f7e8d9b41bccb440c52ccd05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 62761
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 23:01:59 GMT
expires: Thu, 01 Feb 2024 23:01:59 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5500 131 KB
43 KB 542ms
542ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3958485131510337&output=html&h=280&adk=4144480424&adf=2712143399&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1706821845&rafmt=1&to=qs&pwprc=2429781691&format=1200x280&url=https%3A%2F%2Ffaceitfinder.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706828518959&bpp=1&bdt=332&idt=322&shv=r20240131&mjsv=m202401290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3433473771013&frm=20&pv=1&ga_vid=1699676303.1706828519&ga_sid=1706828519&ga_hid=55040137&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=299&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C95320378%2C95320868%2C95323006&oid=2&pvsid=2598499035429544&tmod=891621434&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=323

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0570931d2615db8b41e958f0129a5d9742b97e2bc131ff91532ad763642fae0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44011
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 23:01:59 GMT
expires: Thu, 01 Feb 2024 23:01:59 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 73134fbfa16854d24caf7cd541ab86d9.js Show response
www.gstatic.com/mysidia/ Frame 5500 9 KB
4 KB 101ms
33ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/73134fbfa16854d24caf7cd541ab86d9.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3958485131510337&output=html&h=280&adk=4144480424&adf=2712143399&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1706821845&rafmt=1&to=qs&pwprc=2429781691&format=1200x280&url=https%3A%2F%2Ffaceitfinder.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706828518959&bpp=1&bdt=332&idt=322&shv=r20240131&mjsv=m202401290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3433473771013&frm=20&pv=1&ga_vid=1699676303.1706828519&ga_sid=1706828519&ga_hid=55040137&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=299&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C95320378%2C95320868%2C95323006&oid=2&pvsid=2598499035429544&tmod=891621434&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=323

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d99a3294b83fe3b21e9251c87e7696b7f5ba1651c5d82256db3c0700ead09b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:07:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186868
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4097
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 19:07:31 GMT

GET
H2 200 16e444e2b68a962fd12469da7e7aa2e7.js Show response
www.gstatic.com/mysidia/ Frame 5500 20 KB
9 KB 95ms
28ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/16e444e2b68a962fd12469da7e7aa2e7.js?tag=pingback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c911fb5edd938f26a0d332996f4cd0f8f4db3cb45fc6197a832fd2b57ec42d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:11:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8308
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 19:11:26 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5500 4 KB
1 KB 103ms
38ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Feb 2024 23:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 01 Feb 2024 21:11:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Feb 2024 23:01:59 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 5500 2 KB
903 B 27ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:57 GMT

GET
H2 200 92da1c8e4790a69c4d76e84ba2e3001c.js Show response
www.gstatic.com/mysidia/ Frame 5500 6 KB
2 KB 80ms
32ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/92da1c8e4790a69c4d76e84ba2e3001c.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b80247038739299b71545084dc4ebff2edd21e6f1ffafe013376bb2e92c4be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:00:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2259
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 19:00:22 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/ Frame 5500 23 KB
9 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 5500 3 KB
1 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 5500 20 KB
9 KB 107ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5500 205 KB
65 KB 121ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf20741e17b5d52abda5610e0d3571ad6b7a4abf4416726506d3dca51bdaa517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66348
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706704584918460"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Feb 2024 23:01:59 GMT

GET
H2 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame 5500 37 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:53:19 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/2189749032770038811/ Frame 5500 43 KB
43 KB 46ms
46ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2189749032770038811/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41ba294b2f887dc872812d052d7f94700eb73188c3661b556d431e45ae573a3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Fri, 31 Jan 2025 23:01:24 GMT
date: Thu, 01 Feb 2024 23:01:24 GMT
x-content-type-options: nosniff
age: 35
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44242
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 14:29:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/3729574972091266988/ Frame 5500 2 KB
2 KB 45ms
45ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3729574972091266988/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a53e31b36fad8e514019d21ef4b1537283a877495958cc2136fe198550bdf6bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 29 Jan 2025 19:06:59 GMT
date: Tue, 30 Jan 2024 19:06:59 GMT
x-content-type-options: nosniff
age: 186900
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1596
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 17:34:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 34ms
34ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BVTETLD9RS&gtm=45je41v0v9105714150za200&_p=1706828518756&gcd=11l1l1l1l1&npa=0&dma_cps=sypham&dma=1&cid=1699676303.1706828519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEAI&_s=2&sid=1706828519&sct=1&seg=0&dl=https%3A%2F%2Ffaceitfinder.com%2F&dt=Faceit%20account%20finder&en=scroll&epn.percent_scrolled=90&_et=2&tfd=1555
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BVTETLD9RS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:01:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://faceitfinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 5500 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76bdeb189fc5b947a0630637d41284a8cfc34eda34753da13ca75cc96e0fd01d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401290101/ 165 KB
56 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401290101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1610d3123e86bbaf9d65b054fe84887f95d5cc068b22d7bf9929769ca3f01c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57045
x-xss-protection: 0
server: cafe
etag: 17765256492088877855
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Feb 2024 23:02:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5500 0
20 B 60ms
60ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoLCAEqB2Jhbm5lckIKCggCKgZzZXJ2ZXIKDRArIQAAAAAAACJAMAQKDRADIQAAgJmZrYRAMAQKDRAKIQAAAAAAABhAMAQKDRANIQAAAAAAAAAAMAQKDhAeKggxMjAweDI4MDAECg4QGSoIMTIwMHgyODAwBAoNEA4hAAAAAAAAAAAwBAoNEAQhAACAmZnhhEAwBAoNEA8hAAAAAAAAAAAwBAoNECshAAAAAAAAMUAwBAoNEAUhAAAAZmbihEAwBBIaQ0pXSjNOeWZpNFFERlRlcWZ3UWRNVWNIQmciHHNjcmVhbS90aHJvbmVfaW1hZ2VfbG9nb19vY2goEQ==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/16e444e2b68a962fd12469da7e7aa2e7.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5500 16 KB
16 KB 93ms
31ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 09:10:14 GMT
x-content-type-options: nosniff
age: 222706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 09:10:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5500 15 KB
15 KB 99ms
37ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:50:29 GMT
x-content-type-options: nosniff
age: 187891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:50:29 GMT

OPTIONS
H2 204 B30665716.385069046;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1
ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/ Frame 0
0 113ms
39ms Preflight
text/html 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2&nis=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 01 Feb 2024 23:02:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

B30665716.385069046;dc_pre=CJnlkd2fi4QDFdU5VQgd21YCgA;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_t... Show response
ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/ Frame 5500
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdp...
https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_pre=CJnlkd2fi4QDFdU5VQgd21YCgA;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_c...

42 B
69 B

52ms
51ms

Fetch
image/gif

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_pre=CJnlkd2fi4QDFdU5VQgd21YCgA;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2&nis=5

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
pragma: no-cache
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x9265a3d5190058470000000000000000","16":"0xd13c9175209a0a640000000000000000","17":"0x812cd4f5d57d69900000000000000000","18":"0x5f08b1d4b62fd44f0000000000000000"},"debug_key":"13731737233407597771","debug_reporting":true,"destination":["https://ionos.de","https://debugconversiondomain1.com","https://debugconversiondomain2.com"],"event_report_window":"345600","expiry":"691200","filter_data":{"14":[],"21":[],"8":["13180576"]},"priority":"0","source_event_id":"11136881782324042458"}
server: cafe
content-type: image/gif
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/B30665716.385069046;dc_pre=CJnlkd2fi4QDFdU5VQgd21YCgA;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2&nis=5
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
follow-only-when-prerender-shown: 1
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 5500
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CS2kS5yK8ZdX5FrfU_tMPsY6dMK2X7NF17LX61rAS2dkeEAEg5-WpGmCVspWCpAegAfLZ-IMDyAEJqQL2hjxfsh-yPqgDAcgDywSqBNoBT9DF_TiHxdQ_ebj5TTYQzLWDtPtLv84xCoACL5L...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213238485881633776692%22,%22debug_reporting%22:true,%22destination%22:%22https://ionos.de%22,%22event_report_window%22:%222...

0
0

143ms
65ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213238485881633776692%22,%22debug_reporting%22:true,%22destination%22:%22https://ionos.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22813575410%22],%2222%22:[%22true%22],%224%22:[%2202-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215639914783305508241%22}&andc=true

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"13238485881633776692","debug_reporting":true,"destination":"https://ionos.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["813575410"],"22":["true"],"4":["02-01"],"6":["true"]},"priority":"500","source_event_id":"15639914783305508241"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 01 Feb 2024 23:02:00 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"13238485881633776692","debug_reporting":true,"destination":"https://ionos.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["813575410"],"22":["true"],"4":["02-01"],"6":["true"]},"priority":"500","source_event_id":"15639914783305508241"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js Show response
pagead2.googlesyndication.com/bg/ Frame 07AB 50 KB
19 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 00:53:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 252526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19599
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 00:53:14 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/ Frame DB60 9 KB
4 KB 28ms
27ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16683
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 18:23:57 GMT
etag: 3890843268177463596
expires: Thu, 15 Feb 2024 18:23:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/ Frame 7884 9 KB
4 KB 27ms
27ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16683
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 18:23:57 GMT
etag: 3890843268177463596
expires: Thu, 15 Feb 2024 18:23:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 165ms
65ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 01 Feb 2024 23:02:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame DB60 4 KB
767 B 37ms
35ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 01 Feb 2024 21:07:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DB60 205 B
229 B 27ms
26ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:51:20 GMT
x-content-type-options: nosniff
age: 187840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 29 Jan 2025 18:51:20 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DB60 604 B
628 B 30ms
29ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:11:27 GMT
x-content-type-options: nosniff
age: 186633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 29 Jan 2025 19:11:27 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/elements/html/ Frame DB60 16 KB
7 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1984c4bb2ce10d00cb478c4ab216301e04502e25f2025b30dbeeb019172beb0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 20:27:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 14359709190881042667
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 20:27:00 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/elements/html/ Frame DB60 22 KB
9 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6f8aad2c2e01e81032eb3ce744f73450e33b1718dd95ee9cb968e76b8512f59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 20:27:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9451
x-xss-protection: 0
server: cafe
etag: 11136001603933606047
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 20:27:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 23FE 624 B
242 B 64ms
64ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWdIej4lA9c_s5ttHEE9mSNUFBYAEl_znD6ZyaU1aScdNzfaS-Ifjq_QeJBFpMAalo4KTfGy3Ht_-aPcrAAV4j965H0xy308bhxqIbV1iKZJhm77DiAECu5RlBK_GyArtUv7oLtgL6L4Y8XQ0hhx27mPwG8CmTxR5QI2XS4NaUcjGhhyKk

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 23:02:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 513C 93 KB
33 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 513C 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/window_focus_fy2021.js

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 513C 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 513C 205 KB
65 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf20741e17b5d52abda5610e0d3571ad6b7a4abf4416726506d3dca51bdaa517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66348
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706704584918460"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513C 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AuIGV7Ye7mb66uSbeYLCqXuh1RzQvVCoIiVjJ-jz2ckpcna1UUnhEPl5I_xm3j5Yyb8NAe5YNYyYetmB__CtwDYLOInqt539fHZb8Kj8VpQGq8jSs

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5500 0
20 B 59ms
59ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoLCAEqB2Jhbm5lckIKCggCKgZzZXJ2ZXIKDRAQIQAAAADgouVAMAQKDRARIQAAAAAwafVAMAQKDRASIQAAAAAAACBAMAQKDRATIQAAAAAAAAhAMAQKDRAXIQAAAAAAKIhAMAQKDRAUIQAAAADAfABBMAQKDRAVIQAAAAAAAChAMAQKDRAWIQAAAAAAABBAMAQKDRAYIQAAgJmZYYhAMAQKDRAyIQAAAAAwM9M_MAQKDRAzIQAAAAAwM9M_MAQKDRA0IQAAAAAwM9M_MAQKDRA1IQAAAAAwM9M_MAQKDRA2IQAAAAAwM9M_MAQKDRA3IQAAAAAwM9M_MAQKDRA4IQAAAAAAAPA_MAQKDRA5IQAAgMzM9IBAMAQKDRA6IQAAAAAA8IFAMAQKDRA7IQAAAGZmGohAMAQKDRA8IQAAAGZmGohAMAQKDRA9IQAAAAAAKIhAMAQKDRA-IQAAAGZmKohAMAQKDRA_IQAAAGZmKohAMAQKDRBAIQAAgMzMeIhAMAQSGkNKV0ozTnlmaTRRREZUZXFmd1FkTVVjSEJnIhxzY3JlYW0vdGhyb25lX2ltYWdlX2xvZ29fb2NoKBE=

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/16e444e2b68a962fd12469da7e7aa2e7.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6DF0 14 KB
1 KB 35ms
35ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 01 Feb 2024 22:32:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 6DF0 2 KB
861 B 24ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:57 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/ Frame 6DF0 23 KB
9 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 6DF0 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/ Frame 6DF0 20 KB
8 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240131/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:28:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6DF0 205 KB
65 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf20741e17b5d52abda5610e0d3571ad6b7a4abf4416726506d3dca51bdaa517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66348
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706704584918460"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H3 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame 6DF0 37 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:53:19 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 23FE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1

43 B
336 B

61ms
60ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWdIej4lA9c_s5ttHEE9mSNUFBYAEl_znD6ZyaU1aScdNzfaS-Ifjq_QeJBFpMAalo4KTfGy3Ht_-aPcrAAV4j965H0xy308bhxqIbV1iKZJhm77DiAECu5RlBK_GyArtUv7oLtgL6L4Y8XQ0hhx27mPwG8CmTxR5QI2XS4NaUcjGhhyKk
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrDZRPfFxyVRyynTl%2BMd77ISwA2SWWdtT2ebCEvRiE6g6wr3u4Jdc6ieFL8dfSxa4RVKRqxLxGQzqXtpeEHEDpAygZX3ZCfSjcjmWllsH1b0XNu7uUIrn81tF4Sl%2BNIzPpwLcigADv7b9g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84edd1cc6ec44541-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 23FE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbwi6FOe47pbNWPG20ahwwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1

43 B
769 B

88ms
88ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWdIej4lA9c_s5ttHEE9mSNUFBYAEl_znD6ZyaU1aScdNzfaS-Ifjq_QeJBFpMAalo4KTfGy3Ht_-aPcrAAV4j965H0xy308bhxqIbV1iKZJhm77DiAECu5RlBK_GyArtUv7oLtgL6L4Y8XQ0hhx27mPwG8CmTxR5QI2XS4NaUcjGhhyKk
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEW5TPTu3E1y%2F0c5gc63t5jrdUfAjB8avRQQeOQNETV7BIciEe4q8W9H6Tew9OH%2BnX%2FSi1TjuVT3RvtM2L8Y8PH5ifnf32IXG%2FFlRbWyrLrQbW8EhyfQJGc2rMZrMAFMKtlSo5hLWu8ImA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84edd1cd2939452e-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsLIpM3f0kFx5nSvDF0p7w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 23FE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHx4q1-DYP4j_-qBpG91brk&google_cver=1

43 B
1 KB

39ms
39ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHx4q1-DYP4j_-qBpG91brk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWdIej4lA9c_s5ttHEE9mSNUFBYAEl_znD6ZyaU1aScdNzfaS-Ifjq_QeJBFpMAalo4KTfGy3Ht_-aPcrAAV4j965H0xy308bhxqIbV1iKZJhm77DiAECu5RlBK_GyArtUv7oLtgL6L4Y8XQ0hhx27mPwG8CmTxR5QI2XS4NaUcjGhhyKk

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
an-x-request-uuid: 2ec5343d-fd09-40fd-9acc-c440fed71ead
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHx4q1-DYP4j_-qBpG91brk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 23FE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2MjQyMjYzNjM2OTg1OTY0Nw%3D%3D

170 B
243 B

43ms
43ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2MjQyMjYzNjM2OTg1OTY0Nw%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
an-x-request-uuid: c2e46efa-1c52-47c5-ac18-a65ea894fa99
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2MjQyMjYzNjM2OTg1OTY0Nw%3D%3D
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513C 0
20 B 62ms
62ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9230569470717&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513C 0
20 B 87ms
87ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9230569470717&version=m202401290101&ct=77&x=1&cor=17120068989501518000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 513C 20 KB
13 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjqeonmvP5gqBlCq9bC9xB5exBuqKlIMRMKaoUTSysygTVwIp2qP-kqIZwbXm3ABT1J5-t7iZY4MWtUGj97pmea0ZRuYc5l0-TLCVuDZAytetZWC3fS0h2IDorgKme2l-i25IIHb1U6iDIGK_HsNzpqNxuRXLD6HHNkHuJexXzeziMniY&cry=1&dbm_d=AKAmf-AJqYAaK6miYezkjSQyeOQxXO65sHKXCSVH4_6gxhQvxZHw6YCPlopNxhTStSVUR-v8f_OLvAa2Fl49fkF0ahVH36LSZEwGQICQRipQUqxI2g4Oo4eMSy1cniR5GdmZjE4u8aNwbUhfQqn0CO9Xf3vhtWhGZNUNGAink2wgrPr_C1B9TBarNqfxesWlLvRy3_shZCuPZDtVniMMzYLLskGhjI-s2VI9nNG2iYkehlEn658bvaAGHVXbkKrOcqjZekF0H5rjCBxtPxs0exDdcYpndUGtbQN1A1vC6tw6Ga9Ysn4xeCBEqtq1f00SSsxLMXavOsqLBydY0dqLTqQOxI_zDhF0wXbU4cpv-9G5QJDNPsb-jGsm9dLnTFDiO6A5P4-YDJuX86P74v5JO8wjaJumcLbl1sn97lPY0XxdglDhTf_U4SNKwlaDTYLLN2vqzRkostH2EpAPzWM04R0f2Q5kIx_deFPgVQS8sKHu5IzhMdyE4os9aNvCsWUViQ61vh9g_mFKR4AuXDXg1JRjXpsSxIaUH4LRF__Hh2uQ111jHL_KUVMEe0tcQnhSVNuBFWYRwn2idX2kyMHnz0ypM28ulOGULpCfFeXd2YplqH_EeY1OgYYcs3CuTCWDHxDGYU3w-5byucaRRvFpxtNSddrTFPebtFVfeTkwHzLCQ2BDMMGd-YsuHCewEBSqfjPvKeIlYPDhgNYikWoT-HqFNjiJVfd0bMVo6DyAJsqK5cRekvC19Q1kR36Mb6ajYASrI3rTp8wyC1BA-BrpLijs3ux9wIbwgv2gw7bWiI3orkAcP_q9EmOKhkVn_UQXSU2nQQ6z0PKlNefSwIaLuEUtBHc8G_SmhSRv7E09_BK3HNrKQ7RGUs5aj6bCS26dyjbesQJyTY-kGMm7A1R3AEgdcRVLm_bTaTr9ogLcYgoXFvN0rMWdErZuUEYLYb7znGM83TOduXd6x57XrBFTOvvwp1sDLWGHonLcYMaTcuHIx483o-eW5y2rmeyxGU3SNLitnBSdUedldT6RY2w0Llat4_PCRF9SQfn8o6ZuN59m6_Ihc-qXbHowGvjki9o0JR82GcfhLHwWhdLs8SwOQVxD4dCFLAQL3mfzypm09UKnUo0wU2FNiONSNraaJRyVBk4wtzXs_zsFiug2ddU2pqyrmKLDmleY0PgXxhJgNzKtRMnOOf63igS0IDvhROdZcMXTQEJP8vMdKvrOvczsI3fHiubF1QbO_5DQ_EQdPluRFIgVkwfQ5W9rWrIlWYHTD6gL_YpSZlGrudb_bK3OWvD7AUVcrdDQLLmFDi9Q0gkBl3_v32xaqzwk-R00whwGmmo75Yr2Aim3m2ATMpI5sc6WhF1WJ1xRJqgKghTeSX_oxgUdOwKMkbJTJOKD1rw8YQFDtaB7bM65VwOi6dJSiyRoaHUzlIJP5RZEwl_C4bslvyjk_3bJPQVYBuN6IwOIMEADBdo5Be2pyLElWhFISEbNdCiYKSlsCiAJUoAg_2Jza1kbTE7pKv0GrPf0m4PX7md9IPTiFg15ZQZ2ebI8_29MiUmIUkTG9f_RZn-fGenRfz50asuRcSRpYJuvIQ-bjw8I_BmKeddF3RRLlUkw27vUfNky0nbmYMbKqQxsDVOczj3FTw9xWgn_anORo9atFJFP2M4P5dYHG1TNS5YFRa5nCJnLRb01tPK0r8U-a9nqIU7WqWUR2gD_5SPaHi1HQS8JonPOidTn9nHsjYeOf4kyFjCUGQf8qG2UXBOIVRzICDeOPDLNItMLxeQCf-BixuOYKh4DdnMGAHn8AInD-F62kgLlD0lAiNeFAce0OAP9P-yjDWo9bmXOt0bIjR2G5mwJAzB58s99Wz-t92nDk7oNqutE2j8bBpVzP_a1NmUHGTCyBRZoUX1tjoTO6gArxdWHjPBAWMZEwAKgCpCH9Bb6r4OtqBu-F-G83L9sDjOEJaHQPx-nevYfTJGOcRs1IChxvlneN-ozJ9sSw5cX9HgEm2p9ZqcHN_k1jwECLuEGXTrKdkzHYXpJTt9O75Aa5JA1oRuMM6dg-a52uG_4y2VvIYdLWE7vbGG4NO2AUz2UUo52qSFKmS6V5GcNV21g7yRtKtR6UBkuUFMRH0acwQSFePLNCf4warFLzJmIFAXdKOwLSp_RDHuHgGfXt4CV1tBYDL7VhOkUpx1oApwGKSBBypxBnoUDv-B1VJB9lI0mm9hMXYZbER2B8ErtziT_1XLU1Ou-EJcAJqNNeDxMPq020GvdWlL6aSSQg-sRHmHMT643gLRxuKmSQ0C92TAlNKkdF5Y7HVCTwyAUyUnAhYZdTvKUaqFJfLpDYc-E8ZECqRchR-R0kGaa-0rfmM7ZnMnvj88ZyPFoxEz0SoHxCUyq2k5nzq2a1qSpMSSQio_1eWAEZloIha5zzE0p3pHp4KNybBTXmTdyMda-gnGSbaJUeHiEVqSDr-x-nXXDKYjo19b0gGymVF39kWnOqcouzDWRKCKcw55304wdgr5LrqZ1sN6npYYjTbUR0u3pSDpnjlGSz4-hoaBqi9SYCMXLDCjC3HjaBiQ79Rd_aPKxhHJ2gsJHvy-n_qhCkT5EMGRR1CfcNVNKUlM_DLrItCP0DOJjsvP7pHpYQcs1ixkKAE35IjBUpJiUZk4ol9FaAuMWuJIUgxEHQDGQJY-fSlE_8VZDY8eJvqjFvLWa1tw2ecEOW8QlCoamIJmJ_S3B6TGijlJjgthKmnWBWBLuQUqrClEWsCArD-61kv6eM7GNLL1R0AERtKzOrenam-Jbo3plwge8UuF9V8nIiCr2rEfEcJgWk0idhCIGYiyPkYpxf-iNVT_NlgIDsHDBYvVhFwdLPTpwZ4cIPDaZNHcmQoUuV-_NM9Uu2hG8ilTnk34lUZi4D3EJofCrEM_K5YQrpNw4o0hB10V6WiDbUi3JsthWW67LR6YAa1JORGp8kC0lF61xbGJ68fTXO1JdgrKh5PMwyr5rut_EdCT4ApfLEpGQe3KA5prLfD05zcpIz6NttjSrMnNhN4PBzNXD6Yc9B2o8PVUS7eJELwhyHXuy4-JZ0c-q0PX4GPElg4ErvGuF-Kn0g2r_MMRXLL4wPfoz0gOdDNUltcMYzAPV88bj3A-yBRGunmhLFZtGa9S61O36aeOz3-i42K4jkOKVmpPki_Z1-VIVN3ZySGWdksSwVaqjG4_oi9pw6tODa6LGfxnQ4Iympa65RMsdk2W2y0H0-hegXTnE_B__mP06cD8djz0rCuJr5-RWljjtTTT4svwDd9Y3YPwC8xt7Vg6yK-Fab5L0maU7dUYOfJOtCz8Qn0nwoRPUbOR3Hh05Kp-j2u2T8dgXnA0bnPGBL1-QDd_YyyKkkxh4LCD4_lgdQdKKB4NF-tA5i87LR8bOTevnVeIfvv2yCRPVSWstI1hDJMszdwBVQ7V8UHu0hS2I4GuoeHTFyk59iajZSbWO7bG9TH92IcbBEe6nNYZt5s4xqQ_M4_uECboZf8-7QabFB-BT7uWv5NamL0L3rHDJTv2dOi_WnX2k1rBpgHq3RB2rzjewCz5snm7fjDkptG0L6aQy3BBvQ-1XXtFSj7wHKgkNxaYKhHVav1V06w6No_aQbXTbux4KvTJzGNCz5LGfw7LNxBAlq95kzGAhVMqFxH1eVVCWjn-hwW0pdBOINJ2EyadxEb4lMZmu3NDUevGqfLwCY15tvQ7FpbzKT_Vt&cid=CAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Ffaceitfinder.com%2F&ds=l&xdt=1&iif=1&cor=17120068989501518000&adk=1726166463&idt=81&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f86b446c053722739bdf49608beebb5baf2eb2191d5583eec34019824d02f6bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13574
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 B30665716.385069046;dc_pre=CJnlkd2fi4QDFdU5VQgd21YCgA;dc_trk_aid=576205512;dc_trk_cid=207748303;ord=3222600034;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_t...
ad.doubleclick.net/ddm/trackimp/N2063325.3159GOOGLE/ Frame 0
0 43ms
43ms Preflight
text/html 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 01 Feb 2024 23:02:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js Show response
pagead2.googlesyndication.com/bg/ Frame 8336 50 KB
19 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 00:53:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 252526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19599
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 00:53:14 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 513C 41 KB
14 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjqeonmvP5gqBlCq9bC9xB5exBuqKlIMRMKaoUTSysygTVwIp2qP-kqIZwbXm3ABT1J5-t7iZY4MWtUGj97pmea0ZRuYc5l0-TLCVuDZAytetZWC3fS0h2IDorgKme2l-i25IIHb1U6iDIGK_HsNzpqNxuRXLD6HHNkHuJexXzeziMniY&cry=1&dbm_d=AKAmf-AJqYAaK6miYezkjSQyeOQxXO65sHKXCSVH4_6gxhQvxZHw6YCPlopNxhTStSVUR-v8f_OLvAa2Fl49fkF0ahVH36LSZEwGQICQRipQUqxI2g4Oo4eMSy1cniR5GdmZjE4u8aNwbUhfQqn0CO9Xf3vhtWhGZNUNGAink2wgrPr_C1B9TBarNqfxesWlLvRy3_shZCuPZDtVniMMzYLLskGhjI-s2VI9nNG2iYkehlEn658bvaAGHVXbkKrOcqjZekF0H5rjCBxtPxs0exDdcYpndUGtbQN1A1vC6tw6Ga9Ysn4xeCBEqtq1f00SSsxLMXavOsqLBydY0dqLTqQOxI_zDhF0wXbU4cpv-9G5QJDNPsb-jGsm9dLnTFDiO6A5P4-YDJuX86P74v5JO8wjaJumcLbl1sn97lPY0XxdglDhTf_U4SNKwlaDTYLLN2vqzRkostH2EpAPzWM04R0f2Q5kIx_deFPgVQS8sKHu5IzhMdyE4os9aNvCsWUViQ61vh9g_mFKR4AuXDXg1JRjXpsSxIaUH4LRF__Hh2uQ111jHL_KUVMEe0tcQnhSVNuBFWYRwn2idX2kyMHnz0ypM28ulOGULpCfFeXd2YplqH_EeY1OgYYcs3CuTCWDHxDGYU3w-5byucaRRvFpxtNSddrTFPebtFVfeTkwHzLCQ2BDMMGd-YsuHCewEBSqfjPvKeIlYPDhgNYikWoT-HqFNjiJVfd0bMVo6DyAJsqK5cRekvC19Q1kR36Mb6ajYASrI3rTp8wyC1BA-BrpLijs3ux9wIbwgv2gw7bWiI3orkAcP_q9EmOKhkVn_UQXSU2nQQ6z0PKlNefSwIaLuEUtBHc8G_SmhSRv7E09_BK3HNrKQ7RGUs5aj6bCS26dyjbesQJyTY-kGMm7A1R3AEgdcRVLm_bTaTr9ogLcYgoXFvN0rMWdErZuUEYLYb7znGM83TOduXd6x57XrBFTOvvwp1sDLWGHonLcYMaTcuHIx483o-eW5y2rmeyxGU3SNLitnBSdUedldT6RY2w0Llat4_PCRF9SQfn8o6ZuN59m6_Ihc-qXbHowGvjki9o0JR82GcfhLHwWhdLs8SwOQVxD4dCFLAQL3mfzypm09UKnUo0wU2FNiONSNraaJRyVBk4wtzXs_zsFiug2ddU2pqyrmKLDmleY0PgXxhJgNzKtRMnOOf63igS0IDvhROdZcMXTQEJP8vMdKvrOvczsI3fHiubF1QbO_5DQ_EQdPluRFIgVkwfQ5W9rWrIlWYHTD6gL_YpSZlGrudb_bK3OWvD7AUVcrdDQLLmFDi9Q0gkBl3_v32xaqzwk-R00whwGmmo75Yr2Aim3m2ATMpI5sc6WhF1WJ1xRJqgKghTeSX_oxgUdOwKMkbJTJOKD1rw8YQFDtaB7bM65VwOi6dJSiyRoaHUzlIJP5RZEwl_C4bslvyjk_3bJPQVYBuN6IwOIMEADBdo5Be2pyLElWhFISEbNdCiYKSlsCiAJUoAg_2Jza1kbTE7pKv0GrPf0m4PX7md9IPTiFg15ZQZ2ebI8_29MiUmIUkTG9f_RZn-fGenRfz50asuRcSRpYJuvIQ-bjw8I_BmKeddF3RRLlUkw27vUfNky0nbmYMbKqQxsDVOczj3FTw9xWgn_anORo9atFJFP2M4P5dYHG1TNS5YFRa5nCJnLRb01tPK0r8U-a9nqIU7WqWUR2gD_5SPaHi1HQS8JonPOidTn9nHsjYeOf4kyFjCUGQf8qG2UXBOIVRzICDeOPDLNItMLxeQCf-BixuOYKh4DdnMGAHn8AInD-F62kgLlD0lAiNeFAce0OAP9P-yjDWo9bmXOt0bIjR2G5mwJAzB58s99Wz-t92nDk7oNqutE2j8bBpVzP_a1NmUHGTCyBRZoUX1tjoTO6gArxdWHjPBAWMZEwAKgCpCH9Bb6r4OtqBu-F-G83L9sDjOEJaHQPx-nevYfTJGOcRs1IChxvlneN-ozJ9sSw5cX9HgEm2p9ZqcHN_k1jwECLuEGXTrKdkzHYXpJTt9O75Aa5JA1oRuMM6dg-a52uG_4y2VvIYdLWE7vbGG4NO2AUz2UUo52qSFKmS6V5GcNV21g7yRtKtR6UBkuUFMRH0acwQSFePLNCf4warFLzJmIFAXdKOwLSp_RDHuHgGfXt4CV1tBYDL7VhOkUpx1oApwGKSBBypxBnoUDv-B1VJB9lI0mm9hMXYZbER2B8ErtziT_1XLU1Ou-EJcAJqNNeDxMPq020GvdWlL6aSSQg-sRHmHMT643gLRxuKmSQ0C92TAlNKkdF5Y7HVCTwyAUyUnAhYZdTvKUaqFJfLpDYc-E8ZECqRchR-R0kGaa-0rfmM7ZnMnvj88ZyPFoxEz0SoHxCUyq2k5nzq2a1qSpMSSQio_1eWAEZloIha5zzE0p3pHp4KNybBTXmTdyMda-gnGSbaJUeHiEVqSDr-x-nXXDKYjo19b0gGymVF39kWnOqcouzDWRKCKcw55304wdgr5LrqZ1sN6npYYjTbUR0u3pSDpnjlGSz4-hoaBqi9SYCMXLDCjC3HjaBiQ79Rd_aPKxhHJ2gsJHvy-n_qhCkT5EMGRR1CfcNVNKUlM_DLrItCP0DOJjsvP7pHpYQcs1ixkKAE35IjBUpJiUZk4ol9FaAuMWuJIUgxEHQDGQJY-fSlE_8VZDY8eJvqjFvLWa1tw2ecEOW8QlCoamIJmJ_S3B6TGijlJjgthKmnWBWBLuQUqrClEWsCArD-61kv6eM7GNLL1R0AERtKzOrenam-Jbo3plwge8UuF9V8nIiCr2rEfEcJgWk0idhCIGYiyPkYpxf-iNVT_NlgIDsHDBYvVhFwdLPTpwZ4cIPDaZNHcmQoUuV-_NM9Uu2hG8ilTnk34lUZi4D3EJofCrEM_K5YQrpNw4o0hB10V6WiDbUi3JsthWW67LR6YAa1JORGp8kC0lF61xbGJ68fTXO1JdgrKh5PMwyr5rut_EdCT4ApfLEpGQe3KA5prLfD05zcpIz6NttjSrMnNhN4PBzNXD6Yc9B2o8PVUS7eJELwhyHXuy4-JZ0c-q0PX4GPElg4ErvGuF-Kn0g2r_MMRXLL4wPfoz0gOdDNUltcMYzAPV88bj3A-yBRGunmhLFZtGa9S61O36aeOz3-i42K4jkOKVmpPki_Z1-VIVN3ZySGWdksSwVaqjG4_oi9pw6tODa6LGfxnQ4Iympa65RMsdk2W2y0H0-hegXTnE_B__mP06cD8djz0rCuJr5-RWljjtTTT4svwDd9Y3YPwC8xt7Vg6yK-Fab5L0maU7dUYOfJOtCz8Qn0nwoRPUbOR3Hh05Kp-j2u2T8dgXnA0bnPGBL1-QDd_YyyKkkxh4LCD4_lgdQdKKB4NF-tA5i87LR8bOTevnVeIfvv2yCRPVSWstI1hDJMszdwBVQ7V8UHu0hS2I4GuoeHTFyk59iajZSbWO7bG9TH92IcbBEe6nNYZt5s4xqQ_M4_uECboZf8-7QabFB-BT7uWv5NamL0L3rHDJTv2dOi_WnX2k1rBpgHq3RB2rzjewCz5snm7fjDkptG0L6aQy3BBvQ-1XXtFSj7wHKgkNxaYKhHVav1V06w6No_aQbXTbux4KvTJzGNCz5LGfw7LNxBAlq95kzGAhVMqFxH1eVVCWjn-hwW0pdBOINJ2EyadxEb4lMZmu3NDUevGqfLwCY15tvQ7FpbzKT_Vt&cid=CAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Ffaceitfinder.com%2F&ds=l&xdt=1&iif=1&cor=17120068989501518000&adk=1726166463&idt=81&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:07:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 186842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 19:07:58 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNjgyODUyMDMxNDkzOAogIHNlcnZlcl9pcDogMTI2MDY3NjQwCiAgcHJvY2Vzc19pZDogMjcwMTk5NTIyMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 513C 0
22 B 67ms
66ms Image
image/png 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNjgyODUyMDMxNDkzOAogIHNlcnZlcl9pcDogMTI2MDY3NjQwCiAgcHJvY2Vzc19pZDogMjcwMTk5NTIyMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA5NDU4MjM0Mjg5NTU3MzYwMTIxCmRlYnVnX2tleTogMTQ3NjIyNjY1OTc0Mjg1NzkzOTMKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDI0LTAyLTAxIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzQ4NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwODYzOAogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4yLmNvbSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x36f9b93f45e885fa0000000000000000","13":"0x8e44e86677dc16070000000000000000","14":"0x4e5a49465ef5b8bb0000000000000000","15":"0xa62df256137155410000000000000000"},"debug_key":"14762266597428579393","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"9458234289557360121"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 513C 11 KB
4 KB 132ms
44ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1706828519368049&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 78d63af20e62e032ccff338c375213558279e3094022cfcf4728ec7c618d1a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Thu, 01 Feb 2024 23:02:00 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4172
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 6968 38 KB
13 KB 26ms
26ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 186822
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Jan 2024 19:08:18 GMT
expires: Wed, 29 Jan 2025 19:08:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6968 39 KB
15 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 15:56:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25515
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Jan 2025 15:56:45 GMT

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 513C
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

166ms
96ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bdb464ae73e64ba898e312c6ab05325abe1a9bb4cc2605b2ffe4b323699600d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Feb 2024 23:02:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 70986800000168404444550012588007
Connection: close
Content-Length: 1327
Expires: Thu, 01 Feb 2024 23:02:00 +0100

Redirect headers

Pragma: no-cache
Date: Thu, 01 Feb 2024 23:02:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 01 Feb 2024 23:02:00 +0100

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6968 0
20 B 61ms
60ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BqHTx6CK8ZbqcE7jHjuwP1dm0iAoAAAAAOAHgBAI&bg=!MzClMH_NAAa8BdJLnAU7ADQBe5WfOC2WJPVwJaCwLKQxStrfZiybvqkxRnbgZQj0_9P200R_PgF3gCnkFepnQFHdOaacAgAAADZSAAAAAWgBB5kC-8Q3N1IKAvjxCCUf-sJ9aXyaRoYPpD-WuoGfpoHAjOGRqURuUvLEuD_ZbW7RIhz_WTbHzrmbCo2DLIKBhoYVtszo9fZ2B-7NqEgr6BT5NYHnz1cnHtSZ7t1zPL15VRttqnq2zIl3KQLyogB6cQWtJIyQaqs6Zi9BnBUD8xw9gmrXWou9nIRacClfRiyWHxoepEp2DmRUm80LMynHMhTJcYTw83HMEkigPgUtZ-175ZXeRjZcSZy4ArSK8rGvq95mxqUQgp21GStnGKOc9v2QQOngH1dYfuBWqWritSNL0D4v4uDs1AV38fWgfInA-gi_-hregEnuQzwdHeAFvVC1XdzG9t0XdrhOIW5UPEW6wIaiB-7NMvS54f5D4NOEt23cb_aAQ-zdq5_VVufxdpv76AqFLY5SFT5WSEr5ntVJMkHB2oqbrIeoDwjedJSkBZIvwikLseEYSIwBZkVjJgDIUuY_7G5tGWS_Iscm3ZNmEJ5pqlD4FNKJWfO095yk9s7lAdLnq-PUv1Tjf_a9WRih3M_BSuLzALTQhiXGQquOjZfNdfuSO1jDwA8rPl85CrYu9gRpXWkyElrSLz01JmID4Lm0M0MlfzRSMx3Lkluvyo-3aY88vwbj-0-BaorrA8DTRePGGT3E1xIISqbmp_0N5dYjhT9bskg6YCinuz0ajRrmpoJCvQd_Zp6c4IJK7Tyzr4MB0FnPEJfjp8oZ0dJ6-v_CtRva1o9LjQoBwcIQmCDJBW56YLWem68Mmfg0RqT8oWTXRBzNWiY3vdqWihYXUMrH_EGZQRbltxc730t5Pi8bhAvYxQHOQJlQWJgql8AKgD7fyH74kD4Fvczb4_HUShywhKQF7ufjG7S7_xhJ8XEhG37JN10bn1NjSB1sXGrSJR1TRozsdqcukB9xIkWJJMahRiIrgdBpvh7qXuiU8UWeJVDBxm0f5sE68K9HpUTSNKpwIiHVKIFfgVKtr7CngtGJ-8TvL5-85fcSlPMHmTUWVnZHGRUi2QytE0o

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 6BFD 0
327 B 138ms
41ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Thu, 01 Feb 2024 23:02:00 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 / Show response
adv.office-partner.de/ Frame 81B2 930 B
923 B 141ms
47ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 01 Feb 2024 23:02:00 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 08 Feb 2024 23:02:00 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 513C 2 KB
2 KB 239ms
117ms Script
text/html 3.9.158.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=70986800000168404444550012588007&nw=1
Requested by: Host: faceitfinder.com
URL: https://faceitfinder.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.158.88 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-158-88.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: e8bc33c3c3e98f5dad9429d8edac2223d58fe262e91acccc8295262c99106fd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:01 GMT
last-modified: Thu, 01 Feb 2024 23:02:00 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 01 Feb 2024 23:03:00 GMT

GET
H2

200

activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057 Show response
5994599.fls.doubleclick.net/ Frame 13F0
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057?

2 KB
1 KB

82ms
81ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057?

Requested by

Host: faceitfinder.com
URL: https://faceitfinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

d3a7c7d2b499d164af40d41d1bdc4292c9450997f5d9a6090026cd1e724a794b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 905
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 23:02:01 GMT
expires: Thu, 01 Feb 2024 23:02:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 23:02:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 7E81 7 KB
2 KB 115ms
38ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2b4aac3b5d&subid=&uid=c548d02c40925bc7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCR0xe5yK8ZbG7FpKCtdEPnrSX6AKm5b2gaYWVnKfJD_AuEAEg5-WpGmCVspWCpAfIAQmpAvaGPF-yH7I-qAMByAObBKoE6QFP0NJu223efy18Z37d2soS-VR148d_GV-JskDmJ9cB0Wrtf-icJbqhcCLc6TbcgSbVNKY8kSCJpu7_mpNrUs3k8WXiG5f_0g8a7T5NCpRLrzF7V_pW08MdZBtk2hVh8EB-INKiZO0FJBUKGtV-cabvW1HgveOGeRS2z1zdSM6HTG7ZihiKq4uYjhk8wRxLdt9IKy0F6_4eKK1L8c7vns15n-LT317krXSV8Ds7QxtTv6eYfKxnChwK-2rC0VRUQoRlfU2iL8XT_Mld8pW-a7ElNs5TFuDk6jvw5v7sFkuRyFWt9vVD2sWRisAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0gglCIDhgBAQARgfMgKqAjoIgECAgISAgARIvf3BOliL_tbcn4uEA4AKAZgLAcgLAYAMAaoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ%26sig%3DAOD64_2139ad4LJ6E4xaxEC-cMGhTFAoKg%26client%3Dca-pub-3958485131510337%26dbm_c%3DAKAmf-CZRBCHrXzb6Fm7HawHNftKQYymL1WDOXFEgu5w1Xa17lwvMBKoWnpMP_57yZWLLc7g8KntsBj5gXkPQkuuOTailWw8DsS4QkK6osHiKxq94Clgob97GcrAtW8xJ6IEYTo8CQYMs2xBXNbTzZInEq-Fe-Ge1TW-_akI5GuKnx09Xpbbu68%26cry%3D1%26dbm_d%3DAKAmf-BJx4xQsnRsW3w7taVN8DPJywNabpUPa3YhNVRaVQ8jAy24ujNzAYBcL-mnBcPU_zazNW2LE7RLO7BzFBrle2z1ZHH3mXm2FDAmmBQFMKBz99o383lakD8rabF4sfnTL0qXw7i3_RGRL00hvHrHlyW4lfXGBLYGd_CSHJwSHyd0UJLPuBLatOVnYI0tp_0WFlYIZ695tUU1xju02ATA7PNuP1S3_Ml6SGx8Bb7nNQo02xLNwM0nUQ9VpcSmYseDbVsEXa7-EqR8JOCpnC-5uLEcj4HXUiZIZ2mu00x8vm-k5yDOISU1UxXrncMwC4UZhFWue-XgXsoPivRaUYdNTVSCcjvRZoOKjNWM-TrE7jT5YxBPNbK4OKCsMEBL-P3R7fTo0gWPfH0Gm6Km5Gi01NaqqtBpYXQ6VealTGi79o0433oIEmZn0tYG0FsbOdE1QDQqulZeX8alcqH6JKaJFORDkIJOHfFiWQI7eOIHJhy44fMJCgqEoZkq32oFY0PTj3LWnWEG-dsYdenS6BN2mqGbmDP6dd_aGkkcojUcgyghXkPBTIzZwQXLMiMML1Kkewb-cDyX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240131%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-3958485131510337%26fa%3D1%26ifi%3D4%26uci%3Da!4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ffaceitfinder.com&random=2294676940662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 88c51cc52aaeea16d1de5164fd28a0525cf32c0d37040e1635a81e313b18c487

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2080
Content-Type: text/html; charset=utf-8
Date: Thu, 01 Feb 2024 23:02:00 GMT
Expires: Thu, 01 Feb 2024 23:02:00 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 513C
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
360 B

40ms
39ms

Image
image/gif

91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 91.121.248.44 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=70986800000168404444550012588007&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Thu, 01 Feb 2024 23:02:00 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 513C 43 B
704 B 207ms
100ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=70986800000168404444550012588007&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Feb 2024 23:02:01 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 513C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 886788df1d841dd760fbdb4211e1cdb15901ea9241a16051f43fe0ee9a3fa1a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 7E81 2 KB
434 B 36ms
35ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 01 Feb 2024 22:00:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7E81 10 KB
10 KB 118ms
44ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: e47bc5a57521f0c646bcfd957e8862f6dd4e70852f42c3f26db72836fca82f80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Thu, 01 Feb 2024 23:02:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7E81 9 KB
9 KB 202ms
126ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: f5187e4c63947f213ebf38ff4de935ca80e267f25b3cff0d88a6b456f9cb5594

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Thu, 01 Feb 2024 23:02:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7E81 7 KB
7 KB 120ms
45ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 9704ae83c647c5be2cace9989fb2ee4fda7b0931e1ef605223ff450bdfacc51d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Thu, 01 Feb 2024 23:02:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 81B2 181 KB
64 KB 36ms
36ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1f8743bd113ae6ca5d03d5c81a29c92df391954454abd24062c1cbf9d0d3862b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65818
x-xss-protection: 0
last-modified: Thu, 01 Feb 2024 22:07:55 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 01 Feb 2024 23:02:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 7E81 0
150 B 121ms
46ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=70986800000168404444550012588007&a=4670dcfe&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Thu, 01 Feb 2024 23:02:01 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 81B2 277 KB
92 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b520e1a53a56a664fa624c3833027e288ec1a3294556310982bc6f1cb8381048

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93979
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Feb 2024 23:02:01 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5500 42 B
174 B 64ms
64ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDwktjKUNPzokzcSOgYnx9iwyHjQsSgAndpUCUGZnCQK8j1wSF4vPsJty-OYAI2_mm3UO52hrE2d4HRblr_xUlQ4fqOWHBtwR-8Buq_iAQR549MtbZJodFfbYXuQLF1sNeSUYEwvolX_UDU8AR9kF9aAoB-ZIDeNIZr2QZO8bWu11TSXrScaCrn-ksowo&sai=AMfl-YShZ936cygF7lJBKzjhw1NIeVsSF82hTzoyS4zoQ0LvLSu-qRpIwQKzakg0wgUls7wNuFNeyM893cSmPXHJCDwb9BI6d0TFk_jhXQcOijxgcSLNoKTx6bRUzHqHEE9d2PhGvDYQp2gFSVU8QUV-yw&sig=Cg0ArKJSzCcAVN2Y1Rf3EAE&cid=CAQSTwAvHhf_g17bgIRJiuy8Yf2EH4PwTPHLUKsGSiiEi9JL4oIyzfFQ6yOCB1JvDiSKa-mecGL3WXjw5F1bQ6XJWjVFUD7sDylZhx5gfIUZ-QoYAQ&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240131&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4144480424&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=276132000&rst=1706828519283&rpt=780&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 513C 56 KB
19 KB 231ms
68ms Script
application/javascript 108.157.4.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=70986800000168404444550012588007&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-70.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ace44b78e613a7199dfb108bc4b31f8d017c1053d469e231eab78eb60cb51b07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 09:52:35 GMT
content-encoding: gzip
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
last-modified: Thu, 01 Feb 2024 09:49:57 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
age: 47367
etag: W/"2ef4dffee1e13116d65e55acc50ac4aa"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 6Bjmf3BlMlWDRlq_QWYAqdhype1W4x3fr6SmcPwmGnEbOst3EOHFlA==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 513C 3 KB
3 KB 147ms
44ms Image
image/png 18.154.63.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1706828821&Signature=mK7klfJlldrrLah7NihBj3EEyxNDZmkS5226YI5yYJoYKS7stqQNTcrh8AaVbD79w4a-xiU6KxLIWhkKVjRBm2abZP-g20mxUX73b1mNiFbOuJEkPdPoVyliUkZGdKODgiakqrQitftyK-Fo1g4UOJptpvRvjiWRYCOfqRKMnv7WufP~sTBiZcYdUi21kNZAkurkQBxR-KQAxT3RGGbYwKeFJ23pY4ZFLxLgfVyd3Ts9f7lBsu6P4Tulvyv5~Mu9~aqlq0GCf6XQ4QrLG-sCnq~~hlbPKvpdXFYXnNNY5S1JF37OLSiP3ao3ChmfSQo3GpQ22fTjuAIFs8koezgqKQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240131/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-65.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 01 Feb 2024 09:01:07 GMT
via: 1.1 7f4a5e86662d54d3fe35c4c143a928ce.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
age: 50454
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: 9WbWTqB4VHQLDDt8kCysuPv0ccaPKnCF1boNPV_Y82ui3TF7r7XrFw==

GET
H2 200 dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057
adservice.google.com/ddm/fls/z/ Frame 13F0 42 B
401 B 144ms
67ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COWAvd2fi4QDFZ8JogMdHREPwg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4663984373002.057?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDU5OTQ1OTkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2RvdWJsZWNsaWNrLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IENPTlZFUlNJT04KZGVidWdf...
ad.doubleclick.net/ddm/activity/ Frame 13F0 0
22 B 70ms
70ms Image
image/png 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDU5OTQ1OTkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2RvdWJsZWNsaWNrLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IENPTlZFUlNJT04KZGVidWdfa2V5OiAxMzg4MTcyNTI2NjAwMzEzMDgxMgpjdGNfY29udmVyc2lvbl9idWNrZXQ6IDUKYXJjaGV0eXBlX2lkOiAxCmFyY2hldHlwZV9pZDogMwphcmNoZXR5cGVfaWQ6IDQKYXJjaGV0eXBlX2lkOiA1CmFyY2hldHlwZV9pZDogNgphcmNoZXR5cGVfaWQ6IDcKYXJjaGV0eXBlX2lkOiA4CmFyY2hldHlwZV9pZDogOQphcmNoZXR5cGVfaWQ6IDEwCmFyY2hldHlwZV9pZDogMTEKYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphcmNoZXR5cGVfaWQ6IDE2CmFyY2hldHlwZV9pZDogMTcKYXJjaGV0eXBlX2lkOiAxOAphcmNoZXR5cGVfaWQ6IDE5CmFyY2hldHlwZV9pZDogMjAKYXJjaGV0eXBlX2lkOiAyMQpjb252ZXJzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0FDVElWSVRZX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA2MDMyNjY5CiAgfQp9CmNvbnZlcnNpb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IENPTlZFUlNJT05fRElNRU5TSU9OX0NPTlZFUlNJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDI0LTAyLTAxIgogIH0KfQpicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNTcwNDI1MzQ0CmdjbGlkOiAiIgp0cmlnZ2VyX2RlZHVwbGljYXRpb25fa2V5OiAxMzExMzM5MTE2NDA2MzEwMTM5NAo

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:01 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"13113391164063101394"}],"aggregatable_trigger_data":[{"filters":{"14":["6032669"]},"key_piece":"0x600edec047ec1ded","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0xd1c7d78763e29cb6","not_filters":{"14":["6032669"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["6032669"]},"key_piece":"0x4df050dd2982da2c","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0x96efcea295ca80ff","not_filters":{"14":["6032669"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"13881725266003130812","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"13113391164063101394","filters":{"14":["6032669"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"13113391164063101394","filters":{"14":["6032669"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"13113391164063101394","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"13113391164063101394","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["5994599"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 73ms
72ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240131&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d844dab60438cfbe56efc0cb91b6aa02c24a82864b299a50c94935289ea157bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12428
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 93ms
93ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 23:02:01 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 85E0 13 KB
5 KB 27ms
26ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 23682
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 16:27:19 GMT
expires: Fri, 31 Jan 2025 16:27:19 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7CE9 829 B
1 KB 100ms
39ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

479b78d3c18a139972350942dfdec8632d5cc5d330ed8bc7f823d133faf24904

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UJoOrKvwj6_YEuCLrB4c8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://faceitfinder.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-UJoOrKvwj6_YEuCLrB4c8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 01 Feb 2024 23:02:01 GMT
expires: Thu, 01 Feb 2024 23:02:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 85E0 39 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 15:56:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Jan 2025 15:56:45 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 85E0 0
10 B 26ms
26ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?4vfpyg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:02:01 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7CE9 0
0 59ms
59ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240131&jk=2598499035429544&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 513C 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvCoY18tdha7X0zTWBpvP0oethu2nVpmU2gLazUr1GHHELvWX6SbtfUOkBfdXVI4hnhfJaQfhSyRJW1masbg0pLLCyY-vFEu8JyJUfNzBx4oUDwX7duat_PNglRXKDmBoRUxQ6da4FklcH6Vop8IfQ&sai=AMfl-YQY8Dy3OvRwkYLnhDbMhYd-u38-kukem0_lLxdSQ84vsp2MypCVKedJEJCXA7kPyVNFtVM6PzTogTp3Wx0J3g7Gs_5orUuhnYB0YwJPqQf1vikA_1eSR4E4EVbNxCn6bkfZPJmBW1_r_m_YiDdV2g&sig=Cg0ArKJSzCvZ11JBPUuzEAE&cid=CAQSTwAvHhf_T5OPK-gKrCoriHh2DBA7vnzbcO2X-vvAUEXFUQ2hh0dOYhCI1dY89wDV5_FdGW8RxQxOw6hthmCz0Ur0I_Rr8lLYpQzZkhRBAGEYAQ&id=lidar2&mcvt=1048&p=0,0,90,728&mtos=746,1048,1048,1048,1048&tos=746,302,0,0,0&v=20240131&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=276132000&rst=1706828520161&rpt=679&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 167ms
48ms Preflight 13.42.93.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.93.91 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-93-91.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 01 Feb 2024 23:02:02 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 513C 16 B
209 B 96ms
95ms Fetch
application/json 13.42.93.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.42.93.91 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-42-93-91.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Feb 2024 23:02:02 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 7E81 0
150 B 119ms
43ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=70986800000168404444550012588007&a=4670dcfe&vb=v
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=70986800000168404444550012588007&a=20f966c5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Thu, 01 Feb 2024 23:02:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240131&jk=2598499035429544&bg=!ZWalZinNAAa8BdJLnAU7ADQBe5WfOPBzTlwdKfh8FU98jRfvJK3kSq6TALL11sX78zMw-ruIe9FSw7H7WIoQQ_V3KIDAAgAAADpSAAAAAmgBB5kCyYfZJxqbos1AaXx9bvoLitgAnrS4JwK_KRZfgDTzt99GF9vKxaZO-3xkGDiFjfWwj7shVM_MHpTYgvpja-w6rr2xP5V8SeXPzYrCSVJjlYy7uZYm5Rq3HqYQYgiNGyC_5bjO1zOSLGJb3uN2SZbS0kaYpy5OnPVrNK6hOEpB1YNz9kAQFyBWsVtao7E5GIQ-6Qy6GeQZcVdqGgZDtGHhgObNqdQH7TW3LFHGWFM9BjO0IkC1p_RWqg76sdKEycxTn6WVCSC_xx6BViTtBRwinYqWyf3gYzbEV_g2pa15kqvP4p9fg1UQrhNDMY7ID4Zesc_A2c3HeZDJVro6mZZn1SlKjcsJsPAMg07knXvH1-VQoNsRVlbSfLzTOLVrP5qT2hmtG4vTXHqhC-EyrREVVCaXbwH1aSB27_OFKxo_--WdVSUgUB333x1gJXGcS-26AJuoq13SonSBkUjomWPpqV2kv3hIicbs78C88yp4dEnLjaOpTnNrLAXQRe6Y4c8ilfrGnHh8v3XQDkDMtQcrQBAMpymhgkEfcMguGK2hYQ-TUSxEJg_X8aLu6o96qg1jZVh-Qp-9jldN9cILYrsVQKoWmu32q3mX-eJ-Lmt_QgNo0lFW7tTssFAa-TVUV1wuanCQQ_RCzuy9J5MewLrQToybPnSQj6MDkCqgkMnHR0tFl-PzzmI45syQbll68c3OxThuKo9XvThXuUzQDXpNMWlA00YTVE1fxR2IJPoYFPGl-IKDEIto69_kyAVNK3iVN6-wFRuIu5ipa48WTkVWeAIYd93uQl-_yuEEYymuBKJJOrwo00djMfBw3oUINCBVXTluGainY12El5CjCFq1UMRnenIwaVvr3l5taePcT4NzNfxsLGG-jFtrGcwMafZFcF4bB9Xc527T17wrfBajXOrkD0qMtmZEf9C9vEio1DxCs6L3r-y3JVBS
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://faceitfinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513C 0
20 B 60ms
60ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9230569470717&version=m202401290101&ct=77&x=1&cor=17120068989501518000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Feb 2024 23:02:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yadro.ru/	1970-01-21 02:52:37	Name: FTID Value: 1bl2Bc3MPSej1bl2Bc001IKI
.yadro.ru/	1970-01-21 02:52:37	Name: VID Value: 15L4DD27K2uj1bl2Bd0017Aq
.faceitfinder.com/	1970-01-21 03:43:08	Name: _ga Value: GA1.2.1699676303.1706828519
.faceitfinder.com/	1970-01-20 18:08:34	Name: _gid Value: GA1.2.672500750.1706828519
.faceitfinder.com/	1970-01-20 18:07:08	Name: _gat_gtag_UA_118288288_1 Value: 1
.faceitfinder.com/	1970-01-21 02:52:44	Name: cf_clearance Value: aTpZzRNM_Y4TQqAcC0DdgsFsT1z5qYGZ7PSdDeBf_kM-1706828519-1-Aa6l/IJQwWX4RYy598nwaM6JMXsgpmgiWy50ot0JfSVQM5XeB1gzFjHhf7cH9tXNWkRoES1R/HMxV3wPqZBU3w4=
.faceitfinder.com/	1970-01-21 03:28:44	Name: __gads Value: ID=ddc87e178f21274c:T=1706828519:RT=1706828519:S=ALNI_MY118VpQ9Y0WsnyOU_S_C4ux3Gvew
.faceitfinder.com/	1970-01-21 03:28:44	Name: __gpi Value: UID=00000d4e1a9e25de:T=1706828519:RT=1706828519:S=ALNI_MbKhqPs7sOOT_jJ5ngTIibu9aQD-A
.faceitfinder.com/	1970-01-20 22:26:20	Name: __eoi Value: ID=4bfac85d29303aae:T=1706828519:RT=1706828519:S=AA-AfjaJq65yCyTAbJWhUnQGhtnU
.doubleclick.net/	1970-01-21 03:28:44	Name: IDE Value: AHWqTUktk9Vi3_5OCJ35uxkFqZOfwy6c7bX6XhKFLIewqGez8F86YVHsnz7UwifXLgI
.doubleclick.net/	1970-01-20 22:26:20	Name: receive-cookie-deprecation Value: 1
.casalemedia.com/	1970-01-21 02:52:44	Name: CMID Value: Zbwi6FOe47pbNWPG20ahwwAA
.casalemedia.com/	1970-01-20 20:16:44	Name: CMPS Value: 1216
.casalemedia.com/	1970-01-20 20:16:44	Name: CMPRO Value: 1216
.adnxs.com/	1970-01-20 20:16:44	Name: XANDR_PANID Value: enSXM2WtMS8PGS2giaS_OHAVnzyY8AEDz1pGBb43Opkmm516pWcjaJSwnifclFJss_MV7US7DwZBrDw9PH_cMwB0st0TFiH6zlT40OWhd3w.
.adnxs.com/	1970-01-21 03:43:08	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:16:44	Name: uuid2 Value: 3362422636369859647
.doubleclick.net/	1970-01-20 22:26:20	Name: APC Value: AfxxVi454RVyiKjFLXPVgPV-d3ztwsS_hJ2b_hatCKHEHSP5Th0vPw
.doubleclick.net/	1970-01-20 18:50:20	Name: ar_debug Value: 1
.adnxs.com/	1970-01-20 20:16:44	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>svw+F8!@wnfH8K6pQK`!5=E<L5?%LWdTKSXk0R5k/Z-64i(Jm>iT1]OBR!ON'w=nHbpRzqF1`b`p7zWj
.googleadservices.com/	1970-01-20 20:16:44	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 20:16:44	Name: 8lcfmzhxc8d6_uid Value: 1d3c8c5645fc8608
.faceitfinder.com/	1970-01-21 03:43:08	Name: _ga_BVTETLD9RS Value: GS1.1.1706828519.1.0.1706828520.0.0.0
.awin1.com/	1970-01-20 18:17:13	Name: awpv11601 Value: 113440\|1706828520\|e85d8cd0-c155-11ee-8694-226555b1c0ac
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.office-partner.de/	1970-01-21 03:43:08	Name: source Value: {"webgains_webgains":{"timestamp":1706828521061,"clickCookie":false}}

68 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://faceitfinder.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cdn.track.production.webgains.team
cm.g.doubleclick.net
counter.yadro.ru
dsum-sec.casalemedia.com
faceitfinder.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
ib.adnxs.com
medialead.de
pagead2.googlesyndication.com
pv.medialead.de
region1.google-analytics.com
stats.g.doubleclick.net
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.36.155
108.157.4.70
116.202.48.214
13.42.93.91
138.201.63.157
142.250.185.102
142.250.185.194
142.250.186.102
142.250.186.34
18.154.63.65
2001:4860:4802:34::36
2606:4700:3030::6815:1aa5
2606:4700:3033::ac43:8961
2a00:1450:4001:802::2001
2a00:1450:4001:806::2002
2a00:1450:4001:811::2008
2a00:1450:4001:812::2004
2a00:1450:4001:81c::2002
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2002
2a00:1450:400c:c06::9d
2a0b:4d07:101::1
3.9.158.88
37.252.171.149
88.212.201.198
91.121.248.44
92.123.148.9
94.23.99.218
041e69fec0d260a89a5c691adce86ff258af96155b631a0dbb386a4c2099b3a4
0570931d2615db8b41e958f0129a5d9742b97e2bc131ff91532ad763642fae0f
0667eda68fb825ddcd3b6943d1cd4d05dba270234371d217faefaf3bef078c94
07fd9852819f87c34be27fa4870de8e2fc4ffced013567e87b48cca4a211b0b8
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d761c74afe1079066dbfef46f00421f29185150399fce75e57de437451fe872
1984c4bb2ce10d00cb478c4ab216301e04502e25f2025b30dbeeb019172beb0d
1f8743bd113ae6ca5d03d5c81a29c92df391954454abd24062c1cbf9d0d3862b
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
24fd717e9812621da174e90d6b80ba1d67619e4f0ec965b60c30ba01fc91115a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
41ba294b2f887dc872812d052d7f94700eb73188c3661b556d431e45ae573a3b
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
479b78d3c18a139972350942dfdec8632d5cc5d330ed8bc7f823d133faf24904
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9af596230d1f26dac2a074ba1aa4d3615a4b298801d1137ea62856d47c24d3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57b860b7c8106a64843cb74b602546309ed83c2438c71637f33a60ee70fbe683
5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ecd9e1473dcf281ce74e8a4c12e5d4d2e8c329ab53aa8a84d5afd839e481892
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62b8288d1cf7df39ae7edd87d9a77b67a100e214d7d0f41da64b4ba817ad6198
684a9b9c4d4254b5c428b87f6906f8fc6acd7bb5aa61f659efbd18a0159c8b72
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
76bdeb189fc5b947a0630637d41284a8cfc34eda34753da13ca75cc96e0fd01d
78d63af20e62e032ccff338c375213558279e3094022cfcf4728ec7c618d1a57
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
878ab770830667949c6f60cb6ec92a7ef3f88f8b37640a059b5cecf87169dbfb
886788df1d841dd760fbdb4211e1cdb15901ea9241a16051f43fe0ee9a3fa1a0
88c51cc52aaeea16d1de5164fd28a0525cf32c0d37040e1635a81e313b18c487
9704ae83c647c5be2cace9989fb2ee4fda7b0931e1ef605223ff450bdfacc51d
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9c911fb5edd938f26a0d332996f4cd0f8f4db3cb45fc6197a832fd2b57ec42d6
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4c4a3a9987791faab19896e0f54f2bbb3812a51f25a9bfb296f50c56085ec5f
a53e31b36fad8e514019d21ef4b1537283a877495958cc2136fe198550bdf6bf
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ace44b78e613a7199dfb108bc4b31f8d017c1053d469e231eab78eb60cb51b07
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1610d3123e86bbaf9d65b054fe84887f95d5cc068b22d7bf9929769ca3f01c4
b520e1a53a56a664fa624c3833027e288ec1a3294556310982bc6f1cb8381048
bc520acf60510e5cf6a743d22abf660d91c3d7ba178ce3a7e78e79eb712d6f51
bc8cf21bad06420e37b6e80f0b95335a9e24714b25dd64796f631afe9085a279
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bdb464ae73e64ba898e312c6ab05325abe1a9bb4cc2605b2ffe4b323699600d9
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
bffdb3cc40bb936f2b9832bcccd51a91a4217720f7e8d9b41bccb440c52ccd05
c6f8aad2c2e01e81032eb3ce744f73450e33b1718dd95ee9cb968e76b8512f59
c713683c2b78d0a32002487fd8f92dbbcd4d442a16471429bad89f543b1c3245
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cf20741e17b5d52abda5610e0d3571ad6b7a4abf4416726506d3dca51bdaa517
d3a7c7d2b499d164af40d41d1bdc4292c9450997f5d9a6090026cd1e724a794b
d663e5297a1146a6922c3b70728386a9f7dbca4dfb83a64ed4fe8fc4b4e5ee05
d844dab60438cfbe56efc0cb91b6aa02c24a82864b299a50c94935289ea157bd
d99a3294b83fe3b21e9251c87e7696b7f5ba1651c5d82256db3c0700ead09b57
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2b80247038739299b71545084dc4ebff2edd21e6f1ffafe013376bb2e92c4be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47bc5a57521f0c646bcfd957e8862f6dd4e70852f42c3f26db72836fca82f80
e8bc33c3c3e98f5dad9429d8edac2223d58fe262e91acccc8295262c99106fd9
e8d68cc031382cdd2c54300f97099645b5ba9c5b1411f7231f45dbd11664748f
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed0c6eaa3478a00c70e1b2f691313bde5c397ccea023d1b491095da8dc03d070
ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69
ed5b08a6412963d5a329ef170786120eb8f5ae465abb12372d92969a524717b0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2dabe4f65e60b199d339f76f8b25030cc96166086ca050c88b7dbe167f898e8
f5187e4c63947f213ebf38ff4de935ca80e267f25b3cff0d88a6b456f9cb5594
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f86b446c053722739bdf49608beebb5baf2eb2191d5583eec34019824d02f6bd

faceitfinder.com Open in urlscan Pro 2606:4700:3033::ac43:8961 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

121 Requests

92 %HTTPS

50 %IPv6

20 Domains

31 Subdomains

31 IPs

8 Countries

1953 kBTransfer

4490 kBSize

26 Cookies

1 Outgoing links

Page URL History

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

faceitfinder.com Open in urlscan Pro
2606:4700:3033::ac43:8961 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

92 %
HTTPS

50 %
IPv6

20
Domains

31
Subdomains

31
IPs

8
Countries

1953 kB
Transfer

4490 kB
Size

26
Cookies

121 HTTP transactions
3 data transactions