zvonil.octo.net Open in urlscan Pro
104.21.234.132 Public Scan

Software

sffe /

Resource Hash

d95209cea3f82bb7aac71c4d4cbe0f5c7e0c991635f06194a0b411e11212f718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26872
x-xss-protection: 0
server: sffe
etag: "1098 / 213 of 1000 / last-modified: 1641850921"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Jan 2022 06:59:25 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
51 KB 179ms
66ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0f250095a64e11cc71814da433c67d029d3547269625fa9d83371a1ab736aad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51824
x-xss-protection: 0
server: cafe
etag: 12549695383144240636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 06:59:25 GMT

GET
H3 200 pubads_impl_2022010407.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 98ms
52ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4d964d6d34df7fde3554039d33b468b74afee14d6526a87b926688f0fc8d93c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120967
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 16:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Jan 2022 06:59:25 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 125 B
130 B 90ms
45ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=zvonil.octo.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

133f6bd26aad1c467bdc6c86d6a0f3582e7a1bc1477a7a80e0d17c5d606c4858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105
x-xss-protection: 0
expires: Tue, 11 Jan 2022 06:59:25 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201040101/ 282 KB
101 KB 107ms
62ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2979533909392588&plah=zvonil.octo.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e76464bb5158c3ad0b7e691337453142fa32db46735845ab3780c7999414a8c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103758
x-xss-protection: 0
server: cafe
etag: 13271785760069499481
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 06:59:25 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220106/r20190131/ Frame DD45 11 KB
5 KB 47ms
14ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220106/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Jan 2022 16:47:38 GMT
expires: Mon, 24 Jan 2022 16:47:38 GMT
content-type: text/html; charset=UTF-8
etag: 13671712056976469594
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
age: 51107
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 139ms
45ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=zvonil.octo.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 140ms
47ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=zvonil.octo.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 40 KB
10 KB 724ms
724ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=217545841997741&correlator=2099866361371425&output=ldjh&impl=fifs&eid=31062930%2C44755510&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220111&iu_parts=209694548%2Czvonki_top&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cookie_enabled=1&bc=31&abxe=1&lmt=1641884365&dt=1641884365436&dlt=1641884364940&idt=454&frm=20&biw=1600&bih=1200&oid=2&adxs=277&adys=193&adks=4116272111&ucis=1&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fzvonil.octo.net%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=760x-1&msz=728x-1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=false&fws=4&ohw=760&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bec435af79cba229b2c03f9f5e822ca209b8d816e6b508ec538a3f0478224ec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10353
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zvonil.octo.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 1002ms
1002ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=217545841997741&correlator=2099866361371425&output=ldjh&impl=fifs&eid=31062930%2C44755510&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220111&iu_parts=209694548%2Czvonki_side_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie_enabled=1&bc=31&abxe=1&lmt=1641884365&dt=1641884365444&dlt=1641884364940&idt=454&frm=20&biw=1600&bih=1200&oid=2&adxs=1039&adys=541&adks=1556906017&ucis=2&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fzvonil.octo.net%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=false&fws=4&ohw=300&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4bd98c1f0b732c0f3bd2274ac262cf32c9de7cfdedc9e95c7647a4f051013c7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9493
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zvonil.octo.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
10 KB 965ms
963ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=217545841997741&correlator=2099866361371425&output=ldjh&impl=fifs&eid=31062930%2C44755510&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220111&iu_parts=209694548%2Czvonki_side_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&cookie_enabled=1&bc=31&abxe=1&lmt=1641884365&dt=1641884365449&dlt=1641884364940&idt=454&frm=20&biw=1600&bih=1200&oid=2&adxs=1039&adys=1914&adks=3260532487&ucis=3&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fzvonil.octo.net%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=false&fws=4&ohw=300&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c66673c4a0a291e6a8ed0d7aef613d1c0bb04b8554fab90079dd152ec133b78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9961
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://zvonil.octo.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame C5BF 189 KB
55 KB 151ms
37ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Mon, 10 Jan 2022 12:47:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 10 Jan 2023 12:47:33 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame C5BF 13 KB
5 KB 210ms
96ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Mon, 10 Jan 2022 12:47:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 10 Jan 2023 12:47:33 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame C5BF 89 KB
28 KB 214ms
100ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Mon, 10 Jan 2022 12:47:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 10 Jan 2023 12:47:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame C5BF 5 KB
2 KB 230ms
117ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Mon, 10 Jan 2022 12:47:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 10 Jan 2023 12:47:33 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame C5BF 40 KB
13 KB 231ms
117ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Mon, 10 Jan 2022 12:47:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0f988502fa2967b0"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 10 Jan 2023 12:47:33 GMT

GET
DATA 200
OK truncated
/ Frame C5BF 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5daa5430d63c6b5c7b11c67421b7f287807a41dec274d6b9cc55f6ac604cbf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html Show response
6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7C31 6 KB
4 KB 162ms
46ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 11 Jan 2022 06:59:29 GMT
expires: Wed, 11 Jan 2023 06:59:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3BE1 6 KB
3 KB 158ms
48ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 11 Jan 2022 06:59:29 GMT
expires: Wed, 11 Jan 2023 06:59:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 15680229225582365518
tpc.googlesyndication.com/simgad/ Frame C5BF 20 KB
21 KB 121ms
39ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15680229225582365518?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlHqjNPEg_y71S3H-dJzSGdnmxbmw

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f70fc5a7da56cab1ef4fa5ecf1e4ea0fab3d6131ff4756cb6b4169b89da40188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 06 Jan 2022 17:21:05 GMT
x-content-type-options: nosniff
age: 394703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20949
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 15:51:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Jan 2023 17:21:05 GMT

GET
H2 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C5BF 3 KB
3 KB 157ms
75ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 18:06:10 GMT
x-content-type-options: nosniff
server: cafe
age: 46398
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 11 Jan 2022 18:06:10 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame C5BF 344 B
574 B 157ms
75ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 50423
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 11 Jan 2022 16:59:05 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C5BF 0
0 131ms
46ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-ysW6ujDSk-fn32JT_pqpMYPFYMO4OSwxoDqLUbRcHB0TIpTwq-tKkquJfzK8BEMl1q_FAOmR3ZBnj-Gnu8LrKeOZbg
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C5BF 0
0 81ms
81ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CsMn7zirdYcbQCoSU7_UP2_qQ8A2Yjfu9Z5TJ4f_XD7_hHhABIMS02jlgleKQgqAHoAHnlpyaA8gBAuACAKgDAcgDCKoE7gFP0I5HHT7UMy3oHgP8MWL2IgYtyKJ6PFS_08ubWWBJDWkBr6OPue7-d0fj3dSz34lqNpIdpFyIxqppIfw4vYXpyr5NjTf8564IjgzrCBh_xOS70IQQHaOfjkzhN37bm3X9OAq-yKdzMP2hmXEtIgCAaG82BJASQvrm1yJxQu96aCfqFahGrfNyBYxaNTwlCuVmnHfge7IA-PBfIwY3dwKhNllhU4iWEn9PCT1oeqwTEPMMrVcUw1go1niU1KsexF1EeXHEWckzQgpMi_NkaDKilFo92u-RubBII-DYYO3g0t51liIo3QGIHdIwuhfowASVzOWA5APgBAGSBQQIBBgBkgUECAUYBKAGAoAHgenjZagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEISJB9IICQiI4YAQEAEYHYAKAcgLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi0yMzIwODQ4NTA4MDExNjA2GMSaKw&sigh=lRu4hN_-KQ0&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
415 B 47ms
47ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=zvonil.octo.net&callback=_gfp_s_&client=ca-pub-2979533909392588&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2979533909392588&plah=zvonil.octo.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

cafe /

Resource Hash

7b90fc38c597c1fe93f5a3921126128ada83cbdc3a5feadfde827a33eecc1fce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 39ms
22ms Script
application/javascript 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=zvonil.octo.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F684 26 KB
12 KB 555ms
538ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56f708d287d177925bb2fb1b86d9ee36f0deff6ae18fa902bb882ed4ac836bd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 11 Jan 2022 06:59:29 GMT
server: cafe
content-length: 12044
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DF25 25 KB
11 KB 402ms
394ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de79125411d48f0365370a159a829416bb221fcc0e339514e2d1c07eee873d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 11 Jan 2022 06:59:29 GMT
server: cafe
content-length: 11576
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D827 26 KB
12 KB 290ms
288ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4070aea87f9e336cffb3f03f2ad4d70661c42a9eeabb38dafbe3aaef2225544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 11 Jan 2022 06:59:29 GMT
server: cafe
content-length: 12015
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 90ms
45ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=zvonil.octo.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A960 0
16 B 20ms
20ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&adk=1812271804&adf=3025194257&lmt=1641884368&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fzvonil.octo.net%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365264&bpp=1&bdt=324&idt=2995&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90%2C300x250&nras=1&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=3004

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 11 Jan 2022 06:59:28 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7234 624 B
297 B 27ms
26ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiFs9e9ATAB&v=APEucNUTOgOkusaJTutGNLOTw1tkP2cIT8s4LZ4dTAZ8fa7TCnVZWOfUT34PkjihbxIK4ZbiYLEe3esG8q6QkWARIofT6ZQHAr0WYMzbFwo3k6G2_0VdQwz7r5eelRLAbYtbgq4Gh4SwOoQ-IHQsPCS-V_xq-w9F_qjYAKzgWe-f5mrEHOhmo34

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 11 Jan 2022 06:59:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7C31 75 KB
31 KB 65ms
64ms Script
text/javascript 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeUXoI4VDf884ESbX7UE0lTMSVJ4km6H51XAZhzKzkoHvHIadWwj3LbGUwPchYWs7aQ9leq0YTRAbe9H_9sbTPU9z_1uiblA23NhW1V4ge636nDmAZOpidie0vfNIgFFuLBIg1rRyrp-In1Xxn9vPtuHjr4Q&dbm_d=AKAmf-BqPy5S5vS4hIhJUTm2Oi89BnsUOboHpqK_W5LBXCfXQh3b-PiueAKuekaeCpybZEJfPjp_GuXi_O35wI4G5A5K-is2LS8ZwMquz9Wn1xbR_rmhUkyNXhK2_68IIn_50wb733T5D_s7IJsPiQ8kKVctJ_8eTI2s1OFIoIUHETAUIJSDTiwpR1iWUMdWCL6mj6xVZPbOXTBFPKTHTiZiPWl-UfKktPSkthyz7gfA3OT6fO275B-a3-bE5OJNqtqemLeVINIUzhQfZF_YRgc4e14TAgx44a2vwi7hKZwyxWt3yicl69pdsIgBQGCae8gNAtjOMfu8r_p6bOZgVYW7iy6m1rsWHIOAyrKvmPtlwXFTmw4GAsT2A8J8HXJ52pBXNBgW-RDKKpEgu8MgJwzsmTzYzTxbRmS9zTUXFh59v-ciQ1gySRurrKGT96l_OGeS3t7EedryqytZBthdcFDHOMWiVCHerSTS_6nSxfbl2G5QCRewT97jMATJoH7rsHhbz5inJZj5ycZ2c0Bc60M_PWPZNZucJqHIhaVbQUh88Nu0TmMBX8eU6_U67rqlo0JScW-L8Ykn84tdWDsrdbf97CV1VocctsnYV0LeHIYluXUU-hHAKbeRnD6PKUEDlHpJjWlNeMjWYYlyg5nUpOV620L7PNy33DS0Eij8mIXrD9EJPBuYGa5ziSs45xCr2XgzAkAD52yzGUgCWJVaFC6TvepPqIB73x55Ei6FwJ8vkC1fuwONbUvCVuev86R3UJ80XSxWDfPwFRpskxfDbmTVw0fNWV4Hu4JidxN7rF5HTl6NMD6xmj2H9Ak8s6XaguZBra4xGtK90mdLD4w9vzvEEf1hyDztn1ZDajo2yBYUFB7UTqQ8D71fOaHH_VBQoi_gzVGA1o1N35cBWMpMU7Zycg0hO3eyXDVfpxTvrVW-RiVK6Q4YnyRuppLKg9_cs7vBXrlPzB5Xr6KMVYKrcOPlcbXMeQTU7fGsVpY_ZXjosAFpk1aqZZotBACvsHCfL34GIgqDyDIok9Zahn8DcLKMolQlUe0d5_ACJKEcBos-HY8NQCs2JVwbMUdCp-OE8MEX88FbWh1usqJcIe5xLRVOni8nKN0qidPG16QQDFlxgD7-hsBtAxlwWNww9U2sM6GZ-AvsJg1rVRZ76aCDsxxx9Jn-KSvtJhwCyRDcMzNh-0DYVtuieVNRaZEjJwFlUkYNoFwRQqaFI1IwBT9Kt6uoM0GSbbuTeYmZQM67nAHZEVN4ljgpdNgcLt6Bbfb1GLCGxqJ8QWTiu8cKFVhyN2kv7UrmbsIQsE7MXXPKZgvcX82vgm1I9iO4f0lWGgib-wseNbkUO1JSLPtM-TKmfNRsofNctBBibEECtIwJtE6W7TkNgn3NbSx-d_t-6OvgKnPJse9GJ_VHnkwGvpbUskIoFkLZmB0wstBpwGrRKE1qPYbRrT8ScMEgva2-e6tHzLsJbx-_ONAJ_nGF046Iqo1AWm7Pky99ydvCgND-u-SuRCSrYv01UGSxU85IYyWZqWV3XOYq0TNWKgrQEjI_n_EHfhzCzMDPnPitXOpVo1FluCW5tZSbBln9MCcAS6OKr5qYmf5fKq_PCpKv_no1bk80c8YSrGhxn4-Hlv4RXNnfUdOcv0LoL1AQfLgSXvktjeJJrPOZRShQWqV1P6X7-7UrKagV9nLey7r4lpZTihejwU0Qzysg0k7nWauldHiViXsJRNM9WDJB8NyuBoDKBgosCmK-RlA8OboNBjb4GJAc-SEPXpnaRHCh6H-IRF7qLdqwiB7z0ZtS3lMTn5MZ9UA5h8JKAa0LPI7lHiTggltfFOPBGFBCSB2kaFk_Ja0sKD5yTGOol_HvLei2rb1auL7ZZ7EY4i4pwQ-gzup22vllyrlC_BEOMPQv3RDOUQnSPZihckbQdkkOPeoEnQCMb0NVjebJkDB-QlVDhe16g0Q7i4UF1mPY4yI4tRu1ATKmRsJUsOBhIWUfRIIza596_ghovD1zI0-JU-n1luG50XNEob6wt-lDo7kx3eRdfQxHOWQeXqjBAGtXwdpPojAbD5M7kUbyaeFHcdXxlhkadP1_OMpcpWJojS_mQ8eLQrcFDuT8rfHggwtdK7FtILZbTe4Fzk0yvIeoekw_XPndsR3RBJodKH2-ZV_w0ze7pb_Zw7bQMFvl6GcCsYZtRgsP8lmoiAhJwmguJXYNeAAqwDhWuK_eQWQtNXF3I1y4fch7g0f_VhKxj3Nei2SsmPT_kyBvK908nw_qVpSGgLDffafs-ufq5r1q0jN5nbKvdPgyO20nek9A5Uc70qgGEgQCnmvgBEV-NUVMiDCL4FygcETJc9WAEvTA4yyMGcUHHvmwwDeSHsFGJtFmgNOtV7WlWyr9Ekw3QjD3I514LMTgTKkhw3L10wybLZgFSrpVbT9SiFlqsOAMUIu9MPOLkd9NspzkMlVqz2jGeHIh15B5ZzOs3YOMkBPDBhDEmsFuMrSib_0t0Vpl4AuorDGCoPT4hUxWs_mulrW1sUnma7aUoT_LpdniYHqVmwiyvQC9Iu7I9NDdBAoCfQdj4ZXt6bd8prC6Q_Ygp6OKNHyP5VvnL-bihhrtev24BD2cYSe6YhuUHGEddeS2nm7NohdKgM4eyQYWzrlsgzWBTMcIQ-e8AGwP-poQM4xc6xA4c--xiKy7G2e4y7OPaORy0mo8yK-pGJXJylpB2hwyRcqC3pDi8DyGmkNY5NLpQEqYZLoGk-IgbQxgUVz9P_4DKzo_MUdYaKz-j8MT9VrIA6i46L6047cgh0W4JWH5kSoLaFD7VF70dTDYV2Taepcqt4cymwPkoefbDDR39Oq-0VZQFyXI8xGenKPABdsmMAcOZwXJTX2A-Orpy09czgnwlgbtfJEVsiw6FaOeSVFeb_FKN73Asvxnprum9YWBHCBdwA1J64D6-WiJXEmRRiJN8EKseOMnDt0rV5k6-yDWI826E-XJcHn7XFl9DODwEbCopJvHHQcHHluuVSzJV5uWno3V-sJ-x8G1hLe2vwNxuKMFkUU9zIQKwdFm6S8n2DhyB8hUS6Scy0-Ao6vH7EC01vmqfpAqO7C1PrIgp1a_Cw&cid=CAASEuRoYwalgOHBrhVMaT_8SEFINw&rfl=1%2Chttps%253A%252F%252Fzvonil.octo.net%252F%240

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c2afc13bd91fe3b9cac3872cafabce240a06f8b76e25e6c8e8448db515faff5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31292
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7C31 42 B
63 B 69ms
69ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ACeTUtissVV7ylxpqsHSRIzGGBAMdCX59LlGjW84JdyHmpQjCDMjeIvqh76CAjov1UkH29ieOlmKXey_4aqgwhh0BfvwRRNeueXTKXxP6UXQe93l8

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame 7C31 2 KB
1 KB 98ms
49ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:33:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7C31 120 KB
37 KB 156ms
67ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fafe7818a41c059503c456f7c05b733a3334e9e0ed4241cc9189600b9ae687e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641817384012296"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame 7C31 15 KB
6 KB 87ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d847a2b472bb4f98a901aecde2461eba0d47978d1ee4c0e386e3ee299e8ed96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:43:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 10427043382315408254
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:43:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7C31 0
0 92ms
46ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSHMGT3yoGqPHiG8cz6G5swxDEbBZw-tmYILDpSGYxdw4pWlqcUKfJe6YZ3Vnb4YfdWlw97QrEd5iZTsojCyUWZb7KFTA
Requested by: Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 11C4 624 B
297 B 21ms
21ms Document
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi0rta9ATAB&v=APEucNUp3zYUHmtKRmhk30mGpm9fNdn59KUvB_kn1UtxbBV1EAEN_gd7v_ebqF7RAWsh6r1jTBJmJ-Q5EAB7Vai-_kQB6ADdUYCgx-lOB3Lq-UKEnszo9Ng21zy790wtSM35Z-uYjZmXPj35LVoM7Stb_hGQ_vB8J7D7jpds93Rk0CRdN8pL_50

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 11 Jan 2022 06:59:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D059 78 KB
31 KB 66ms
65ms Script
text/javascript 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AkKbMyKG2T01LDMOcUrCI9JaawxekTd5uYsOCGuiAbiwVc22Wy_z80IExeSA7XChWyMMXUt4NWnY-4KzjoKwnk-Wjh-7yUklD_lrI9_zjwFNyKF_GWHxvDyfoKNM-uDhqrpSHD5MJ_BZOUrUszYkhFpmABiQ&dbm_d=AKAmf-CUobWKQ1_UjFoRy2jTo9RB4-IqANpOW22zqGAkI-KNNr50wMUzj2ufTL2KB_FuRNCqUyXM4hx4iD2JtgN6M8KCS0s4WqnNalS9wVJ48J-0Dv_5anTnZIcpa3y2nrW8Gj4LZyK8Xh8dvmNBFawPN-n6yClCW-bXkeYU4RJ2soEtcrU1RkEeCuKuPRLHZIS7bKL6JywfvfAHbEq3v3djEY4HPCEDi50pFCbYl3iJY5sPPR5kb3nyvVjN787YA6LegZMfzBL7hZ8g5B1vgd56R1imjnBrQW0C3UrCg9XL6kuAwzyjcedLMO4Hg5IMsRmxb1wSlpBi4E0pQvXysvgMEbqx5obI4tb_JH22voUzUlK9PKEQw9CaT8AiEPPd5Y0DZkxQsCY1MLMXLci1d1k3KgWLjPWuiDumAXzbqLGOJQea9c_l9u7EVpEdt9jvvN5k6F-FLxa4U9GYz8aanAC8YFjt2I_K6MpH0Yt0wQNmN6V82fuNiNPJzE4345spa5StYK4-qy_PY2gKFb7dOHP7TMBD7kOxhDTY6GZHKLhuRl_JG-ihjVUXDiJM540H_X0wLFMtWWrXgyFPU04mhzpWhpLbxvJpOPmSvJvkFhSljuRMOUSu0XZXEsU_vxpkfqLprW0e6LAY6di1Cbb0cS8h2pzniLOdz2eGH4-vc-4ivO7Gouj4Nvc_Vcmi__zPiT84wb0RV-YLX8SIjrrs_vJ8I5Es-kuRSm7m38swnXEfGRicEQ1B0-dhZx2rjjFGDPFUyYbv3wJ5RHNo0XdqxHkRUwkHQfAN8I6HaRW-RNRWol4VCnwyb1qLjfyHRwHHIK6sEGCkYrca2kMGCgWvkOH8_oycEyMcOcKscTYZtwdzkYf4yVvo5IoraDs_rlVhXrQe7aiuNAr6xEmUEwtCKCf9FUoeHIT6B78YUHyakR3lEphCKMfvAms7M8K-HwB0qmAN3Z_mZSA0M0xKvcEdeGdSI73C0JWWUEsWRsl0cZqWv0crM-Ub_6zkv8lnvqLPhTDK2is6mK3CFKBoZMWoSyBAWNFTHEJ8ikcYNNtkS0y-mVRKl9QuGz0BEeoHn2m5tzsnEvblwbozsdX2NfBHV2mFTaEUkSy2Nc9zyn_Osb9BvogTFcC2aCMGkK2K0z_6MQgaBXmZGzQxYVFg-zZj36iwbuihrdaUJWKthWUJXtKDYkJ7Lq9FqSkRLRPF78XTvZou2YITjwHnbTdiFzxFj68xaI9Iaa7BmHsZ-DcW68qGQX1gjN0vmsnwkLMWgGVIGOPnUJiqjHPGY8NeALPB4FHKkKtmi0CbWFYmVc80amg8wO59o_dAjA3zfqavDR-SjBUO8VSyBVOHjujqBwhhn5vkIEH24uWes1l3tI7hh3t2U7fmlnXbQ0dz51BYVzMS6J3XL0vzANO4spnqgx1BC0ApZ_rPgoMV9WnRW5PToEd76p3cYHYioTwd53_UXqdYnPKhHew4VWATRNPCDMmcfx8bfWtXBmsV7cchBxWafPGb1KNzSzC8zP0lzfYPvi90rZVSJee-kEyo7lU4sdZkjDD1cJmBS7i87N0VZ9x-vd3oBTGOdou6GD45kudQkMmHg-1pmTELX9-2j1uKWJLUqZwoDX4luPvqv9z00xqcUpfOujao3dDKJYGUg3iJy62YEcsqrubX6mkbTqV2Si33b-8xoCLxnYOMjXdxl-GQ-yhK--SgJacjhdNnIBcqW7r-CksVGJMuwqxCX_9IEga5y8psrbtuRubsuungSAzIZs5CPxps98hAnWhgEQIdIBk1tq-LST3yh2pRBwgMv2_hUA38SOiQmyf76G9d8qpB7bhv5n2qmuxpxeMGCxSn0GEYSFuifi1kjOJi5oDk71WQfsC_m0YjCkKq7yvykKHQYHSa1jTbUyVrKjWBLIOBm_XaLdJ8h447kIkH0fPpznn5vxAvafS_04t1kvh2ZFzC2RStwFiTuz-YEj4jXPGEYfERCuTqazE7N9xpLuFA8iX4nJ-zuiFZG_X562WUkZyHdzfpGIAyCj5sfbOXPd5UIiOxqlVNbNCw1AzVETFNJBTH8PThgqD3W4aYTnLYoCKMKTpRw86nf3Zq-jQ3Ses-Qe5En45KH_7iCmwxTTXABW_eGErGq61n0Qow53ckSFKDk4rfqbatp1NVOJq3V3ziRUCOu1njtI6KH9VdXhcqzydD9REyRX3AIwIv88919bJ7_fk8AD8mZrOhnf-Us6eDmtQQH1Hc66cqe1q0mzKxfFaofiQboSTvav5NCthDqFgY0OQ7iQeSgdnLvz2eDlbVcAkYRZwGMFDmgZD48lO0e3uVby05TgUtu8cHStpYjaDq636zylIztuUDt7jMa7UbJRvrAFzPHd37zsypcMgLXllvHSA7x7PnkKhAPhFvomlu0XWc7NXN1Nm7c_MUN9DS-w7IQnG1Hw5-o-pGRLhYLKFsdeNwBrQgnq7qRkMA7Jq8k8TUl-XsL3Ww91dlvd8lviRrfncdZYjLaYPUpPvcDWx_RfbLe1O4F9ncngjgtKEA95hiqnfdcdAwh7uxRRhh5fYDv_zWmGjS2NffwmjjHsOHAIuuXGu-iSZD35Oxy5FYBvaMbXRMQDpZCraf_uLB8Irtt2hmkSk4V2pQdvY-HfGM9O_6c1A4eTw_Ce-QTXkvucdjIsl9PCeP682dz13-bbGaLkn8UMJcWal0qzyihLS75EccXSWOvepHMClOymiVseyoLSE7ZBynYsAAZMPs9x5Q8db6cHRc42dbbkPXnssF4dVbV9woSbhhjDN42Yu6_l597F-daYozeQJaLubmr99pHiFiEgQYL7bDzA2xy1ZXwtFa-8q86CUfyMBlEvOqtNa78DwD9j890HA4cA83S30eQws0X_fuEts5teD7Tg4yupKabkiDiZBENmZGJmmorAKuYYMdE8NxfFm23XyQiBGMg0PEsESE6lqcwysKjAL9UXMqtyjoiXF2F7C9kKWzJuWWnWDxlBuuUNzcrsg3URGR8jU_qfJmPPkd&cid=CAASEuRo6lvpjp49P1rFD30N6GXMMQ&rfl=2%2Chttps%253A%252F%252Fzvonil.octo.net%252F%240

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3c8c4495bf59ad3f37d324e4356a3b68db6e895b14353c08dccc57d157cf411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31294
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame D059 2 KB
1 KB 85ms
48ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/window_focus_fy2019.js

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:33:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D059 120 KB
37 KB 192ms
116ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fafe7818a41c059503c456f7c05b733a3334e9e0ed4241cc9189600b9ae687e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641817384012296"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame D059 15 KB
6 KB 77ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d847a2b472bb4f98a901aecde2461eba0d47978d1ee4c0e386e3ee299e8ed96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:43:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 10427043382315408254
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:43:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D059 0
0 81ms
46ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaThoOr41zod5SFcVuC5qoNZaJEh7evDEgmKhGHm1U81Gt1AzOJgNTwXEcPfOeBBk8xVnC7NI1wncfkQCSaMgoKiVPH0dA
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D059 42 B
63 B 72ms
70ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DgVsYgIcvC3zCZ0lNeu_cqLsG5algjx_zhw-zU1fuyam3sBNnw99-NOmSuknDjDYZhO4XhAl2xgQGUFXGExyntKaQik5JqnuT5y2ikNUPDnAMm4zw

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C5BF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

83ms
82ms

Image
text/html

2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: H3
Server: 2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Jan 2022 06:59:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7234
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1

43 B
894 B

17ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiFs9e9ATAB&v=APEucNUTOgOkusaJTutGNLOTw1tkP2cIT8s4LZ4dTAZ8fa7TCnVZWOfUT34PkjihbxIK4ZbiYLEe3esG8q6QkWARIofT6ZQHAr0WYMzbFwo3k6G2_0VdQwz7r5eelRLAbYtbgq4Gh4SwOoQ-IHQsPCS-V_xq-w9F_qjYAKzgWe-f5mrEHOhmo34
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:29 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7234
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yd0q0Ufh5nzy8-eAFlzZ0QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1

43 B
894 B

37ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiFs9e9ATAB&v=APEucNUTOgOkusaJTutGNLOTw1tkP2cIT8s4LZ4dTAZ8fa7TCnVZWOfUT34PkjihbxIK4ZbiYLEe3esG8q6QkWARIofT6ZQHAr0WYMzbFwo3k6G2_0VdQwz7r5eelRLAbYtbgq4Gh4SwOoQ-IHQsPCS-V_xq-w9F_qjYAKzgWe-f5mrEHOhmo34
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:29 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7234
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI6C5ucvPec4qFt3m3yt6bI&google_cver=1

43 B
1008 B

39ms
35ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI6C5ucvPec4qFt3m3yt6bI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiFs9e9ATAB&v=APEucNUTOgOkusaJTutGNLOTw1tkP2cIT8s4LZ4dTAZ8fa7TCnVZWOfUT34PkjihbxIK4ZbiYLEe3esG8q6QkWARIofT6ZQHAr0WYMzbFwo3k6G2_0VdQwz7r5eelRLAbYtbgq4Gh4SwOoQ-IHQsPCS-V_xq-w9F_qjYAKzgWe-f5mrEHOhmo34

Protocol

HTTP/1.1

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e84af726-455e-4dd2-ae48-08d207f7dd12
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI6C5ucvPec4qFt3m3yt6bI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7234
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA1ODY0ODU1OTU2NDE4ODc3OA%3D%3D

170 B
188 B

100ms
51ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA1ODY0ODU1OTU2NDE4ODc3OA%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0a38634c-5bca-4c18-8ba1-445f6f4f4679
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA1ODY0ODU1OTU2NDE4ODc3OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 11C4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1

43 B
894 B

15ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi0rta9ATAB&v=APEucNUp3zYUHmtKRmhk30mGpm9fNdn59KUvB_kn1UtxbBV1EAEN_gd7v_ebqF7RAWsh6r1jTBJmJ-Q5EAB7Vai-_kQB6ADdUYCgx-lOB3Lq-UKEnszo9Ng21zy790wtSM35Z-uYjZmXPj35LVoM7Stb_hGQ_vB8J7D7jpds93Rk0CRdN8pL_50
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:29 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 11C4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yd0q0Ufh5nzy8-eAFlzZ0QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1

43 B
894 B

29ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi0rta9ATAB&v=APEucNUp3zYUHmtKRmhk30mGpm9fNdn59KUvB_kn1UtxbBV1EAEN_gd7v_ebqF7RAWsh6r1jTBJmJ-Q5EAB7Vai-_kQB6ADdUYCgx-lOB3Lq-UKEnszo9Ng21zy790wtSM35Z-uYjZmXPj35LVoM7Stb_hGQ_vB8J7D7jpds93Rk0CRdN8pL_50
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:29 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEZUZ4LyG2FLpn2LH-6wEmg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 11C4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI6C5ucvPec4qFt3m3yt6bI&google_cver=1

43 B
1008 B

48ms
48ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI6C5ucvPec4qFt3m3yt6bI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi0rta9ATAB&v=APEucNUp3zYUHmtKRmhk30mGpm9fNdn59KUvB_kn1UtxbBV1EAEN_gd7v_ebqF7RAWsh6r1jTBJmJ-Q5EAB7Vai-_kQB6ADdUYCgx-lOB3Lq-UKEnszo9Ng21zy790wtSM35Z-uYjZmXPj35LVoM7Stb_hGQ_vB8J7D7jpds93Rk0CRdN8pL_50

Protocol

HTTP/1.1

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9036f290-d383-4c5c-a09c-bd118a1d467e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI6C5ucvPec4qFt3m3yt6bI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 11C4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5OTg1MTU1NTY2Mjk5MjUxNg%3D%3D

170 B
188 B

54ms
51ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5OTg1MTU1NTY2Mjk5MjUxNg%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b01f7d53-8a76-48fd-b695-2021c5196cdf
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5OTg1MTU1NTY2Mjk5MjUxNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 7C31 169 KB
59 KB 126ms
40ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
Origin: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 18:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 18:05:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/elements/html/ Frame 7C31 8 KB
3 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeUXoI4VDf884ESbX7UE0lTMSVJ4km6H51XAZhzKzkoHvHIadWwj3LbGUwPchYWs7aQ9leq0YTRAbe9H_9sbTPU9z_1uiblA23NhW1V4ge636nDmAZOpidie0vfNIgFFuLBIg1rRyrp-In1Xxn9vPtuHjr4Q&dbm_d=AKAmf-BqPy5S5vS4hIhJUTm2Oi89BnsUOboHpqK_W5LBXCfXQh3b-PiueAKuekaeCpybZEJfPjp_GuXi_O35wI4G5A5K-is2LS8ZwMquz9Wn1xbR_rmhUkyNXhK2_68IIn_50wb733T5D_s7IJsPiQ8kKVctJ_8eTI2s1OFIoIUHETAUIJSDTiwpR1iWUMdWCL6mj6xVZPbOXTBFPKTHTiZiPWl-UfKktPSkthyz7gfA3OT6fO275B-a3-bE5OJNqtqemLeVINIUzhQfZF_YRgc4e14TAgx44a2vwi7hKZwyxWt3yicl69pdsIgBQGCae8gNAtjOMfu8r_p6bOZgVYW7iy6m1rsWHIOAyrKvmPtlwXFTmw4GAsT2A8J8HXJ52pBXNBgW-RDKKpEgu8MgJwzsmTzYzTxbRmS9zTUXFh59v-ciQ1gySRurrKGT96l_OGeS3t7EedryqytZBthdcFDHOMWiVCHerSTS_6nSxfbl2G5QCRewT97jMATJoH7rsHhbz5inJZj5ycZ2c0Bc60M_PWPZNZucJqHIhaVbQUh88Nu0TmMBX8eU6_U67rqlo0JScW-L8Ykn84tdWDsrdbf97CV1VocctsnYV0LeHIYluXUU-hHAKbeRnD6PKUEDlHpJjWlNeMjWYYlyg5nUpOV620L7PNy33DS0Eij8mIXrD9EJPBuYGa5ziSs45xCr2XgzAkAD52yzGUgCWJVaFC6TvepPqIB73x55Ei6FwJ8vkC1fuwONbUvCVuev86R3UJ80XSxWDfPwFRpskxfDbmTVw0fNWV4Hu4JidxN7rF5HTl6NMD6xmj2H9Ak8s6XaguZBra4xGtK90mdLD4w9vzvEEf1hyDztn1ZDajo2yBYUFB7UTqQ8D71fOaHH_VBQoi_gzVGA1o1N35cBWMpMU7Zycg0hO3eyXDVfpxTvrVW-RiVK6Q4YnyRuppLKg9_cs7vBXrlPzB5Xr6KMVYKrcOPlcbXMeQTU7fGsVpY_ZXjosAFpk1aqZZotBACvsHCfL34GIgqDyDIok9Zahn8DcLKMolQlUe0d5_ACJKEcBos-HY8NQCs2JVwbMUdCp-OE8MEX88FbWh1usqJcIe5xLRVOni8nKN0qidPG16QQDFlxgD7-hsBtAxlwWNww9U2sM6GZ-AvsJg1rVRZ76aCDsxxx9Jn-KSvtJhwCyRDcMzNh-0DYVtuieVNRaZEjJwFlUkYNoFwRQqaFI1IwBT9Kt6uoM0GSbbuTeYmZQM67nAHZEVN4ljgpdNgcLt6Bbfb1GLCGxqJ8QWTiu8cKFVhyN2kv7UrmbsIQsE7MXXPKZgvcX82vgm1I9iO4f0lWGgib-wseNbkUO1JSLPtM-TKmfNRsofNctBBibEECtIwJtE6W7TkNgn3NbSx-d_t-6OvgKnPJse9GJ_VHnkwGvpbUskIoFkLZmB0wstBpwGrRKE1qPYbRrT8ScMEgva2-e6tHzLsJbx-_ONAJ_nGF046Iqo1AWm7Pky99ydvCgND-u-SuRCSrYv01UGSxU85IYyWZqWV3XOYq0TNWKgrQEjI_n_EHfhzCzMDPnPitXOpVo1FluCW5tZSbBln9MCcAS6OKr5qYmf5fKq_PCpKv_no1bk80c8YSrGhxn4-Hlv4RXNnfUdOcv0LoL1AQfLgSXvktjeJJrPOZRShQWqV1P6X7-7UrKagV9nLey7r4lpZTihejwU0Qzysg0k7nWauldHiViXsJRNM9WDJB8NyuBoDKBgosCmK-RlA8OboNBjb4GJAc-SEPXpnaRHCh6H-IRF7qLdqwiB7z0ZtS3lMTn5MZ9UA5h8JKAa0LPI7lHiTggltfFOPBGFBCSB2kaFk_Ja0sKD5yTGOol_HvLei2rb1auL7ZZ7EY4i4pwQ-gzup22vllyrlC_BEOMPQv3RDOUQnSPZihckbQdkkOPeoEnQCMb0NVjebJkDB-QlVDhe16g0Q7i4UF1mPY4yI4tRu1ATKmRsJUsOBhIWUfRIIza596_ghovD1zI0-JU-n1luG50XNEob6wt-lDo7kx3eRdfQxHOWQeXqjBAGtXwdpPojAbD5M7kUbyaeFHcdXxlhkadP1_OMpcpWJojS_mQ8eLQrcFDuT8rfHggwtdK7FtILZbTe4Fzk0yvIeoekw_XPndsR3RBJodKH2-ZV_w0ze7pb_Zw7bQMFvl6GcCsYZtRgsP8lmoiAhJwmguJXYNeAAqwDhWuK_eQWQtNXF3I1y4fch7g0f_VhKxj3Nei2SsmPT_kyBvK908nw_qVpSGgLDffafs-ufq5r1q0jN5nbKvdPgyO20nek9A5Uc70qgGEgQCnmvgBEV-NUVMiDCL4FygcETJc9WAEvTA4yyMGcUHHvmwwDeSHsFGJtFmgNOtV7WlWyr9Ekw3QjD3I514LMTgTKkhw3L10wybLZgFSrpVbT9SiFlqsOAMUIu9MPOLkd9NspzkMlVqz2jGeHIh15B5ZzOs3YOMkBPDBhDEmsFuMrSib_0t0Vpl4AuorDGCoPT4hUxWs_mulrW1sUnma7aUoT_LpdniYHqVmwiyvQC9Iu7I9NDdBAoCfQdj4ZXt6bd8prC6Q_Ygp6OKNHyP5VvnL-bihhrtev24BD2cYSe6YhuUHGEddeS2nm7NohdKgM4eyQYWzrlsgzWBTMcIQ-e8AGwP-poQM4xc6xA4c--xiKy7G2e4y7OPaORy0mo8yK-pGJXJylpB2hwyRcqC3pDi8DyGmkNY5NLpQEqYZLoGk-IgbQxgUVz9P_4DKzo_MUdYaKz-j8MT9VrIA6i46L6047cgh0W4JWH5kSoLaFD7VF70dTDYV2Taepcqt4cymwPkoefbDDR39Oq-0VZQFyXI8xGenKPABdsmMAcOZwXJTX2A-Orpy09czgnwlgbtfJEVsiw6FaOeSVFeb_FKN73Asvxnprum9YWBHCBdwA1J64D6-WiJXEmRRiJN8EKseOMnDt0rV5k6-yDWI826E-XJcHn7XFl9DODwEbCopJvHHQcHHluuVSzJV5uWno3V-sJ-x8G1hLe2vwNxuKMFkUU9zIQKwdFm6S8n2DhyB8hUS6Scy0-Ao6vH7EC01vmqfpAqO7C1PrIgp1a_Cw&cid=CAASEuRoYwalgOHBrhVMaT_8SEFINw&rfl=1%2Chttps%253A%252F%252Fzvonil.octo.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:55:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:55:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/ Frame 7C31 24 KB
9 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:57:13 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame D059 169 KB
59 KB 156ms
83ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
Origin: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 18:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 18:05:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/elements/html/ Frame D059 8 KB
3 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AkKbMyKG2T01LDMOcUrCI9JaawxekTd5uYsOCGuiAbiwVc22Wy_z80IExeSA7XChWyMMXUt4NWnY-4KzjoKwnk-Wjh-7yUklD_lrI9_zjwFNyKF_GWHxvDyfoKNM-uDhqrpSHD5MJ_BZOUrUszYkhFpmABiQ&dbm_d=AKAmf-CUobWKQ1_UjFoRy2jTo9RB4-IqANpOW22zqGAkI-KNNr50wMUzj2ufTL2KB_FuRNCqUyXM4hx4iD2JtgN6M8KCS0s4WqnNalS9wVJ48J-0Dv_5anTnZIcpa3y2nrW8Gj4LZyK8Xh8dvmNBFawPN-n6yClCW-bXkeYU4RJ2soEtcrU1RkEeCuKuPRLHZIS7bKL6JywfvfAHbEq3v3djEY4HPCEDi50pFCbYl3iJY5sPPR5kb3nyvVjN787YA6LegZMfzBL7hZ8g5B1vgd56R1imjnBrQW0C3UrCg9XL6kuAwzyjcedLMO4Hg5IMsRmxb1wSlpBi4E0pQvXysvgMEbqx5obI4tb_JH22voUzUlK9PKEQw9CaT8AiEPPd5Y0DZkxQsCY1MLMXLci1d1k3KgWLjPWuiDumAXzbqLGOJQea9c_l9u7EVpEdt9jvvN5k6F-FLxa4U9GYz8aanAC8YFjt2I_K6MpH0Yt0wQNmN6V82fuNiNPJzE4345spa5StYK4-qy_PY2gKFb7dOHP7TMBD7kOxhDTY6GZHKLhuRl_JG-ihjVUXDiJM540H_X0wLFMtWWrXgyFPU04mhzpWhpLbxvJpOPmSvJvkFhSljuRMOUSu0XZXEsU_vxpkfqLprW0e6LAY6di1Cbb0cS8h2pzniLOdz2eGH4-vc-4ivO7Gouj4Nvc_Vcmi__zPiT84wb0RV-YLX8SIjrrs_vJ8I5Es-kuRSm7m38swnXEfGRicEQ1B0-dhZx2rjjFGDPFUyYbv3wJ5RHNo0XdqxHkRUwkHQfAN8I6HaRW-RNRWol4VCnwyb1qLjfyHRwHHIK6sEGCkYrca2kMGCgWvkOH8_oycEyMcOcKscTYZtwdzkYf4yVvo5IoraDs_rlVhXrQe7aiuNAr6xEmUEwtCKCf9FUoeHIT6B78YUHyakR3lEphCKMfvAms7M8K-HwB0qmAN3Z_mZSA0M0xKvcEdeGdSI73C0JWWUEsWRsl0cZqWv0crM-Ub_6zkv8lnvqLPhTDK2is6mK3CFKBoZMWoSyBAWNFTHEJ8ikcYNNtkS0y-mVRKl9QuGz0BEeoHn2m5tzsnEvblwbozsdX2NfBHV2mFTaEUkSy2Nc9zyn_Osb9BvogTFcC2aCMGkK2K0z_6MQgaBXmZGzQxYVFg-zZj36iwbuihrdaUJWKthWUJXtKDYkJ7Lq9FqSkRLRPF78XTvZou2YITjwHnbTdiFzxFj68xaI9Iaa7BmHsZ-DcW68qGQX1gjN0vmsnwkLMWgGVIGOPnUJiqjHPGY8NeALPB4FHKkKtmi0CbWFYmVc80amg8wO59o_dAjA3zfqavDR-SjBUO8VSyBVOHjujqBwhhn5vkIEH24uWes1l3tI7hh3t2U7fmlnXbQ0dz51BYVzMS6J3XL0vzANO4spnqgx1BC0ApZ_rPgoMV9WnRW5PToEd76p3cYHYioTwd53_UXqdYnPKhHew4VWATRNPCDMmcfx8bfWtXBmsV7cchBxWafPGb1KNzSzC8zP0lzfYPvi90rZVSJee-kEyo7lU4sdZkjDD1cJmBS7i87N0VZ9x-vd3oBTGOdou6GD45kudQkMmHg-1pmTELX9-2j1uKWJLUqZwoDX4luPvqv9z00xqcUpfOujao3dDKJYGUg3iJy62YEcsqrubX6mkbTqV2Si33b-8xoCLxnYOMjXdxl-GQ-yhK--SgJacjhdNnIBcqW7r-CksVGJMuwqxCX_9IEga5y8psrbtuRubsuungSAzIZs5CPxps98hAnWhgEQIdIBk1tq-LST3yh2pRBwgMv2_hUA38SOiQmyf76G9d8qpB7bhv5n2qmuxpxeMGCxSn0GEYSFuifi1kjOJi5oDk71WQfsC_m0YjCkKq7yvykKHQYHSa1jTbUyVrKjWBLIOBm_XaLdJ8h447kIkH0fPpznn5vxAvafS_04t1kvh2ZFzC2RStwFiTuz-YEj4jXPGEYfERCuTqazE7N9xpLuFA8iX4nJ-zuiFZG_X562WUkZyHdzfpGIAyCj5sfbOXPd5UIiOxqlVNbNCw1AzVETFNJBTH8PThgqD3W4aYTnLYoCKMKTpRw86nf3Zq-jQ3Ses-Qe5En45KH_7iCmwxTTXABW_eGErGq61n0Qow53ckSFKDk4rfqbatp1NVOJq3V3ziRUCOu1njtI6KH9VdXhcqzydD9REyRX3AIwIv88919bJ7_fk8AD8mZrOhnf-Us6eDmtQQH1Hc66cqe1q0mzKxfFaofiQboSTvav5NCthDqFgY0OQ7iQeSgdnLvz2eDlbVcAkYRZwGMFDmgZD48lO0e3uVby05TgUtu8cHStpYjaDq636zylIztuUDt7jMa7UbJRvrAFzPHd37zsypcMgLXllvHSA7x7PnkKhAPhFvomlu0XWc7NXN1Nm7c_MUN9DS-w7IQnG1Hw5-o-pGRLhYLKFsdeNwBrQgnq7qRkMA7Jq8k8TUl-XsL3Ww91dlvd8lviRrfncdZYjLaYPUpPvcDWx_RfbLe1O4F9ncngjgtKEA95hiqnfdcdAwh7uxRRhh5fYDv_zWmGjS2NffwmjjHsOHAIuuXGu-iSZD35Oxy5FYBvaMbXRMQDpZCraf_uLB8Irtt2hmkSk4V2pQdvY-HfGM9O_6c1A4eTw_Ce-QTXkvucdjIsl9PCeP682dz13-bbGaLkn8UMJcWal0qzyihLS75EccXSWOvepHMClOymiVseyoLSE7ZBynYsAAZMPs9x5Q8db6cHRc42dbbkPXnssF4dVbV9woSbhhjDN42Yu6_l597F-daYozeQJaLubmr99pHiFiEgQYL7bDzA2xy1ZXwtFa-8q86CUfyMBlEvOqtNa78DwD9j890HA4cA83S30eQws0X_fuEts5teD7Tg4yupKabkiDiZBENmZGJmmorAKuYYMdE8NxfFm23XyQiBGMg0PEsESE6lqcwysKjAL9UXMqtyjoiXF2F7C9kKWzJuWWnWDxlBuuUNzcrsg3URGR8jU_qfJmPPkd&cid=CAASEuRo6lvpjp49P1rFD30N6GXMMQ&rfl=2%2Chttps%253A%252F%252Fzvonil.octo.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:55:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:55:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/ Frame D059 24 KB
9 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220106/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:57:13 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7C31 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 11:40:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587946
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Jan 2023 11:40:23 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D3E5 1 KB
749 B 37ms
37ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Jan 2022 13:26:12 GMT
expires: Tue, 11 Jan 2022 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 63197
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D059 41 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 11:40:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587946
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Jan 2023 11:40:23 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2E45 1 KB
749 B 37ms
36ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Jan 2022 13:26:12 GMT
expires: Tue, 11 Jan 2022 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 63197
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame D827 3 KB
2 KB 54ms
17ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3ODMyMDY3NzYyMTU1MTAyNTAvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5Q29ZUTlCUmlkdTJPdlFiM25IUlRYRS8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzI3ODMyMDY3NzYyMTU1MTAyNTAvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/MiKLAClVdNZFBOlEkZkAxY7clkA&nodeid=1608&group=cdg&auctionid=2783206776215510250&shardkey=2783206776215510250&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%26client%3Dca-pub-2979533909392588%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.211.0 /
Resource Hash: 43ca03a1ffdfb22d09475fe7147d2a2fc70d588b5b77d324d4acfd61486e157e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1641884369
Last-Modified: Tue, 11 Jan 2022 06:59:29 GMT
Server: MMBD/3.211.0
x-mm-latency: 3 (3)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x88, cdg-bidder-x136
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame D827 2 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:33:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D827 120 KB
37 KB 94ms
48ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fafe7818a41c059503c456f7c05b733a3334e9e0ed4241cc9189600b9ae687e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641817384012296"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame D827 15 KB
6 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d847a2b472bb4f98a901aecde2461eba0d47978d1ee4c0e386e3ee299e8ed96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:43:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 10427043382315408254
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:43:41 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D827 0
0 35ms
34ms Fetch
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUCgY0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTCAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjz1FYV_9XTk5DYCMZwT_Zl7IbYli1uNQ70uXRJQQaEX79oikFwivrgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMjk3OTUzMzkwOTM5MjU4OBgA&sigh=sFcEQ3JJZlU&uach_m=[UACH]&cid=CAQSPACNIrLMwHU1JoHVAcVtV28QaOSlEizzEVf5jOlq3Thgkn-tUZaqboQj3TKZknA2OmCSkpSp5Nuqogo2PBgB&tpd=AGWhJmsG4hWP1ubVDR_X2S7QF3R9uoze8Zeasdyh2j8M_sKngIPltFbggujX90C1xbwS0vzagNjjbZGLMbfZQaoxzNjh0aXFExlHUu2QCtwoaRbPWbiGBgS-rf2YXGS8DzlSMF1yVB_w56tWqrsCYK1pxBczo-AuoX6drF4ESIEWvONVSjYeZkKJTp7kBljPoiQq6_yndV9BGdEXWC5KiwHUGRX3_jbGSFzHu16pAsCtsV_AU2iGJudp60JDc6bkmBVoUPL5LutcwLR5hXpLwnzryaQGnEOVsphHKs0l25ZesfMPFRC-VE4p-4cNVa7CSwMM_FOaV-XBpVtxSYE0nxpnpCwffOYV3Jhk0iV8nJnfAgz2UulOP4VsuGU36fvIP75zj44yM7bmcLA4SkbAHBmcuK8h-DprYKmmgz1o-iG63Als3dlP7t5YqYEBTHGFNA_9aWkQEf-_Q9G9LWWf_YjZHskw7zQgqNfHDk6IdoGdgeJGGVIvPJlW2HMq5fJA1JCKWcHdJWR257dezhBjIHq46wyOEbkjt6d-LdQ_BNKWl9jmo674J-6cYEXFmE5Fk6nLrRbl36iYSYNm2BtLkLi5sp6iW7truQAv3vg6S-SL9Xx4m-sewp5WrVUR8BG7DuQVcWPohHfyunryGr3lSN-tuCmXKd8CpbzlIVKZmNB3H9oLA0sLHu_qwvCBBqS0cacNSm93ts8icWu-99TTgmrgBe4z8ESe1tqg9j-XSa_yZOhBfro4KNU0EGoGCA7NjB5sRuYTfxDRMlysL6zMEcHLGIXuCixHmsjcuLkonsEfXh0_61CEwFSdehG8jodWoprGkfXOxwrJzpH_0QwtUniRsRGy3J8ZTusTyhfzbgbacYHDCH7NkK4apAyrKEInHcc37iyf5oCgZ_bpwLplKd8nzgPY4U_GYa7EiKnv1CedKQ6Fbb3nia_W42gjE-5ZhFwzAWFecj0L6RRnLpnNvcp2uHJ543CiEd1UWLLDTsxwR1-hMq7Qtt5FGkyGFcD5vxsufW2LoHXSiaC89Rt91w04ugU3awbCRtYNrh91bc2SOo_NK8PE4fI4N1NWEcwhWrBl53S0FiVHcA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9C40 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 04 Jan 2022 11:40:23 GMT
expires: Wed, 04 Jan 2023 11:40:23 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 587946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7C31 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64df71ba4d8fb852d284618636193b8d96ddfd8002e97dd28107606bfca49d36

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DD04 22 KB
8 KB 42ms
41ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 04 Jan 2022 11:40:23 GMT
expires: Wed, 04 Jan 2023 11:40:23 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 587946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D059 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e9d2391f03ddb0fa57cc59e0b5603e05dfe68c213e6eababf3871e7bb177194

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK r0rzfbhsf7cr Show response
hal9000.redintelligence.net/zone/ Frame D827 10 KB
3 KB 48ms
12ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/r0rzfbhsf7cr?subid=&gdpr=1&gdpr_consent=li&rnd=2783206776215510250&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAWkQIFVwKNgQWEQ%26mt_aid%3D2783206776215510250%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 196f05b3bed6e20bfeba765b0eb0d46bae72ae5d59ed8646bafa6da9dc6df603

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3301
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame D827 49 B
330 B 49ms
18ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=2783206776215510250&node_id=1608&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3ODMyMDY3NzYyMTU1MTAyNTAvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5Q29ZUTlCUmlkdTJPdlFiM25IUlRYRS8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzI3ODMyMDY3NzYyMTU1MTAyNTAvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/MiKLAClVdNZFBOlEkZkAxY7clkA&nodeid=1608&group=cdg&auctionid=2783206776215510250&shardkey=2783206776215510250&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.211.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: MMBD/3.211.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x53, cdg-bidder-x136
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame D827 43 B
405 B 104ms
26ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=2783206776215510250&v3=1040879&v4=9955993&v5=9690031&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3ODMyMDY3NzYyMTU1MTAyNTAvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5Q29ZUTlCUmlkdTJPdlFiM25IUlRYRS8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzI3ODMyMDY3NzYyMTU1MTAyNTAvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/MiKLAClVdNZFBOlEkZkAxY7clkA&nodeid=1608&group=cdg&auctionid=2783206776215510250&shardkey=2783206776215510250&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4133 baa842e master cdg-pixel-x28 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: MT3 4133 baa842e master cdg-pixel-x28 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame D827 49 B
330 B 48ms
17ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=2783206776215510250&st=9955993&time=1641884369&nodeid=1608
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzI3ODMyMDY3NzYyMTU1MTAyNTAvOTY5MDAzMS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5Q29ZUTlCUmlkdTJPdlFiM25IUlRYRS8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzI3ODMyMDY3NzYyMTU1MTAyNTAvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/MiKLAClVdNZFBOlEkZkAxY7clkA&nodeid=1608&group=cdg&auctionid=2783206776215510250&shardkey=2783206776215510250&sid=9955993&cid=9690031&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.211.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: MMBD/3.211.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x91, cdg-bidder-x136
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/15239545625394544640/ Frame D14C 41 KB
10 KB 96ms
48ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f11de7751a9f9ca5e4349ba1b32ba209159b8735a96823653ae366220f3e73c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
expires: Wed, 11 Jan 2023 06:59:29 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 17 Jun 2021 15:44:01 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C31 0
571 B 177ms
87ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRNQMuMfpn88wIcAtZq6eMKM1wIEZLjXxI2qKfUzDU_h8tVmCkF_VOhkLzd5C0S1Bj77__asZ87L5sbJkHVHQTqaWR-sce3XBF2IHo3dak_mmSP-s9Kgt752x5GzI6BTLLJ-HHEIZwTNjxpsyeriitZQpZg5pTZ4ZCcgiMTOdNa7KxpiitwkitlQ_EmnOEZWYGrC74RmiIq36VmAafyZPyty6-oJrQQSLPmT4WhqEwzIq5lwo3fhQMJojvYTVE7C1WS0ao-Vi0D3ECYc2UFChv1lJhRvbYuAnE0SF_jBmXWw1AFn1aJSEc_cz0dWGFLcUHNYwoTzygee698EWpBFtalgW6kQWGz9yefkRY7_g4u7Wmsgr38lbZ74maIm-RwL8e35tFpoFEO7GI2hKpgijeXAXvmu_W32XyxFqiHLiW5MwjXBwYphIRekXRe4ou38JdZaKHGQCtgdr664UXr8Hgx3Naoo9vlb81vH3LgJY5xQOe7j2Px_IG6o7nxHbufJJrMZ-fV47lrrK70AF_peP1vERL1tB6TYTwycdHdaUVr-Kbtl9M_ZdkB2zTtmC8MU5VZnBifIssKw0Ba3lJxtfcar35VDfHzgDdobnmM3JxjTv3_u_SH0Ma3-vDUmwUQFFX-f45qRFMyCrq3zbNXfRHmD_62UkvpLFtYdr2vFVqgKByZSg9vmwleWblYmDO6a4BddkpRKVcLARkVhUSepkFrfKLhHi8OxKpt0ONVJ3teD8_J6UfdMiktDAGoPzZ0z5t2TWgDRZi7BKg5Lo6cnPe7huKhjOuvMPhg4Mzla0QkIrRdmYix5BWN5W7a2CnyiPADyIj_WO3s4xCTthCg0SoJKsoqk7eBQmp121yJJvtPAEaPoIQMV6WzOA4GQURyBeGnHlkabIdItS7QMtUy-4niR3SaRCtImC5asNVN6cT9RAwkfYiVJUwFnnSBLiOzWZesAAsMDvoBA-Aoi8EinEeEaXmSVoX4zSEe6C2jfDLM6-ez8OJSoqFziNSb9sYPgYLSMT50Dll4NBPxImecMd4VOgXlmXs1yqAJJBFpfOAIKBlmjzjaS-ftYcIAdf6zz33SCa7v8lV3RQd1W4tMICER7wac1Aakjuv_UpCQfUCxpHYUBg4TlWungSodim10rbd0pFk4yTdZRVLTqtyloPdhtxNnXkj4t1hXxkJq2eagMsSMTtLiQ&sai=AMfl-YTnbulyCxhFKDCHTQI32uGJiULMTmmRUpS723CEpqIUG6E8UqB9-kiR5hHaEVKnrti8_zZ0e-MEroAess_PIiKhxRb7uG5JyTskjej86f35yTsqaMqPXiQRJPZWxMvuSu3ehwxbjzNFWQzaYbBQBaO-jxZ6sQ&sig=Cg0ArKJSzHiLxe4S2QdfEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=323&cbvp=1&cstd=314&cisv=r20220106.94772&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/351369470800822272/ Frame 0E60 43 KB
10 KB 80ms
51ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91cb10817eaea10d296e4c3e50982dbf69f460a6a5e0e80b39b83723c34b9d30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
expires: Wed, 11 Jan 2023 06:59:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 10 Jan 2022 08:56:37 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D059 0
61 B 161ms
88ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstbMpk3tqgh-R_baI6weHtgXMTtU3Lndo9UKcTjvgK3u3oufdfoxb9ZcqwH0uP5vd6m5gVM6fkoNLkscqRm_ZD-JAFbMVWfUnTW66muuyBiM-NKpWd-1yez43JJMoSn7lDy0JV33gCTge55ZaE98scD_kheWNoRftf0Gptr1yVxxohtgejTkTTNN9mP5CSp-qLH5DsTK3-W_IwvRnSW2nkDjgvw_DkBsrvKa97TB7vAw8xsW6HRspFfNuQBYH4d_asS8O-7AI0xnB6qIV6l_8n8p0ukhjJTpiDsEg8NPMkaYaznJHvxOwg2zPIKDF99BkXu-BfTSKGMamrymzPgPIKaGzAJGq6zkep9uimlgmUcwXMg8EJ5-thXhPFzGioueuo7Ku-7xJoHSNWOVVRrSQJP6hveapNPXQWxZws4QrsNrgo3xMxv7zlv0Vd9Oqop39JrUPNNPuXnUXaJy541SwjKurTdje_GsLbAbKhCUsLfWXgKuUmwGaiUM9vi7Yx88U75wp5YuCtnUKPzzyWEmFSjNM3PYe-lTRDPgqaRhzhT7Na5ducxnnxho_yVHZFujNDkK6xpsdfkUAvbMGvb_MC_Lu6dpgRLATinUTagiWQuQGNRfnGh3msh0MlhwkRU48o9LuQCt5gk-omwcRotJb9gHCTTuYzNcFpgjqquEly5gQ6hCGSCjFpV3T29GlbOKL0ZLENmJF9hsbCFcf2a1GwZHiLmu6fa_2QuZQMpr8CPFOJr9RYqd4wUUd9VtUPR11KhKV-FhnlLL30JPHwDW1TdYAy6sMGV5SqJNHgiy12OBVY3t-3vUxSw4bODJawLkebzrdRXtR9uLsWN7SYt6SsO5NQt_kHt9bUkd7PdUbJrJTs0GnCXNNAXuI2b4CG2chnAMuwzuKWnAgtcNNflolDrIV0wRCR2ZuScpRHWjE2VvHuSPmk2mMT53BHS_hd44WzpGw6909SnM7tcg8GgLV6jlQb0QQAxizucss0_W7oj2gbMmnIUl4yQGOasuxwi7HcXEEB9Lztfm7P3Cc3biox8oUiXXsYY-FZPURNahEHNNtT8OEOh7YTh1iRfqbB8M7lor0-VFQKilAk0FsGvb0joZfAvkyDDMp3fJRGHs3Zf3SneOmLNalvlTi1ZmwQSyzv5kn1C1PzkcnnOxEqDsI_-RfWCQZ0M_eij&sai=AMfl-YT3KVSy0IAHPdxrfNH4sBVESsa18hocGvjnsjCc8ZZ5_TVXVs2FVsAt9O5k_VfAAMHFY-RYfIXKlLauWy5WOq6nKT__vT--tQ-qLDBk6dm739caozRRsRiTHYeR-eIBqz2mbNa0dVVM7sKLK2Ej8a0Drf8vfA&sig=Cg0ArKJSzFiFFgSfF8aCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=325&cbvp=1&cstd=319&cisv=r20220106.50811&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame DF25 2 KB
1 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:33:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DF25 120 KB
37 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fafe7818a41c059503c456f7c05b733a3334e9e0ed4241cc9189600b9ae687e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641817384012296"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame DF25 15 KB
6 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d847a2b472bb4f98a901aecde2461eba0d47978d1ee4c0e386e3ee299e8ed96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:43:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 10427043382315408254
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:43:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DF25 0
0 46ms
46ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTJOd0RBAa4UyCZS6pyDh8wfVKXDEVQ6JnAG02yqYJYUclJa4nYaT55hxPHyy4bqHy8UdKu3bYWLoOS1bFfiO8bfDbYIg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 dpixel
cms.quantserve.com/ Frame D3E5 35 B
464 B 32ms
10ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECaPKZUuS45pkOFOZ5gUs-U&google_cver=1&google_push=AYg5qPKTzf8cHJdAI4PStZvpot6n7FM5rs9CT2TBxwjIHn1Dz1V859WMBP7FjGghrRCRW6gsPDwafEft0Rks6gwzQGeDCuq_dLF_FQ

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame D3E5 42 B
308 B 65ms
20ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPL-51o3eRDVVh-34Q1Y-zS2S0c5BQl-CB79Aoy0tyPswK4cAkx3JuzPPP_gMrQYT3IlOmsSGKQrUZhA6Ir0UFBbz5x7x55VqQ&google_gid=CAESEHHCVUP-Cn-Daj5WoNi7MO8&google_cver=1
Requested by: Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame D3E5 43 B
324 B 64ms
20ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESECeplvTEb_UR7zaQQU6XEoQ&google_push=AYg5qPK1wI-3IcA7Pdc2KoqsgIAEnYhVPbOKbp0IRGQ52Rhfa0X70SfYhi_1jW6Duc9ycpGppps2d0dUEljeZoRSOuG-9Dp8NnTL5w&google_cver=1
Requested by: Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame D3E5 43 B
350 B 65ms
21ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIJMwNXiuG9xhPH7-8Ofc3c&google_cver=1&google_push=AYg5qPKowH4eGQTexSVdVy1O5X6R6YAhOECqStXByOdT6d3aVKz17AIFyUmfbmIhAZE6EC7WgHPVsCS58subTVM3RSoxHaWRtLVi7Q
Requested by: Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: t6icd5skcus8vvt0teithsrqj0ufpb2m

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3E5
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJUGgRwf1EcRPuNjXb0gmcMFQRg9zS95PNhAspOeWfePL1riiqPE5FxedsQjKWbAKAOrKx_Jzi6fymjCdYT9X5_sL48V8jMTw

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJUGgRwf1EcRPuNjXb0gmcMFQRg9zS95PNhAspOeWfePL1riiqPE5FxedsQjKWbAKAOrKx_Jzi6fymjCdYT9X5_sL48V8jMTw
date: Tue, 11 Jan 2022 06:59:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3E5
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEELGsB6d9lYwE3uVBXZoUl4&google_cver=1&google_push=AYg5qPJFRHCsuSvFO-u2Sw07g6EKHKYieYaIfoooEKQNwSHzN-FJdN9kX4JIjam8x2aqjBEUklo...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3TUwtMUYtM0JMWg==&google_push=AYg5qPJFRHCsuSvFO-u2Sw07g6EKHKYieYaIfoooEKQNwSHzN-FJdN9kX4JIjam8x2aqjBEUkloI252zd9fc6MVQKSCGxnTyIN5wKQ

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3TUwtMUYtM0JMWg==&google_push=AYg5qPJFRHCsuSvFO-u2Sw07g6EKHKYieYaIfoooEKQNwSHzN-FJdN9kX4JIjam8x2aqjBEUkloI252zd9fc6MVQKSCGxnTyIN5wKQ

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3TUwtMUYtM0JMWg==&google_push=AYg5qPJFRHCsuSvFO-u2Sw07g6EKHKYieYaIfoooEKQNwSHzN-FJdN9kX4JIjam8x2aqjBEUkloI252zd9fc6MVQKSCGxnTyIN5wKQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame D3E5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPKXPwqE2Qzv5nWj4grc1EtfEBMGtMTmc...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D3E5 0
12 B 48ms
48ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LQO00G8SMQ2W3e4Zxw7vlMJD2m9vMxjy9dSvKUYw0SLcG2lkidAHYHzcIvLGrrpliLonIF

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DF25 0
0 39ms
38ms Fetch
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cr25y0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwAFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYDp4qUs5Uld6DObKRgJM4DIC1fb3otoj4_PPtiLwfYIy-mYOmgue-ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yOTc5NTMzOTA5MzkyNTg4GAA&sigh=y7_us7bXUfQ&uach_m=[UACH]&cid=CAQSPACNIrLM0lqt1tVUZEwMMIpS1yVdHmcyTJVduZnsCHkKJ1BN53ZQtXT8HOF21CJIcUMDlQUimRL_o0y3ZhgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame DF25 0
0 74ms
21ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hbmfg76041czstbd761t034tfgn2w5mxm0a2mt13kc290jvyvq61pkd53a2twanktpn04vdbmyf08dh9k33y8fa4pbce9pz9a3dafrnnwk3t3p5tvsacb0ta6xcpes69kdezfaggyep4418102vh5py5jq21nh36ncmvyv3206p3yxtb0k5p5247b0t5cffd66h5jbv3wdzfzs4smr8jn72aynzhpr5s402k0wwwetexpkeyczr8jeqypty6pw9r8m33hpaj5ajs6wcnb32g91ye50pmrmmargyxnmkr88sdjp136zry07ds0hbg150kkddd5ywvf3jj3179wsdccmy9x88r83bqt7qhk8fp9m1e9vkshhx4mm7j8by407mswhnpq3jqge4v09exmvs6btt31b9m&b=Yd0q0AAO71kKm5MEAAlXD5TzsTzVSITUBso1qQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame CBAC 2 KB
3 KB 107ms
43ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1ha9kz5cj81xhcqbnnkrte7rte65txzzfa2s5a9a72fvr9v7xb8zar5p7ghya3w0xttpe5v78w71vmnzh1vak9jwvk2ryrayk5zd06caxjeh6mg2xv5s1cx3xqcawmj4k6hbad9cedzt6fq8byg6y46pcendtwav9j1ngmc3nyvdgsgraqp2jbdeypvjwhshw5qgy2e22g8ch1z9m0t48byq8f6s4cb6xy2jmzzcn054bf7phf1n2t6bgy8dj19j4ph3p8t3v99tr28ejbfh8b1y3x9g2x3e32b50waxcqcm99gqjxp1qf96v7abr05a81k57ndyz1fna5zncgp107jesyqcjesjrc5k2etkn4fvyamhpd0s6qkjf7t93k472xr6ygnpsqcmtgrsfv3q25185ew0bd8ed48g3k6pz4ts3sky7re0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%26client%3Dca-pub-2979533909392588%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e361a6f557994aee0438210d84c6238594ecf9b2f10f85d6d8d84e9be85056f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6cbc433e193e7735-LHR
content-encoding: br

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7D8D 1 KB
749 B 37ms
36ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Jan 2022 13:26:12 GMT
expires: Tue, 11 Jan 2022 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 63197
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request.php Show response
hal900019.redintelligence.net/ Frame D827 613 B
774 B 94ms
57ms Script
application/x-javascript 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=r0rzfbhsf7cr&nw=20&renderingType=javascript&namespace=fc9c6f1ca2&subid=&uid=f84a6dbe88b9785d&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAWkQIFVwKNgQWEQ%26mt_aid%3D2783206776215510250%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2979533909392588%26output%3Dhtml%26h%3D250%26slotname%3D0787847652%26adk%3D665242438%26adf%3D3866777003%26pi%3Dt.ma~as.0787847652%26w%3D300%26lmt%3D1641884368%26psa%3D0%26format%3D300x250%26url%3Dhttps%253A%252F%252Fzvonil.octo.net%252F%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1641884365250%26bpp%3D1%26bdt%3D310%26idt%3D3004%26shv%3Dr20220106%26mjsv%3Dm202201040101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db54d1331c0b56cc1%253AT%253D1641884367%253AS%253DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw%26prev_fmts%3D728x90%252C728x90%26correlator%3D4170688867500%26frm%3D20%26pv%3D1%26ga_vid%3D379789922.1641884365%26ga_sid%3D1641884365%26ga_hid%3D105186510%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1039%26ady%3D1319%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062930%26oid%3D2%26pvsid%3D217545841997741%26pem%3D685%26tmod%3D148%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeopEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26xpc%3D8s90hTu8bK%26p%3Dhttps%253A%2F%2Fzvonil.octo.net%26dtd%3D3007&ancestorOrigins=null&random=4053532993652&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/r0rzfbhsf7cr?subid=&gdpr=1&gdpr_consent=li&rnd=2783206776215510250&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAWkQIFVwKNgQWEQ%26mt_aid%3D2783206776215510250%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: b44e9900cf52701be36982b758a44f66823a498de4ca8470eafac6135630be10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 13370200046975403891610011836019
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 331
Expires: Tue, 11 Jan 2022 06:59:29 +0100

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2E45 35 B
462 B 11ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECaPKZUuS45pkOFOZ5gUs-U&google_cver=1&google_push=AYg5qPIIxcH9lqbspJcOglz4Gjb-rKBhjnrwwEJBukV84RL2nw3jumJVRBCQZrabs8RydTkH2XrBE4H3c_LrSh0XJDhjXIRC2ZWoDw

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E45
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPL9rY3U...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPL9rY3U...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTEwNjU5MjkwMDA0NjA0MDk1NDgyMA%3D%3D&google_push=AYg5qPL9rY3UJQdhp7S_H8jfcTxywIOp5PKZQHYOKDT805Kb4l2zvDxGQrXawZAHaVZJTE...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTEwNjU5MjkwMDA0NjA0MDk1NDgyMA%3D%3D&google_push=AYg5qPL9rY3UJQdhp7S_H8jfcTxywIOp5PKZQHYOKDT805Kb4l2zvDxGQrXawZAHaVZJTElPtxkGJUTRW95I06Lq5lL_xbdbgfy4BQ

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAxMTEwNjU5MjkwMDA0NjA0MDk1NDgyMA%3D%3D&google_push=AYg5qPL9rY3UJQdhp7S_H8jfcTxywIOp5PKZQHYOKDT805Kb4l2zvDxGQrXawZAHaVZJTElPtxkGJUTRW95I06Lq5lL_xbdbgfy4BQ
pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 2E45 43 B
106 B 38ms
20ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESECeplvTEb_UR7zaQQU6XEoQ&google_push=AYg5qPKdrQSkfdcO36qQs99J04rVwvmYi4cZ_Xc-Cpta07q_2JBAhZ_-HYOH8r6eJoemzso7g1pszAXslE2mbiZGyvUXSBRit97ysQ&google_cver=1
Requested by: Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 2E45 43 B
135 B 39ms
22ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIJMwNXiuG9xhPH7-8Ofc3c&google_cver=1&google_push=AYg5qPI9LgZLCa8o_u0uoFmjS6jj0jVlCsO6YYLefHNnB1owGggvwZ5MVlioyWLjoblNXuiKgV-5yFv--UQqqozGQqJWR0vUfA4a8A
Requested by: Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:28 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 5gvniphs2kdudgelr00dq3ufq5vep3o6

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E45
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEELGsB6d9lYwE3uVBXZoUl4&google_cver=1&google_push=AYg5qPLhqur704IBoREQVUabsLF93IluGjmEKM4ZTS0jbjMizRoQ2XYDiLJ_8SQvNM0CwYgLJjC...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3TjItMTAtQllCVQ==&google_push=AYg5qPLhqur704IBoREQVUabsLF93IluGjmEKM4ZTS0jbjMizRoQ2XYDiLJ_8SQvNM0CwYgLJjCEZRea0lMiYnWZ8yQv6lp7Is3-

170 B
188 B

51ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3TjItMTAtQllCVQ==&google_push=AYg5qPLhqur704IBoREQVUabsLF93IluGjmEKM4ZTS0jbjMizRoQ2XYDiLJ_8SQvNM0CwYgLJjCEZRea0lMiYnWZ8yQv6lp7Is3-

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3TjItMTAtQllCVQ==&google_push=AYg5qPLhqur704IBoREQVUabsLF93IluGjmEKM4ZTS0jbjMizRoQ2XYDiLJ_8SQvNM0CwYgLJjCEZRea0lMiYnWZ8yQv6lp7Is3-
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 2E45
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPLN_rjuW-h4CkDobNbkpIUYy0hfO45ZI...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E45
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFzYvkBiig4zXzlneZve1DM&google_cver=1&google_push=AYg5qPL5bz5z_w-rDxhOCTJv...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5bz5z_w-rDxhOCTJvsj3F1_wu1H4_tQWsmmv0Pc7Mgj-qPmbluQHxIio463hCDVeyT56xgDX7xFnCvhThAum5syxV0krTnTo&google_hm=

170 B
188 B

48ms
47ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5bz5z_w-rDxhOCTJvsj3F1_wu1H4_tQWsmmv0Pc7Mgj-qPmbluQHxIio463hCDVeyT56xgDX7xFnCvhThAum5syxV0krTnTo&google_hm=

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5bz5z_w-rDxhOCTJvsj3F1_wu1H4_tQWsmmv0Pc7Mgj-qPmbluQHxIio463hCDVeyT56xgDX7xFnCvhThAum5syxV0krTnTo&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 10 Jan 2022 06:59:29 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2E45 0
12 B 49ms
47ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I1qDlMJ9hDxX-jy41ArEtO4KgPu-2B5mB5hGnwVK1qm49Ie10I2qodGj1-wtIuUVi9lllsDQ

Requested by

Host: 6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com
URL: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame F684 2 KB
2 KB 19ms
17ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM5MzYxMjgyODA4MjIzNTcxNDMvOTY5MDAzNS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5QXhScWdDVDJaY2VYVUNpMnI1RTdaOC8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM5MzYxMjgyODA4MjIzNTcxNDMvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/hx56BLy3E6s80dGgXVE2X_LgiE8&nodeid=1608&group=cdg&auctionid=3936128280822357143&shardkey=3936128280822357143&sid=9955993&cid=9690035&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.60&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%26client%3Dca-pub-2979533909392588%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.211.0 /
Resource Hash: ac630b4a07161a5c26624cbd04f9c162510863fd5dd298142a9049d6ed28b1ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1641884369
Last-Modified: Tue, 11 Jan 2022 06:59:29 GMT
Server: MMBD/3.211.0
x-mm-latency: 1 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x100, cdg-bidder-x136
Connection: close
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame F684 2 KB
1 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:33:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F684 120 KB
37 KB 60ms
57ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fafe7818a41c059503c456f7c05b733a3334e9e0ed4241cc9189600b9ae687e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641817384012296"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/ Frame F684 15 KB
6 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220106/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d847a2b472bb4f98a901aecde2461eba0d47978d1ee4c0e386e3ee299e8ed96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:43:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 10427043382315408254
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jan 2022 06:43:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F684 0
0 48ms
44ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT6knfhWQn47RlJcOlouVihGCGAlJmyvQgevXMPZAH5KikPl4xGa4wxOwNjLMw-I9Rymm_JqMHyZ3zDMrxzg0WlpnOUFg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F684 0
0 39ms
35ms Fetch
text/html 2a00:1450:400e:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUQJu0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBLsBT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBohCvuGTVieT4_5GjEkCEX6d6A1sVKGR7UVxnBUcn6IbDDSPG41Ee4AG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTI5Nzk1MzM5MDkzOTI1ODgYAA&sigh=vyACH-LVI_w&uach_m=[UACH]&cid=CAQSPACNIrLMBgvtMIkZy1IESQs2cJu21uzAC2W0aOF6lu5AQ90Dv6qTnxvwejAIrbQrq3TKL3Hu-BiI99TlPBgB&tpd=AGWhJmt9Nm4IkjJFa1ocLkTt9hAsdLrAsUwKsu3Jq-vpI650oE3r2SyX3wujnCXBKImn2PtEZAVIgWBemJc6CozR9xA_wRM8-veyRgj907-gE3wXbHmjYUNgm5swd4534dHpnj3z8xQqyUWGM8kf8YAIdOm6GlmFP9s2Zhqu3bv87xOcjFRTXg-ZNT1Bs5gBTFe3QOxFyiXao7PAwLx4c5jhiV0Aq5YzpCtgEPLnz41JE8Sc2YMzq0UR-YbFFS3b1lt5PakrJXaiiIkS1SPyyF7Jm0Z-hvu1iZlDyzfoHwecKOJq6LP04fB5e6SePhoDHyfWzWFgzaQg-UO7cfa_vumjNib_7o5v3ffMcE-jE5zU2T1ylEZqXZ6YP4bSTU8ZzdPlJnaOPsdQsskP5B3wedJ9zzKBD9S-wQrhB9pdKEKBsZq1TyW_PeC8HW-nDcT7BYS_4656Z0WPbVv2oV6DRpe-Nf-xsTwjX8bW-GrsYhT34HDq1XVBkEHVe_3tltPrtbM_tx64VtOSWp3V5i1l6VAzWmjmRcxR8ElqpaS9GbjI4OOCPQly2cxNTRpMrbWBsPYA3GxvvKTMuJ3qq-GRkhG8ScQzpmojfFRKugtx_jzG0HDeYY2ZH8ICzsJXIThoj5PbLTyWe0g_dZOKP3WmuuPoEQPw5IJV0K_tlydYkVEaqVC_WXiUIK31oNKNm41dYas4d2dHsN2b4x6QrNkBAsKd4yuUMVLjNiD864QMUq86XSEAECDNlTySPRDVNgsf3VezXspe1fSdaUKsnBvVyZEOysurasAu4W3yjtRGWJqKxnugjIriR1AeVOlFm190xy8dqYl_SLA6U-cJ7bcco4xIqE4aPWXvnz_aef3Qwn7Dl-q_WJqTIk_i7chLrTo4_WdcERNQZBkSOr4qI1kYnrOXf_-oRMsVNuP37C_Kt3fEV3oI91sS_-wlTaI4gsdUXsDOceyjyMoTKOnx5aN_ofQJ0XPxk7xgZ8YlM4Hqpub7DoYVFRI1IjoNeC72yfzmcZuzC4ES-fN-p2S3ZfbR4ntW9E6lGcD4JqqMbhDv0-qRt8hDZKsFrtcYVNgGfii_hnuEMjsvWgbP

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C40 35 KB
13 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 19:20:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41944
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 19:20:25 GMT

GET
H3 200 94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js Show response
pagead2.googlesyndication.com/bg/ Frame DD04 35 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 19:20:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41944
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 19:20:25 GMT

GET
DATA 200
OK truncated
/ Frame DF25 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddba42567c513a43ec13bc005ace9e23a0d8f8db7a115037482687c57fdcf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK 1c1wx3ge11rm Show response
hal9000.redintelligence.net/zone/ Frame F684 10 KB
3 KB 43ms
12ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/1c1wx3ge11rm?subid=&gdpr=1&gdpr_consent=li&rnd=3936128280822357143&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAP7oKe6DIiwTUoQ%26mt_aid%3D3936128280822357143%26mt_id%3D9690035%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 317f874ff3f4ded1e4be22868f657ca20cc383e2a732cea68d324d1ce689a3fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3292
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame F684 43 B
404 B 28ms
28ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=3936128280822357143&v3=1040879&v4=9955993&v5=9690035&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM5MzYxMjgyODA4MjIzNTcxNDMvOTY5MDAzNS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5QXhScWdDVDJaY2VYVUNpMnI1RTdaOC8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM5MzYxMjgyODA4MjIzNTcxNDMvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/hx56BLy3E6s80dGgXVE2X_LgiE8&nodeid=1608&group=cdg&auctionid=3936128280822357143&shardkey=3936128280822357143&sid=9955993&cid=9690035&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.60&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4133 baa842e master cdg-pixel-x4 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: MT3 4133 baa842e master cdg-pixel-x4 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame F684 49 B
330 B 20ms
19ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=3936128280822357143&st=9955993&time=1641884369&nodeid=1608
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM5MzYxMjgyODA4MjIzNTcxNDMvOTY5MDAzNS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5QXhScWdDVDJaY2VYVUNpMnI1RTdaOC8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM5MzYxMjgyODA4MjIzNTcxNDMvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/hx56BLy3E6s80dGgXVE2X_LgiE8&nodeid=1608&group=cdg&auctionid=3936128280822357143&shardkey=3936128280822357143&sid=9955993&cid=9690035&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.60&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.211.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: MMBD/3.211.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x93, cdg-bidder-x136
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H/1.1 200
OK js Show response
sync.mathtag.com/sync/ Frame F684 1 KB
1 KB 66ms
16ms Script
text/javascript 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRCaU4yVmtOV1V0WldRMll5MDVNbVkxTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM5MzYxMjgyODA4MjIzNTcxNDMvOTY5MDAzNS85OTU1OTkzLzQvWmRkM1h2Nkpnc0QyYXhNbGpOWUx5QXhScWdDVDJaY2VYVUNpMnI1RTdaOC8xLzQvMC8wLzE3MzQ5NDUvMC8yMTU1NDMvMTA0MDg3OS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM5MzYxMjgyODA4MjIzNTcxNDMvYW1zLzAvODYxMi85OS85OTkvMjU4LzJhMDM6MWIyMDo2OjovMC4wMDAvMTY0MTg4NDM2OS8xNjQxODk2OTY5LzQvcHViLTI5Nzk1MzM5MDkzOTI1ODgv/hx56BLy3E6s80dGgXVE2X_LgiE8&nodeid=1608&group=cdg&auctionid=3936128280822357143&shardkey=3936128280822357143&sid=9955993&cid=9690035&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.60&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 4133 baa842e master cdg-pixel-x12 config:1.0.0 /
Resource Hash: b780b0110cc1100605b68bff797016bceed98b2693ff09ad4677483a3cae610b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
Server: MT3 4133 baa842e master cdg-pixel-x12 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Type: text/javascript
Expires: Tue, 11 Jan 2022 06:59:28 GMT

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame D14C 110 KB
38 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 18:05:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46424
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 18:05:45 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D14C 60 KB
24 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0E60 118 KB
40 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 20:53:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36369
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 20:53:20 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 0E60 60 KB
24 KB 98ms
88ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame E0B6 7 KB
3 KB 34ms
12ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=13370200046975403891610011836019&a=f2ac2125
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=r0rzfbhsf7cr&nw=20&renderingType=javascript&namespace=fc9c6f1ca2&subid=&uid=f84a6dbe88b9785d&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAWkQIFVwKNgQWEQ%26mt_aid%3D2783206776215510250%26mt_id%3D9690031%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCxWmE0CrdYbTaOqq3x_AP-sKeiAfPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0yOTc5NTMzOTA5MzkyNTg4yAEJqAMBqgTFAU_QstZzvLMJRMV4jRoyJ7bePTOcFjiNtgvTIvLz2Duq0VjeHhyRfW9yq1L64gLP0h4D1AUzQYI_gXLxZHMYwjbf5wXooyCxeTS6hAfzNLBy4mw09pAuLdkg4n_DRuC6Cr9m64n6vKmhXo6webe7cNszkVUnJG3HvKlYapw4gP5rEFDZZWojrUUDr3Zn_sGuXGeTT1OA87HNAoIjzxNadm378upE7YdRaueZOEIGdlIJsvojM1gRZavgsGDRuoecfixmO9LwgAaOs4bFx_6p8qoBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2qt7WPWhNPcyGEjZFzJD54DBXrFQ%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2979533909392588%26output%3Dhtml%26h%3D250%26slotname%3D0787847652%26adk%3D665242438%26adf%3D3866777003%26pi%3Dt.ma~as.0787847652%26w%3D300%26lmt%3D1641884368%26psa%3D0%26format%3D300x250%26url%3Dhttps%253A%252F%252Fzvonil.octo.net%252F%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1641884365250%26bpp%3D1%26bdt%3D310%26idt%3D3004%26shv%3Dr20220106%26mjsv%3Dm202201040101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db54d1331c0b56cc1%253AT%253D1641884367%253AS%253DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw%26prev_fmts%3D728x90%252C728x90%26correlator%3D4170688867500%26frm%3D20%26pv%3D1%26ga_vid%3D379789922.1641884365%26ga_sid%3D1641884365%26ga_hid%3D105186510%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1039%26ady%3D1319%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062930%26oid%3D2%26pvsid%3D217545841997741%26pem%3D685%26tmod%3D148%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeopEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26xpc%3D8s90hTu8bK%26p%3Dhttps%253A%2F%2Fzvonil.octo.net%26dtd%3D3007&ancestorOrigins=null&random=4053532993652&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 3a0ad3d16d46a51005ce449ecaf2bc99ac2193da9ffd2808a1de1fd3d39efff8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 2022 06:59:29 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2317
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK request.php Show response
hal900017.redintelligence.net/ Frame F684 611 B
775 B 99ms
67ms Script
application/x-javascript 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request.php?zone=1c1wx3ge11rm&nw=20&renderingType=javascript&namespace=b90e6deb09&subid=&uid=e9e54d531e45fcdf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAP7oKe6DIiwTUoQ%26mt_aid%3D3936128280822357143%26mt_id%3D9690035%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2979533909392588%26output%3Dhtml%26h%3D90%26slotname%3D4170394609%26adk%3D2715274491%26adf%3D2671285577%26pi%3Dt.ma~as.4170394609%26w%3D728%26lmt%3D1641884368%26psa%3D0%26format%3D728x90%26url%3Dhttps%253A%252F%252Fzvonil.octo.net%252F%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1641884365244%26bpp%3D5%26bdt%3D304%26idt%3D2981%26shv%3Dr20220106%26mjsv%3Dm202201040101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db54d1331c0b56cc1%253AT%253D1641884367%253AS%253DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw%26correlator%3D4170688867500%26frm%3D20%26pv%3D2%26ga_vid%3D379789922.1641884365%26ga_sid%3D1641884365%26ga_hid%3D105186510%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D277%26ady%3D477%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062930%26oid%3D2%26pvsid%3D217545841997741%26pem%3D685%26tmod%3D148%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoepE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DeSBoYcdoIG%26p%3Dhttps%253A%2F%2Fzvonil.octo.net%26dtd%3D2996&ancestorOrigins=null&random=3384329650896&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/1c1wx3ge11rm?subid=&gdpr=1&gdpr_consent=li&rnd=3936128280822357143&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAP7oKe6DIiwTUoQ%26mt_aid%3D3936128280822357143%26mt_id%3D9690035%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: ae71daffb9b81a5a602f570e92e4792b4b51ff810f92c755ae8440950275ea94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 90674000051661303891606011836017
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 332
Expires: Tue, 11 Jan 2022 06:59:29 +0100

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 27C1 1 KB
749 B 37ms
37ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Jan 2022 13:26:12 GMT
expires: Tue, 11 Jan 2022 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 63197
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D827 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2e5e3da88de508f0b5fc4e0a7f4e0a0db91cc1e8d39d6007163fef2018f7def

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7D8D
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECaPKZUuS45pkOFOZ5gUs-U&google_cver=1&google_push=AYg5qPIK_iMmGyMh-RIotYqNwCVf9J51fK_XTz6HFXFAGHNacX9CA25_lu...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIK_iMmGyMh-RIotYqNwCVf9J51fK_XTz6HFXFAGHNacX9CA25_luCq_e6LBFRPz5QzC0W8CORp6HzWSoOrcA3iQC0bf7k&google_hm=LgIaUnC...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIK_iMmGyMh-RIotYqNwCVf9J51fK_XTz6HFXFAGHNacX9CA25_luCq_e6LBFRPz5QzC0W8CORp6HzWSoOrcA3iQC0bf7k&google_hm=LgIaUnC7UhqLxj4ryFu6wg

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIK_iMmGyMh-RIotYqNwCVf9J51fK_XTz6HFXFAGHNacX9CA25_luCq_e6LBFRPz5QzC0W8CORp6HzWSoOrcA3iQC0bf7k&google_hm=LgIaUnC7UhqLxj4ryFu6wg
pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 7D8D 42 B
178 B 22ms
20ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPI5Skv8hGv5h3iROmlcT5e-XY7vvoC2kL7OjRQxA15a3OQGenO_3al4iwe-Ju4GfogG0POn-qAFAk08Bv1y8GNDYuIuCm0&google_gid=CAESEHHCVUP-Cn-Daj5WoNi7MO8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3 200 dds
rtb.openx.net/sync/ Frame 7D8D 43 B
64 B 39ms
22ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIJMwNXiuG9xhPH7-8Ofc3c&google_cver=1&google_push=AYg5qPK768kkoZPOBM9uYS9GuQH3iW8jtpEFAUWlX6IhfQGIHw80Q-_c93yUXsgRAEyI-XtVZeMwoLEFc23n7emhLI23T8qNVQc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=7096521402&adk=2342716466&adf=3252783458&pi=t.ma~as.7096521402&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365249&bpp=1&bdt=308&idt=2999&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=1133&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=HcMOj8C7Zh&p=https%3A//zvonil.octo.net&dtd=3002
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: rksi9h0c6jrl76caa93r1kh09or68l11

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7D8D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKENvzcHGDGo2bDJ-BnFidpcwnMd0a_kTStmp9kYZ2Wrd07AYGJSm3rHbE7tOd6bXPncrqz2ru-41ineC1gWa1pgha9eg

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKENvzcHGDGo2bDJ-BnFidpcwnMd0a_kTStmp9kYZ2Wrd07AYGJSm3rHbE7tOd6bXPncrqz2ru-41ineC1gWa1pgha9eg
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7D8D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEELGsB6d9lYwE3uVBXZoUl4&google_cver=1&google_push=AYg5qPJoTK7E7nx18pGYPMXjrry5TP25BlnqU-XcCAoNP-VsUKNoOdrHSisGk9VLii4ZSdiI4lL...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3VEgtMU8tNVU5Mg==&google_push=AYg5qPJoTK7E7nx18pGYPMXjrry5TP25BlnqU-XcCAoNP-VsUKNoOdrHSisGk9VLii4ZSdiI4lLwVrD6hhuPqRnjTsoKNH6ny10

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3VEgtMU8tNVU5Mg==&google_push=AYg5qPJoTK7E7nx18pGYPMXjrry5TP25BlnqU-XcCAoNP-VsUKNoOdrHSisGk9VLii4ZSdiI4lLwVrD6hhuPqRnjTsoKNH6ny10

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3VEgtMU8tNVU5Mg==&google_push=AYg5qPJoTK7E7nx18pGYPMXjrry5TP25BlnqU-XcCAoNP-VsUKNoOdrHSisGk9VLii4ZSdiI4lLwVrD6hhuPqRnjTsoKNH6ny10
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7D8D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_cver=1&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_push=AYg5qPJVj8-wGKI2JDZUmdfAb98X-F8rYgvsa...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7D8D
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFzYvkBiig4zXzlneZve1DM&google_cver=1&google_push=AYg5qPLRUKVer8fhGQQck1xH...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLRUKVer8fhGQQck1xH_2LU2G3_OfNyuwXqbQcW5Cp2TpxyxN9xwX47JZTxQzFVGQgpPZP8eNZpCkz-1RhgXG0Y5WxkQH_a&google_hm=

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLRUKVer8fhGQQck1xH_2LU2G3_OfNyuwXqbQcW5Cp2TpxyxN9xwX47JZTxQzFVGQgpPZP8eNZpCkz-1RhgXG0Y5WxkQH_a&google_hm=

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLRUKVer8fhGQQck1xH_2LU2G3_OfNyuwXqbQcW5Cp2TpxyxN9xwX47JZTxQzFVGQgpPZP8eNZpCkz-1RhgXG0Y5WxkQH_a&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 10 Jan 2022 06:59:29 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7D8D 0
12 B 48ms
46ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I_Foy6HUsgzn6U2hj70uJajmKxWDWYCGGsxChCYS5_kgw6rS_xgVaRkmZBvFV8UZwYDgp2WA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame CBAC 81 KB
11 KB 48ms
27ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1ha9kz5cj81xhcqbnnkrte7rte65txzzfa2s5a9a72fvr9v7xb8zar5p7ghya3w0xttpe5v78w71vmnzh1vak9jwvk2ryrayk5zd06caxjeh6mg2xv5s1cx3xqcawmj4k6hbad9cedzt6fq8byg6y46pcendtwav9j1ngmc3nyvdgsgraqp2jbdeypvjwhshw5qgy2e22g8ch1z9m0t48byq8f6s4cb6xy2jmzzcn054bf7phf1n2t6bgy8dj19j4ph3p8t3v99tr28ejbfh8b1y3x9g2x3e32b50waxcqcm99gqjxp1qf96v7abr05a81k57ndyz1fna5zncgp107jesyqcjesjrc5k2etkn4fvyamhpd0s6qkjf7t93k472xr6ygnpsqcmtgrsfv3q25185ew0bd8ed48g3k6pz4ts3sky7re0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%26client%3Dca-pub-2979533909392588%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1ha9kz5cj81xhcqbnnkrte7rte65txzzfa2s5a9a72fvr9v7xb8zar5p7ghya3w0xttpe5v78w71vmnzh1vak9jwvk2ryrayk5zd06caxjeh6mg2xv5s1cx3xqcawmj4k6hbad9cedzt6fq8byg6y46pcendtwav9j1ngmc3nyvdgsgraqp2jbdeypvjwhshw5qgy2e22g8ch1z9m0t48byq8f6s4cb6xy2jmzzcn054bf7phf1n2t6bgy8dj19j4ph3p8t3v99tr28ejbfh8b1y3x9g2x3e32b50waxcqcm99gqjxp1qf96v7abr05a81k57ndyz1fna5zncgp107jesyqcjesjrc5k2etkn4fvyamhpd0s6qkjf7t93k472xr6ygnpsqcmtgrsfv3q25185ew0bd8ed48g3k6pz4ts3sky7re0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%26client%3Dca-pub-2979533909392588%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1089265
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 29 Dec 2021 16:25:04 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6cbc433f7d15771a-LHR
cf-bgj: minify

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame CBAC 36 KB
13 KB 48ms
28ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1ha9kz5cj81xhcqbnnkrte7rte65txzzfa2s5a9a72fvr9v7xb8zar5p7ghya3w0xttpe5v78w71vmnzh1vak9jwvk2ryrayk5zd06caxjeh6mg2xv5s1cx3xqcawmj4k6hbad9cedzt6fq8byg6y46pcendtwav9j1ngmc3nyvdgsgraqp2jbdeypvjwhshw5qgy2e22g8ch1z9m0t48byq8f6s4cb6xy2jmzzcn054bf7phf1n2t6bgy8dj19j4ph3p8t3v99tr28ejbfh8b1y3x9g2x3e32b50waxcqcm99gqjxp1qf96v7abr05a81k57ndyz1fna5zncgp107jesyqcjesjrc5k2etkn4fvyamhpd0s6qkjf7t93k472xr6ygnpsqcmtgrsfv3q25185ew0bd8ed48g3k6pz4ts3sky7re0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%26client%3Dca-pub-2979533909392588%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=i2G9+Q==, md5=KT4B161Aam0qyQ5N1n+FMQ==
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 57749
x-guploader-uploadid: ADPycdt0OMbyAR3gXTF6Rl2rw4MBYe51A8ntvTpDoBseKBA2jFWdZUc_LIp9nTghNdaATAfizsm6E6z8AFcMzizRbU2zXLapDQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 02 Nov 2021 14:54:41 GMT
server: cloudflare
etag: W/"293e01d7ad406a6d2ac90e4dd67f8531"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3KMoHzHyBUf6uslJ2%2FZzRAIyZUv%2FV6XX9xFL03Jir3CD%2Fk1mSXghRxg9mXWPGdru4z0yOHdacpmiMeqZbSTdKcla0Jut0pe2Nv1oegoMHgik5EEUCXnmDh62vD7ZJ0bX5IbFHM%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1635864881199576
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 6cbc433f7be07735-LHR
expires: Mon, 10 Jan 2022 14:57:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C31 0
23 B 124ms
76ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRNQMuMfpn88wIcAtZq6eMKM1wIEZLjXxI2qKfUzDU_h8tVmCkF_VOhkLzd5C0S1Bj77__asZ87L5sbJkHVHQTqaWR-sce3XBF2IHo3dak_mmSP-s9Kgt752x5GzI6BTLLJ-HHEIZwTNjxpsyeriitZQpZg5pTZ4ZCcgiMTOdNa7KxpiitwkitlQ_EmnOEZWYGrC74RmiIq36VmAafyZPyty6-oJrQQSLPmT4WhqEwzIq5lwo3fhQMJojvYTVE7C1WS0ao-Vi0D3ECYc2UFChv1lJhRvbYuAnE0SF_jBmXWw1AFn1aJSEc_cz0dWGFLcUHNYwoTzygee698EWpBFtalgW6kQWGz9yefkRY7_g4u7Wmsgr38lbZ74maIm-RwL8e35tFpoFEO7GI2hKpgijeXAXvmu_W32XyxFqiHLiW5MwjXBwYphIRekXRe4ou38JdZaKHGQCtgdr664UXr8Hgx3Naoo9vlb81vH3LgJY5xQOe7j2Px_IG6o7nxHbufJJrMZ-fV47lrrK70AF_peP1vERL1tB6TYTwycdHdaUVr-Kbtl9M_ZdkB2zTtmC8MU5VZnBifIssKw0Ba3lJxtfcar35VDfHzgDdobnmM3JxjTv3_u_SH0Ma3-vDUmwUQFFX-f45qRFMyCrq3zbNXfRHmD_62UkvpLFtYdr2vFVqgKByZSg9vmwleWblYmDO6a4BddkpRKVcLARkVhUSepkFrfKLhHi8OxKpt0ONVJ3teD8_J6UfdMiktDAGoPzZ0z5t2TWgDRZi7BKg5Lo6cnPe7huKhjOuvMPhg4Mzla0QkIrRdmYix5BWN5W7a2CnyiPADyIj_WO3s4xCTthCg0SoJKsoqk7eBQmp121yJJvtPAEaPoIQMV6WzOA4GQURyBeGnHlkabIdItS7QMtUy-4niR3SaRCtImC5asNVN6cT9RAwkfYiVJUwFnnSBLiOzWZesAAsMDvoBA-Aoi8EinEeEaXmSVoX4zSEe6C2jfDLM6-ez8OJSoqFziNSb9sYPgYLSMT50Dll4NBPxImecMd4VOgXlmXs1yqAJJBFpfOAIKBlmjzjaS-ftYcIAdf6zz33SCa7v8lV3RQd1W4tMICER7wac1Aakjuv_UpCQfUCxpHYUBg4TlWungSodim10rbd0pFk4yTdZRVLTqtyloPdhtxNnXkj4t1hXxkJq2eagMsSMTtLiQ&sai=AMfl-YTnbulyCxhFKDCHTQI32uGJiULMTmmRUpS723CEpqIUG6E8UqB9-kiR5hHaEVKnrti8_zZ0e-MEroAess_PIiKhxRb7uG5JyTskjej86f35yTsqaMqPXiQRJPZWxMvuSu3ehwxbjzNFWQzaYbBQBaO-jxZ6sQ&sig=Cg0ArKJSzHiLxe4S2QdfEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=665&vt=11&dtpt=342&dett=3&cstd=314&cisv=r20220106.94772&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D059 0
23 B 90ms
76ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstbMpk3tqgh-R_baI6weHtgXMTtU3Lndo9UKcTjvgK3u3oufdfoxb9ZcqwH0uP5vd6m5gVM6fkoNLkscqRm_ZD-JAFbMVWfUnTW66muuyBiM-NKpWd-1yez43JJMoSn7lDy0JV33gCTge55ZaE98scD_kheWNoRftf0Gptr1yVxxohtgejTkTTNN9mP5CSp-qLH5DsTK3-W_IwvRnSW2nkDjgvw_DkBsrvKa97TB7vAw8xsW6HRspFfNuQBYH4d_asS8O-7AI0xnB6qIV6l_8n8p0ukhjJTpiDsEg8NPMkaYaznJHvxOwg2zPIKDF99BkXu-BfTSKGMamrymzPgPIKaGzAJGq6zkep9uimlgmUcwXMg8EJ5-thXhPFzGioueuo7Ku-7xJoHSNWOVVRrSQJP6hveapNPXQWxZws4QrsNrgo3xMxv7zlv0Vd9Oqop39JrUPNNPuXnUXaJy541SwjKurTdje_GsLbAbKhCUsLfWXgKuUmwGaiUM9vi7Yx88U75wp5YuCtnUKPzzyWEmFSjNM3PYe-lTRDPgqaRhzhT7Na5ducxnnxho_yVHZFujNDkK6xpsdfkUAvbMGvb_MC_Lu6dpgRLATinUTagiWQuQGNRfnGh3msh0MlhwkRU48o9LuQCt5gk-omwcRotJb9gHCTTuYzNcFpgjqquEly5gQ6hCGSCjFpV3T29GlbOKL0ZLENmJF9hsbCFcf2a1GwZHiLmu6fa_2QuZQMpr8CPFOJr9RYqd4wUUd9VtUPR11KhKV-FhnlLL30JPHwDW1TdYAy6sMGV5SqJNHgiy12OBVY3t-3vUxSw4bODJawLkebzrdRXtR9uLsWN7SYt6SsO5NQt_kHt9bUkd7PdUbJrJTs0GnCXNNAXuI2b4CG2chnAMuwzuKWnAgtcNNflolDrIV0wRCR2ZuScpRHWjE2VvHuSPmk2mMT53BHS_hd44WzpGw6909SnM7tcg8GgLV6jlQb0QQAxizucss0_W7oj2gbMmnIUl4yQGOasuxwi7HcXEEB9Lztfm7P3Cc3biox8oUiXXsYY-FZPURNahEHNNtT8OEOh7YTh1iRfqbB8M7lor0-VFQKilAk0FsGvb0joZfAvkyDDMp3fJRGHs3Zf3SneOmLNalvlTi1ZmwQSyzv5kn1C1PzkcnnOxEqDsI_-RfWCQZ0M_eij&sai=AMfl-YT3KVSy0IAHPdxrfNH4sBVESsa18hocGvjnsjCc8ZZ5_TVXVs2FVsAt9O5k_VfAAMHFY-RYfIXKlLauWy5WOq6nKT__vT--tQ-qLDBk6dm739caozRRsRiTHYeR-eIBqz2mbNa0dVVM7sKLK2Ej8a0Drf8vfA&sig=Cg0ArKJSzFiFFgSfF8aCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=685&vt=11&dtpt=360&dett=3&cstd=319&cisv=r20220106.50811&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame E0B6 89 KB
32 KB 127ms
37ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=13370200046975403891610011836019&a=f2ac2125

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 06 Jan 2022 23:36:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 372201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Jan 2023 23:36:08 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame E0B6 766 B
877 B 75ms
22ms Script
text/javascript 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=51990293;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900019.redintelligence.net%2Fc%2Fpzpmzirqwh18x0h%3Ftprde%3D

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=13370200046975403891610011836019&a=f2ac2125

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

50853f73bd565cf4c6bb231888b671c6f771c1553aceeb59eb0239e62a06f741

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 562
expires: -1

GET
H/1.1 200
OK request_content.php Show response
hal900017.redintelligence.net/ Frame 6D56 4 KB
2 KB 33ms
11ms Document
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=1c1wx3ge11rm&nw=20&renderingType=javascript&namespace=b90e6deb09&subid=&uid=e9e54d531e45fcdf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYd0q0QAAP7oKe6DIiwTUoQ%26mt_aid%3D3936128280822357143%26mt_id%3D9690035%26mt_adid%3D215543%26mt_sid%3D9955993%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_cid%3Db60c61dd-2ad1-4501-ba06-18c9e532eb77%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCZm-Q0CrdYfLjOtKxgQfg1qOIDc-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODjIAQmoAwGqBL4BT9DZj4qxSGtYan-cMeIGjysWzPEEBe0Yjg_W1scQP4MinO2i3490XbapNwbTcjKCkZ4cLCgzML1CffpclEhDu__GNinVjnDu9-DjDLSbwNu0ioSYTTbLjKPJvHgHNmhBlSSuLyiv27HGV4LB18vA8cTbJq21AQmvWAY8yRt2UbO73kCtZZ5KqKb53ngtjo7ELwhkBogAvMAB-ps35HPixOLaUdFt9Rlm6Ku_9aTMXFWzZQMFICwhgjFD9qQnXoAG8OHk59O5xvbdAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3UV-AZyMqeTjQbySNsfv95e0XwUw%2526client%253Dca-pub-2979533909392588%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2979533909392588%26output%3Dhtml%26h%3D90%26slotname%3D4170394609%26adk%3D2715274491%26adf%3D2671285577%26pi%3Dt.ma~as.4170394609%26w%3D728%26lmt%3D1641884368%26psa%3D0%26format%3D728x90%26url%3Dhttps%253A%252F%252Fzvonil.octo.net%252F%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1641884365244%26bpp%3D5%26bdt%3D304%26idt%3D2981%26shv%3Dr20220106%26mjsv%3Dm202201040101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db54d1331c0b56cc1%253AT%253D1641884367%253AS%253DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw%26correlator%3D4170688867500%26frm%3D20%26pv%3D2%26ga_vid%3D379789922.1641884365%26ga_sid%3D1641884365%26ga_hid%3D105186510%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D277%26ady%3D477%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062930%26oid%3D2%26pvsid%3D217545841997741%26pem%3D685%26tmod%3D148%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoepE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DeSBoYcdoIG%26p%3Dhttps%253A%2F%2Fzvonil.octo.net%26dtd%3D2996&ancestorOrigins=null&random=3384329650896&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: d49d7459651160ff757a7fe0e54ac06736bf360f8e0d67f13c99ef57a8c6dce5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 2022 06:59:29 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1537
Connection: close
Content-Type: text/html; charset=utf-8

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame CBAC 3 KB
4 KB 98ms
26ms Image
image/png 2606:4700:20::681a:61b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:61b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Tue, 11 Jan 2022 06:59:29 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2414329
x-guploader-uploadid: ADPycdvQu8rzdRrs97enjvGnGemL_nNn_z_RSZB83DHfe2cfB-xpEUBD4BQhQyZG4qi6ZI9TUspp2S0YgzaqlNWuYIyIg2GVkA
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qK4SIWNxUYCtba2KBdZ604zrpZY6UCVU7afnqqPgACUQ4YfFxZpVJ0J32WL90rgTD%2BeUOhE2IP4IkJiwQraTAf9uVtG7XECaoMna49cMirUUK%2FsUHRP1pab3Bb92YUTFJdBXQYIKMSTNbX2vV%2FqVaiLK"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 6cbc434069c071d8-LHR
expires: Wed, 14 Dec 2022 08:20:40 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame D14C 47 KB
47 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:44:53 GMT
x-content-type-options: nosniff
age: 876
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 06:59:53 GMT

GET
H3 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame D14C 47 KB
47 KB 46ms
45ms Font
font/woff2 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:48:56 GMT
x-content-type-options: nosniff
age: 633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 07:03:56 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D14C 6 KB
4 KB 95ms
50ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

602a24cc73abcd1e5440e794ba9a34fd7c1fecbd3e90e48807eb900de711eba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4413
x-xss-protection: 0

GET
H3 200 60005582_20211209051349087_300x250_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame D14C 29 KB
29 KB 40ms
39ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211209051349087_300x250_LOOK-01.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60801c995ea2a95a379d8e2ad4d79e1b7f3cca44f2fae3c2552a50cfb84cd9ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:23:20 GMT
x-content-type-options: nosniff
age: 52569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29345
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 13:13:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 16:23:20 GMT

GET
H3 200 60005582_20210907245530254_Wechselbonus-STOERER_Apple.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame D14C 9 KB
9 KB 46ms
45ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210907245530254_Wechselbonus-STOERER_Apple.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0eebfcbe5a0b956d0a3158463146c7f8f54a5cdc67d3a99989b8c9707de4b71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 20:17:21 GMT
x-content-type-options: nosniff
age: 38528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8955
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 07:55:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 20:17:21 GMT

GET
H3 200 60005582_20211206060732313_iPhone13_Airpods-Pro_Logo_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame D14C 26 KB
26 KB 47ms
46ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211206060732313_iPhone13_Airpods-Pro_Logo_Asset.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67d304b4b172db10a4f37fecef46178e6bb9dac8fed95fc553dd621be046525c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15239545625394544640/300x250.html?e=69&leftOffset=0&topOffset=0&c=Y4x253DsmM&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 14:31:23 GMT
x-content-type-options: nosniff
age: 59286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26206
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 14:07:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 14:31:23 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame D14C 43 B
609 B 24ms
8ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=26952494_4307561_323352071_137245147_-0&ref=26952494_4307561_323352071_137245147_-0
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Obertshausen, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3 200 frame.html Show response
ad4m.at/ Frame 8B02 2 KB
2 KB 26ms
26ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 11 Jan 2022 06:59:29 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycds48YZbtXg3yaX09yERbzg1JKDBuVpE4snBkytF1oELO3qMbqrIpHRFilA0q9K1mzp7fA71zKqUW28KBWnLmdk
expires: Tue, 11 Jan 2022 07:59:29 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2436633
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EKufNieZfM%2BvKZT7pR7BIB6Be1vKe%2B%2BlWJVd8musZrG512oXAiyMsPVAt8F9TH0hc3H3QqZPGho3I3ap617bOBRlKMxMjUZ9Yv1ZMYv17YYBVMEVGBY4xRo1T3uneD983MA4hY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6cbc43403e00771a-LHR
content-encoding: br

GET
H3 200 CodeProLCW05-Regular.woff
s0.2mdn.net/creatives/assets/2560291/ Frame 0E60 52 KB
52 KB 39ms
39ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2560291/CodeProLCW05-Regular.woff

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ec5e0481c4ceacde8c5e8fab9d5305fc68496b8c75d7d58fb0e91feaf7f598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:52:23 GMT
x-content-type-options: nosniff
age: 426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52901
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 12:12:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 07:07:23 GMT

GET
H3 200 CodeProBoldLCW05-Regular.woff
s0.2mdn.net/creatives/assets/2560291/ Frame 0E60 48 KB
48 KB 41ms
41ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2560291/CodeProBoldLCW05-Regular.woff

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92426eb5437b357b9046670556ba89baa8384edcc8734f56b813745bdb9e1cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:52:56 GMT
x-content-type-options: nosniff
age: 393
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49198
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 12:11:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 07:07:56 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0E60 6 KB
4 KB 63ms
48ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c24c06d0713faf4f1dda4c690a9b7e3ecc6c0764c5adead40c168e669bb82812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4389
x-xss-protection: 0

GET
H3 200 60005582_20211005060016877_STANDARD_160x600_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 0E60 8 KB
8 KB 51ms
51ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211005060016877_STANDARD_160x600_LOOK-01.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1f00e6c07966aa5caf444e38f92eacd81d85a407e81d32840e80193d3de7dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 23:33:55 GMT
x-content-type-options: nosniff
age: 26734
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7729
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 13:00:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 23:33:55 GMT

GET
H3 200 60005582_20211005060020344_STANDARD_160x600_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 0E60 6 KB
6 KB 53ms
52ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211005060020344_STANDARD_160x600_LOOK-02.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c31ff2a29aaffb1460909a8885c41d9caf8f0e37f9cfd301c427f91780d79d95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 23:01:52 GMT
x-content-type-options: nosniff
age: 28657
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6475
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 13:00:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 23:01:52 GMT

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 0E60 2 KB
2 KB 53ms
52ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/351369470800822272/160x600.html?e=69&leftOffset=0&topOffset=0&c=7UJ1dVAMO5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 19:54:54 GMT
x-content-type-options: nosniff
age: 39875
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jan 2022 19:54:54 GMT

GET
H/1.1 200
OK postview.gif
portal.blau.de/nws/img/ Frame 0E60 43 B
616 B 31ms
8ms Image
image/gif 82.113.101.236
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_DSP_TRA_HAV_34114_PV&mediacode=26952485_4307561_323347793_154734726_PO1302A&ref=26952485_4307561_323347793_154734726_PO1302A
Requested by: Host: zvonil.octo.net
URL: https://zvonil.octo.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.236 Obertshausen, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.blau.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:29 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H/1.1 200
OK iframe Show response
sync.mathtag.com/sync/ Frame 8163 652 B
765 B 49ms
20ms Document
text/html 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/iframe?mt_uuid=b60c61dd-2ad1-4501-ba06-18c9e532eb77&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4&gdpr=1&gdpr_consent=li
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 4133 baa842e master cdg-pixel-x31 config:1.0.0 /
Resource Hash: 4c5325edabfb7a618fea7fb98d21d0940c941d4533c4e337923515685808a056

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
Content-Type: text/html
Connection: close
Access-Control-Allow-Origin: *
Server: MT3 4133 baa842e master cdg-pixel-x31 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Tue, 11 Jan 2022 06:59:29 GMT
Content-Encoding: gzip

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1D06 1 KB
749 B 38ms
36ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Jan 2022 13:26:12 GMT
expires: Tue, 11 Jan 2022 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 63197
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F684 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 914a755b3bf75ff7d40524234c1079b01efdea4c798689ba535918b0c152a031

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame F684 43 B
550 B 47ms
18ms Image
image/gif 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&gdpr=1&gdpr_consent=li&bcdv=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 4133 baa842e master cdg-pixel-x10 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
Server: MT3 4133 baa842e master cdg-pixel-x10 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27C1
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECaPKZUuS45pkOFOZ5gUs-U&google_cver=1&google_push=AYg5qPKk-MfpEfAdWftaQj7pesGJ5XJki0RkFqGtG-r-mfK7Y8yi6WaGWn...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKk-MfpEfAdWftaQj7pesGJ5XJki0RkFqGtG-r-mfK7Y8yi6WaGWncy1Q7Z-el3HZLvG6DW0WCPX4EqOtwQwzZ_FdDTqP2R&google_hm=LgIaUn...

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKk-MfpEfAdWftaQj7pesGJ5XJki0RkFqGtG-r-mfK7Y8yi6WaGWncy1Q7Z-el3HZLvG6DW0WCPX4EqOtwQwzZ_FdDTqP2R&google_hm=LgIaUnC7UhqLxj4ryFu6wg

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKk-MfpEfAdWftaQj7pesGJ5XJki0RkFqGtG-r-mfK7Y8yi6WaGWncy1Q7Z-el3HZLvG6DW0WCPX4EqOtwQwzZ_FdDTqP2R&google_hm=LgIaUnC7UhqLxj4ryFu6wg
pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

1000.gif
id.rlcdn.com/ Frame 27C1
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLFJFOc7elES91wVQ_qKQrpWo_VB4xnFxgt40p_mw2RymnBcyOJWyUi5CfJXCe2c-rqXdqCSM08v67LsZVu6taoNXt6Efub-Q&google_gid=CAESEHHCVUP-Cn-Daj5WoNi7MO8&g...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNLV9I4GEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBMRkpGT2M3ZWxFUzkxd1ZRX3FLUXJwV29fVkI0eG5GeGd0NDBwX213MlJ5bW5CY3lPSld5VWk1Q2ZKWENlMmMtcnFYZHFDU00wOHY2N0xzWl...

42 B
191 B

20ms
20ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNLV9I4GEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBMRkpGT2M3ZWxFUzkxd1ZRX3FLUXJwV29fVkI0eG5GeGd0NDBwX213MlJ5bW5CY3lPSld5VWk1Q2ZKWENlMmMtcnFYZHFDU00wOHY2N0xzWlZ1NnRhb05YdDZFZnViLVE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:30 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

date: Tue, 11 Jan 2022 06:59:30 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNLV9I4GEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBMRkpGT2M3ZWxFUzkxd1ZRX3FLUXJwV29fVkI0eG5GeGd0NDBwX213MlJ5bW5CY3lPSld5VWk1Q2ZKWENlMmMtcnFYZHFDU00wOHY2N0xzWlZ1NnRhb05YdDZFZnViLVE
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 27C1 43 B
106 B 21ms
19ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESECeplvTEb_UR7zaQQU6XEoQ&google_push=AYg5qPId_0f8kA9Cr9Hr9eBeAOkCff_iIxujvPnm60onHf6LOCzlTBQB35mPjlJXiyE9CimtPCmWqPc2SBfCD0F0vzGCJJ3YgbOfaQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 27C1 43 B
64 B 22ms
21ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIJMwNXiuG9xhPH7-8Ofc3c&google_cver=1&google_push=AYg5qPLvqXC_I4dFaEOMWIVcz0bXPDe4IYb0nSh0mipfQUrqVGrz0V5Um6yjoORGNPQNT-0UDR4R5RQEWEavKDyntH90gccLm31z
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=250&slotname=0787847652&adk=665242438&adf=3866777003&pi=t.ma~as.0787847652&w=300&lmt=1641884368&psa=0&format=300x250&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365250&bpp=1&bdt=310&idt=3004&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&prev_fmts=728x90%2C728x90&correlator=4170688867500&frm=20&pv=1&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1039&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeopEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=8s90hTu8bK&p=https%3A//zvonil.octo.net&dtd=3007
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: aukjfqgb3onmj35e5naif3oschtc8o6q

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27C1
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIL1F-fklKg921xQszA_ogdOg4cJfbe_Eh4Ake-Z4J-4w7e3pF7Aml4-qTYAj0hGcRXTqjtK_XyNA3jOJeRNl-gsY0jGuOD

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIL1F-fklKg921xQszA_ogdOg4cJfbe_Eh4Ake-Z4J-4w7e3pF7Aml4-qTYAj0hGcRXTqjtK_XyNA3jOJeRNl-gsY0jGuOD
date: Tue, 11 Jan 2022 06:59:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27C1
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEELGsB6d9lYwE3uVBXZoUl4&google_cver=1&google_push=AYg5qPLmP09ZeqYPCErcTljjRcLhoJpOFBqmJpyBsRTD5DpuZvK9DIsgilWl34EWlDV-Dn8_xU1...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3WlMtWi1BN0dU&google_push=AYg5qPLmP09ZeqYPCErcTljjRcLhoJpOFBqmJpyBsRTD5DpuZvK9DIsgilWl34EWlDV-Dn8_xU1d7LIO9m42qmgayZpzqWM_xnVqmg

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3WlMtWi1BN0dU&google_push=AYg5qPLmP09ZeqYPCErcTljjRcLhoJpOFBqmJpyBsRTD5DpuZvK9DIsgilWl34EWlDV-Dn8_xU1d7LIO9m42qmgayZpzqWM_xnVqmg

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks3WlMtWi1BN0dU&google_push=AYg5qPLmP09ZeqYPCErcTljjRcLhoJpOFBqmJpyBsRTD5DpuZvK9DIsgilWl34EWlDV-Dn8_xU1d7LIO9m42qmgayZpzqWM_xnVqmg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 27C1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPK4CsEpzjxKcjBaw2f8gS-pIFY7X-k7Uylo-KfucHYAqxHzuJEntqKTpzEs9Cv9Iy1OEwpQkzBQA3X1vdpygp...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 27C1 0
12 B 48ms
47ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JhX8sjOVwlf2leQ3tyRlyDmZoQ1dkfiydOwnMPDmB0Nqiz2ccfOHkZzWdiT1CZNVDr8ffu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 6D56 766 B
873 B 22ms
22ms Script
text/javascript 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=51990272;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fps71z218lgulmfe%3Ftprde%3D

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b0c07c80ee672d603f2e8d13e85dbacba5d683c06eee4ba333eb23343346ed9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 559
expires: -1

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E60 17 KB
6 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D14C 17 KB
6 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:30 GMT

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame E0B6 0
150 B 34ms
12ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=13370200046975403891610011836019&a=9f79c3ba&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=13370200046975403891610011836019&a=f2ac2125
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=13370200046975403891610011836019&a=f2ac2125
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame E0B6 33 KB
16 KB 84ms
20ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=51990293;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900019.redintelligence.net%2Fc%2Fpzpmzirqwh18x0h%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 18191afabdd55f31f8da7876213eb471318fcbff80cd186aba13bbe8d7461585

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Wed, 05 Jan 2022 15:01:11 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 12 Jan 2022 10:24:10 GMT

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 6D56 0
150 B 35ms
12ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=90674000051661303891606011836017&a=a2eefa62&vb=m
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 6D56 33 KB
16 KB 86ms
46ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=51990272;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fps71z218lgulmfe%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 18191afabdd55f31f8da7876213eb471318fcbff80cd186aba13bbe8d7461585

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Wed, 05 Jan 2022 15:01:11 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 12 Jan 2022 10:24:10 GMT

GET
H/1.1 200
OK img
sync.mathtag.com/misc/ Frame 8163 43 B
550 B 16ms
16ms Image
image/gif 185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/misc/img?mm_bnc&gdpr=1&gdpr_consent=li&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/iframe?mt_uuid=b60c61dd-2ad1-4501-ba06-18c9e532eb77&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sync.mathtag.com/sync/iframe?mt_uuid=b60c61dd-2ad1-4501-ba06-18c9e532eb77&no_iframe=1&synclist=4&mt_lim=1&type=1&gdpr=1&gdpr_consent=li&source=bidder
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
Server: MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Tue, 11 Jan 2022 06:59:29 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1D06
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKMIi7_2isLSw2AoKQRvcWJLFCEgSarkJCJHk2...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWQwcTBnQUFBUWgxWUNZTQ&google_push=AYg5qPKMIi7_2isLSw2AoKQRvcWJLFCEgSarkJCJHk2mN8Mg5wSP-WqenzDDeFDyzKHkiaUdPtGqLU50h5_-X6qSYbWQaOAvDmU

170 B
188 B

52ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWQwcTBnQUFBUWgxWUNZTQ&google_push=AYg5qPKMIi7_2isLSw2AoKQRvcWJLFCEgSarkJCJHk2mN8Mg5wSP-WqenzDDeFDyzKHkiaUdPtGqLU50h5_-X6qSYbWQaOAvDmU

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWQwcTBnQUFBUWgxWUNZTQ&google_push=AYg5qPKMIi7_2isLSw2AoKQRvcWJLFCEgSarkJCJHk2mN8Mg5wSP-WqenzDDeFDyzKHkiaUdPtGqLU50h5_-X6qSYbWQaOAvDmU
Date: Tue, 11 Jan 2022 06:59:30 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1D06
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEL5TtGwIkTikk_CzAC8DMy0&google_cver=1&google_push=AYg5qPJsG2kZardWe5PPrE9FEWPsk-hwkY8Z52r6lZSjm094e6Wgw0tvXygUi_nprEjKndoZBjRMupHhQJBxrUI0akC757ebrA
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJsG2kZardWe5PPrE9FEWPsk-hwkY8Z52r6lZSjm094e6Wgw0tvXygUi_nprEjKndoZBjRMupHhQJBxrUI0akC757ebrA&google_hm=Q0FFU0VMNVR0R3dJa1Rpa2t...

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJsG2kZardWe5PPrE9FEWPsk-hwkY8Z52r6lZSjm094e6Wgw0tvXygUi_nprEjKndoZBjRMupHhQJBxrUI0akC757ebrA&google_hm=Q0FFU0VMNVR0R3dJa1Rpa2tfQ3pBQzhETXkw

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:29 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJsG2kZardWe5PPrE9FEWPsk-hwkY8Z52r6lZSjm094e6Wgw0tvXygUi_nprEjKndoZBjRMupHhQJBxrUI0akC757ebrA&google_hm=Q0FFU0VMNVR0R3dJa1Rpa2tfQ3pBQzhETXkw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 1D06 43 B
64 B 22ms
21ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIJMwNXiuG9xhPH7-8Ofc3c&google_cver=1&google_push=AYg5qPLTGSmjGFbmn35VUhwbwmnCXdtI5_K1D1YO7nJP3aDOPsDXlxY_kv285UwZv31tmpD2EdZ7pu3pvSZ1tnAZIV5PoHg92wU
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:29 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: gdvbk9t3im1j1f5tph6t17shoq53qr45

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1D06
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJCm99vPpkqSrz87Dlou75c-5FMjXffi1YpW--qrQc4U5hBE3yxKtjyXzie7EIqZXaXWZ1f4r5BUrvPj0qL9cxpzlvPZg

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rD8dWv4jTfmisxAd5Ms61w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJCm99vPpkqSrz87Dlou75c-5FMjXffi1YpW--qrQc4U5hBE3yxKtjyXzie7EIqZXaXWZ1f4r5BUrvPj0qL9cxpzlvPZg
date: Tue, 11 Jan 2022 06:59:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1D06
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEELGsB6d9lYwE3uVBXZoUl4&google_cver=1&google_push=AYg5qPLsH81-17bNdOSdBZtjyZnvc9RYHfSVyoJ7wNAnJ0IrG2hRNCmh8vMmYaITVPqnc5-mSHC...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks4M1AtVy1CN0xG&google_push=AYg5qPLsH81-17bNdOSdBZtjyZnvc9RYHfSVyoJ7wNAnJ0IrG2hRNCmh8vMmYaITVPqnc5-mSHCqrnvqTZ1xcs-yC_ytTvSUGA

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks4M1AtVy1CN0xG&google_push=AYg5qPLsH81-17bNdOSdBZtjyZnvc9RYHfSVyoJ7wNAnJ0IrG2hRNCmh8vMmYaITVPqnc5-mSHCqrnvqTZ1xcs-yC_ytTvSUGA

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1k5Uks4M1AtVy1CN0xG&google_push=AYg5qPLsH81-17bNdOSdBZtjyZnvc9RYHfSVyoJ7wNAnJ0IrG2hRNCmh8vMmYaITVPqnc5-mSHCqrnvqTZ1xcs-yC_ytTvSUGA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 1D06
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHPi9QrDT1feEgUJ__EWkOE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yd0q0Ufh5nzy8_eAFlzZ0QAABGYAAAIB&google_push=AYg5qPKc36SPYCEC9En4V2Z7nujFmn-AmB6Mp_ScELg8BuAyP3aFios1i2AZeZPJefDIR6tkzoZ3KzW4eeQnnWZV8c...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 1D06 43 B
297 B 572ms
169ms Image
image/gif 2600:1f14:d24:9301:4a17:3c44:77f9:fd7a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEI3JBeIjGrFc1xEDSncYVS0&google_cver=1&google_push=AYg5qPLZe_si1LGQDC-o4iW5DuF-QMIPn7wQwB-AF0IN27MxO4L7BQ8_hdgevVKICWoHSR3QifTis5_n5mPRU5l8WDZsfcYvuQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979533909392588&output=html&h=90&slotname=4170394609&adk=2715274491&adf=2671285577&pi=t.ma~as.4170394609&w=728&lmt=1641884368&psa=0&format=728x90&url=https%3A%2F%2Fzvonil.octo.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641884365244&bpp=5&bdt=304&idt=2981&shv=r20220106&mjsv=m202201040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db54d1331c0b56cc1%3AT%3D1641884367%3AS%3DALNI_MZg1QHQQ6fVO9bqJ0YWT36z1nVaqw&correlator=4170688867500&frm=20&pv=2&ga_vid=379789922.1641884365&ga_sid=1641884365&ga_hid=105186510&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=277&ady=477&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=217545841997741&pem=685&tmod=148&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eSBoYcdoIG&p=https%3A//zvonil.octo.net&dtd=2996
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:d24:9301:4a17:3c44:77f9:fd7a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1D06 0
12 B 47ms
46ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L_Jt2WLScBQMlWDPb6sLGizG5LO4nLQEXgxsbNPjoNd7bjpm1SLRUcN6iebpzGtrLsOmvw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js Show response
pagead2.googlesyndication.com/bg/ Frame 8172 35 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 19:20:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 19:20:25 GMT

GET
H3 200 94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js Show response
pagead2.googlesyndication.com/bg/ Frame 64E0 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 19:20:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 19:20:25 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame E0B6 3 KB
2 KB 22ms
22ms Script
text/javascript 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=51990293;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900019.redintelligence.net%2Fc%2Fpzpmzirqwh18x0h%3Ftprde%3D;js=1;adfxid=1x;7337;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fzvonil.octo.net

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e7ff237dd2e29b73868bc80b0583f51c8774d299ef55018c39113501c342e3f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1838
expires: -1

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C5BF 42 B
64 B 77ms
77ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthjOz7p5Tu6TzQcBHXMeL50sEW_a_imnT_n0-LDfspGL9wwd8oRC6fhCMlTyaXM_Sc17334-R5dfMzr5l1qlLKwDKQD9ZB2-0-XB7mvl-AgJz_M_d_ART6SQym53JVSNFniMt3EF8XXzg8rg&sai=AMfl-YQ-9aByruXqim56BMSQ7AjCFI8dTXUJ2M95axbhVjJRdxg8viV7AHrqXIEyKQgQuR_Yn7VEegFwdOz_DY_p9FXwSVILN251fpVYm84S7L1hAGqx0Nb0txuLAOsbLZA&sig=Cg0ArKJSzI9xz2kfyw7hEAE&id=ampim&o=277,193&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1007&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&tfs=124&tls=1131&g=100&h=100&tt=1132&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4116272111

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame CBAC 1 KB
2 KB 36ms
36ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b66446b9f344e0605c7c90d93586cafd16176ba45d37dc304cb32563262add2

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6cbc43424b1c7525-LHR
date: Tue, 11 Jan 2022 06:59:30 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZ4Vr60CfMe46SsSMeJirqw2yf1Pwau1tPP7B%2Bluew2aQwZVu5snLm4qq%2Fw8zgn0wrK6OoHwzhq2qzLf3XMFI4NSc4qm7THSAWcUMOaZhDmJzYg5x1zK6fsIlnCw41VtIqcU11M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-fhbb

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 53ms
34ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-fhbb
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JFaxFVGFHnJCgPR9bDtfOUCqQWRkvJJcgrjVVvdyX4H%2BgX8a2sDoRRDDeOP4VoQLblUcotTWosdgXyjWAe1BTqeIAHS0MbOLS3XpopeTrerKQBYMvisx%2FzNfsY22kTQF386yec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6cbc43421ac47525-LHR

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 6D56 3 KB
2 KB 21ms
21ms Script
text/javascript 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=51990272;gdpr=1;gdpr_consent=li;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fps71z218lgulmfe%3Ftprde%3D;js=1;adfxid=1x;2175;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fzvonil.octo.net

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

dc08bdf3a99cf337828d1519094b5bf202a456af210d29e12bf504a035a85012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1848
expires: -1

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C40 0
20 B 71ms
71ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BKzn60SrdYcTgBNG03gOe6IKgBwAAAAA4AeAEAg&bg=!Xl2lXRnNAAbDtiZlw7Y7ACkAdvg8WjvdV1FQxN_gQ4PPKPERrL-iBBwEbfW2lo1bBLPCem1I58cODwIAAAHtUgAAABxoAQeZAsT3j17KfQI3c3Cd_UTQMClFjtxRYZHN3sqkPana9YUauR4zCrE-M74MSLetYBKMsUbZrAteWuuMZIhCTRVUN2kp_ZljegZ1dXdurnEhAytwrrZcEHg1s4VxoeEpmEQ8G6wB2RucgnnfbzVh8DdLIA0Snx6vRMPV6tp4hfsrYx46ZRwnR_U-V6bu_28zXm48oc3r09IT75u7xdS0MiMeQbXyntAJyZQmMq4sg066ShwLjcJi9v0GTyIXus4Fe7q8bgy9JepeaHQOM7ruCYkfM0q5xTFBTjlOsvy-eU_f3pW8RpEazZU8F5ahwyLP98LYyl63EgbI4pLuiD2HytEt1n1bKn2_PLK1GXfsSm6EMOCyGX2qsj2vtp9_d_I8b5npmNBG6h3Rn31LMm0Idpia5vmXNN0y_gr5QXzb0SqvI_Aswxc1GZemcShxUH0qNKqxCteHNbKiAD3OCzPMs3xSkRL_lsV-5ovBP9xef1UUMMDHBlx86TIZrH7xGB-ZQz8PSYJXj_Q6oNIMPWmLjHaRM7h0wiPeYwvmYiqHN9k1peHIKUHN82oz4T65K9fax9zx_hFOQZpco-0znCHyuzryc8u8q7sobmGvW4ZU0fPU8TPDH2oYuzl0by8RwLwDU8mJKRKEoDcUuUrDbxh4clA0U8YilpsNf1Kn2YuCuSnfQzQukiugWqULThaugd3nSGkbAwiB-2euIJFYa_-_MZuM4KE7dND0F2QQfuc5XD2Wrw4aHNZ2clRUrbUpqbibmMgFl9GP-CetQ5DzI56HT6FJbcIAk4rNCIYRowVTgALVuij8lOuG-blvfYrWlLtZDhLlpS-UvKMyAe50d5mF1aRRswvNEU9Sy4FpH5eThvLNaaAlmpGEzBO-rP3ieCAz9NdKq6kAG_cRqoeS122DLzuraXo86eJy4dusSleibdx3P867rXj9mMQ

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DD04 0
20 B 73ms
72ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfwZA0SrdYfrLBdzCx_APiqmGoAUAAAAAOAHgBAI&bg=!s7ClsPTNAAbDtiZlw7Y7ACkAdvg8WiivGFNZjqmT1e3ID0RFTaxaUzyxuyslqwgSR5ADiy70Moh5rQIAAAHgUgAAACNoAQeZAw4BPfDy8AeFsQ3Uo1u8erq3dON4waJ7d0W01FKiM8X3KgwoRRT0tRJLpYR1QM3H5gcKDAaRYPxHf8tLDg7TD9d_TW2tti2Gwzmjlx8EjCNG0bNVFIB2BxCzNGhNladZGN_2DA9XkmlexPJNfvECeuDBjRwf9-qay4hK2p5rJVGxFtSsFyieyaiTuhB1ZgiWZUXh1f93-OMmYrLGOiB1rRtLmzYx7GTTbul-m-jWXnMX8Z1j_C-C2J_KvVx3oLcvTsWR_BSX8xfDLX2t61wB9ecq_wR1ED1wEng-Tis-bPSGX7PQh5xkS5FWCwoF__cXgvoXbzeYXtgnvReh4dwY3zolCaLV2JXZnCkEymCCGc3IRaw7ybFBj1fwSGvxR_euPE9fLRt88uYxnJHqCJVu-bPnufNDB1261HRJIb6LY0GoJm-LWGf0HQmVJNpaz4Sb6Idh72H05nL2ZiZwtSv6AE-2JAyK1-XuUE2R5KdHpncp1EoBmpQbVIjdHOtOGH2ewhAtdS1z4GO9GWiiBRpDgvMrilTavPcPMR4P0yyUrnOkjhunPXgSKJuFZLtsFIoLz7jbeBtJd53wgrBJwauKLBUuHFMONa9sVEtMJvqvL3_EkjYhW7j9gof5i9GRJTA4x_rreJW2zfZ2_nAzVdztBfe7i7C6rAIwlmfz8DwK_vic-6J3xyoRs0APejuac-D9SB80CDCtx37ij0MJkpo-ymaTUGC5wOIjNXWS2v1T3nc5bZ2xEpxi9cslE15xmxlHcybHWtSj_C4Ri24oUQCXI-1Wpr6FtVfskH1oVaXR1yzrVdWGsWYKYjECk17TcMLH8aKJB3ib5E4TA--EsST8CetRR_7GAwCqxl0dWeQzBXZeTLHdiYexnBpXunMDRM3lq4IBrkrRqa--Qvxs2LBrh6BNSyDuGO5mEsN135meejT9LQiHC5u1I10YLiAweuBmE6HCli9bvR-aP5SH2PT-_fm7s19K7sze-WVCVRzut9_b-N5zBEw-YjdJVplCKE_B3o1j0to8xUIgbZtP5ydLqA

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame E0B6 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 6D56 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame 6D56 851 B
1 KB 62ms
11ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame E0B6 90 KB
39 KB 27ms
26ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 80666771e4c8d157b7643583d0552efd7d7082bf03ed57b819412c5a7e8fb17c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Wed, 05 Jan 2022 15:01:11 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 12 Jan 2022 10:18:50 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame FD9C 6 KB
4 KB 46ms
46ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3865d6f7aa6e33db52f39b71644cf01db7cc36600f9a13503254ea0e9e946efb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1ha9kz5cj81xhcqbnnkrte7rte65txzzfa2s5a9a72fvr9v7xb8zar5p7ghya3w0xttpe5v78w71vmnzh1vak9jwvk2ryrayk5zd06caxjeh6mg2xv5s1cx3xqcawmj4k6hbad9cedzt6fq8byg6y46pcendtwav9j1ngmc3nyvdgsgraqp2jbdeypvjwhshw5qgy2e22g8ch1z9m0t48byq8f6s4cb6xy2jmzzcn054bf7phf1n2t6bgy8dj19j4ph3p8t3v99tr28ejbfh8b1y3x9g2x3e32b50waxcqcm99gqjxp1qf96v7abr05a81k57ndyz1fna5zncgp107jesyqcjesjrc5k2etkn4fvyamhpd0s6qkjf7t93k472xr6ygnpsqcmtgrsfv3q25185ew0bd8ed48g3k6pz4ts3sky7re0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%26client%3Dca-pub-2979533909392588%26adurl%3D

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6cbc4342898c771a-LHR
content-encoding: br

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 6D56 90 KB
39 KB 27ms
27ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 80666771e4c8d157b7643583d0552efd7d7082bf03ed57b819412c5a7e8fb17c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Wed, 05 Jan 2022 15:01:11 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 12 Jan 2022 10:18:50 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame E0B6 35 B
469 B 21ms
21ms Ping
image/gif 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=51990293&csi=asCrGOOrRCGz-eMyyMxsJTsSRCd8FaLei7Adx6ZWHcnZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900019.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900019.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7C31 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssNXeLF-OJb3iD1n32sXPewV6QvbrVVc7bohxkfk_gOA5h5jeiHGkkImzloQXHlee5iyXYg7DwbgpRuYm3Q7DGsrFGMGe22iEbX-wD4CUgTEwqC4KZeKw&sai=AMfl-YS3m8cDhq8zd7sbu08g7cTg71qgEurYVL5GqK8ESVaPP1TDAw58Sf8BqVbc2uVfd0oRXzmnReOjpY6r0ZCKA1BJ4q3zXTah8xW_wb28EecyrmndncTFWYBaE3UV&sig=Cg0ArKJSzFNkNHSvgRz1EAE&cid=CAASEuRoYwalgOHBrhVMaT_8SEFINw&id=lidar2&mcvt=1031&p=541,1039,791,1339&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20220110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1556906017&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1641884368189&rpt=442&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6a6266628e1faadeef710eacad8b2964.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10664243.js Show response
s1.adform.net/Banners/Elements/Files/160090/10664243/ Frame 8AB5 3 KB
1 KB 20ms
19ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/10664243.js?ADFassetID=10664243&bv=258

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

96bcbe3684c1089d731e6e8b4e7a9af69f361e8299c381a1b22268e85131c0cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: W/"61b705bc-c8a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame FD9C 81 KB
11 KB 26ms
26ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1089266
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 29 Dec 2021 16:25:04 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6cbc43432a7e771a-LHR
cf-bgj: minify

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame FD9C 53 KB
54 KB 63ms
27ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date: Tue, 11 Jan 2022 06:59:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2269469
cf-polished: origFmt=png, origSize=115129
x-guploader-uploadid: ADPycdtYZ-i-tFBgnXTLLXHJF7dannic-0vynZjDuu4e4cYb1blsNenom2Oj3dKTPwyLeZx3MF6i8oMaYxYjYufpZIB18Dj7dQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 54564
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q8qF2tackKCiTNl8ooauL0kNs0m43YpDugiDrksynas5xSvJSnKg67bZdm7YHI7B6CmZWEmmyCexg4FY7pXy6f9ki8vX86XIbYwOL9cBe4U9JV6w%2Fb9GTJ%2Fh19VS6ADBNH55BTObLU3%2BKn6s"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883484779402
content-type: image/webp
expires: Wed, 12 Jan 2022 06:59:30 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 115129
accept-ranges: bytes
cf-ray: 6cbc43435a4a7735-LHR
cf-bgj: imgq:85,h2pri

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame FD9C 23 KB
23 KB 53ms
27ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39ae6b1a1ba72fc9d48b1848e9bc88f4b9da10688232ccca39d85b878db7af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=I4uEDQ==, md5=w0ixd5U6xXIINsBOGiFnPQ==
date: Tue, 11 Jan 2022 06:59:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 471455
cf-polished: qual=85, origFmt=jpeg, origSize=132437
x-guploader-uploadid: ADPycdvtYjlGhoK0bPJyu9IW18JCcCaPOykAnuWJcoKF6XgSw6E8F1tnHvRUCh8q88qoGa7JVKtDO3HhK40wnsV3Zmc
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23154
last-modified: Thu, 09 Dec 2021 17:51:23 GMT
server: cloudflare
etag: "c348b177953ac5720836c04e1a21673d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KdNmOkUrQw%2FspnhdY9yQkjTII9kKHE2eLnqo6mi1Mi1oTtvaMWY15hsehfPtZRq9ELMiW3e7tdcj6zlVI4sTLqv87ODwvE%2F8BwkirstFNnk1oMLTM%2B7%2FVkA1SShFmVWHb3ZoNhpO5vAQVS4L"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639072283176296
content-type: image/webp
expires: Wed, 12 Jan 2022 06:59:30 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 132437
accept-ranges: bytes
cf-ray: 6cbc43435a5a7735-LHR
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame FD9C
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2022011107593061890455981X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqo...

49 B
1 KB

56ms
18ms

Image
image/gif

78.46.85.162
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2022011107593061890455981X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&spid=2022011107593061890455981X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 78.46.85.162 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads1.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
X-NODEIP: 78.46.85.162
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html; charset=UTF-8
location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2022011107593061890455981X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&spid=2022011107593061890455981X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211
cache-control: no-store, no-cache, must-revalidate
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame FD9C 9 KB
10 KB 69ms
43ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date: Tue, 11 Jan 2022 06:59:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 471462
cf-polished: origFmt=png, origSize=24833
x-guploader-uploadid: ADPycdsCBmpUgM4Oak17SiOVV_x7k9mwTG_G2DIKPY91FtdZKW7LIYm_3U4hmmLIrLKzNuN7NDSJK-L9Km5uQBlktCg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9258
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZIj4biXjLodLJzF6bJpbYr2WvSigEMlTdSMJt7nVg%2BNvFNm9lOmtac57gv4yM2en06J5yxkr6vrHm3LOD6c6qP61dvgvRlbPT7dKYalv17sDdGGOEenjKRYaiRL8AdvqZ9Vz8EVd1RaND4vv"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883517528266
content-type: image/webp
expires: Wed, 12 Jan 2022 06:59:30 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 24833
accept-ranges: bytes
cf-ray: 6cbc43435a577735-LHR
cf-bgj: imgq:85,h2pri

GET
H2 200 0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
assets.ad4m.at/product_image/ Frame FD9C 19 KB
19 KB 70ms
44ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=1aKs/g==, md5=nBaxji7Rcg1LrHhoV5P3TA==
date: Tue, 11 Jan 2022 06:59:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 476283
cf-polished: qual=85, origFmt=jpeg, origSize=84530
x-guploader-uploadid: ADPycdvwUFoizLUfLj-x_peYdvIDyOfQjgLfip3gJyTvXGFe8Wpd8ekO0UxxkFiO49tp83II9MPlnPr9uupgTT6j9Rud6rrWag
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19022
last-modified: Wed, 10 Nov 2021 15:00:52 GMT
server: cloudflare
etag: "9c16b18e2ed1720d4bac78685793f74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7FT0X96zDbUDyF9W9EraQy9IBAJd9TY67sf88eBoc53m6zQhFkGdc%2FUlas2%2BgPp1NEza4sTH1Vbo9oxlKHHVCDmJ9rbYbqyPtNZVvcXEzLcqFSwYqlOnpAuMIZ2Lh5MkSsunPvC68Ldtz5w"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636556452656256
content-type: image/webp
expires: Wed, 12 Jan 2022 06:59:30 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 84530
accept-ranges: bytes
cf-ray: 6cbc43435a4e7735-LHR
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

/
partner.blau.de/a/ Frame FD9C
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9oneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&g...
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9oneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_...
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022011107593061890455991X113752V1225131106MSoneidj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9oneid__asuidv68ACqoT...

49 B
1 KB

65ms
27ms

Image
image/gif

46.4.41.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022011107593061890455991X113752V1225131106MSoneidj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9oneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 46.4.41.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads2.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:30 GMT
X-NODEIP: 46.4.41.145
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html; charset=UTF-8
location: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022011107593061890455991X113752V1225131106MSoneidj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9oneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush
cache-control: no-store, no-cache, must-revalidate
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
assets.ad4m.at/logo/ Frame FD9C 6 KB
7 KB 70ms
44ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e992acf8af7de27497c44cca7f3758d64d10946bebd1b17319287c0d8f83b29c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=6d5z5w==, md5=vnImUageZAe9/YM5SlniMg==
date: Tue, 11 Jan 2022 06:59:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 472884
cf-polished: origFmt=png, origSize=15890
x-guploader-uploadid: ADPycduqmDWL3G4QrCWbPPE2xPj5lKFPl17LAKEfpFl-tf_1PDuJb16IuFT926XzmSzx-67s6EU2ai15g6lZF8V5qrBMLpfkQA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6208
last-modified: Thu, 16 Jul 2020 06:05:30 GMT
server: cloudflare
etag: "be722651a81e6407bdfd83394a59e232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u8%2BoYVb%2BwygWm5tieWquiQZmVWv%2FGFGyxH09QIszRJrnLWIfNanJZarrGQsI2vM%2FxoMW8uHaGIZDvaglQ8VMJmfrOyU3cLhKNBtqM55WlX29%2B2xV3ZVSPN%2F3Jwm8UdQfzKkQL89YwY9S6n2D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1594879530502671
content-type: image/webp
expires: Wed, 12 Jan 2022 06:59:30 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 15890
accept-ranges: bytes
cf-ray: 6cbc43435a507735-LHR
cf-bgj: imgq:85,h2pri

GET
H2 200 1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
assets.ad4m.at/product_image/ Frame FD9C 9 KB
9 KB 69ms
43ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C167497%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqx2KSYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEApdaPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=728&d=90&e=v68ACqoT4NGhAFy1TM29uT8ruhsqS2rk&g=e3f0f9a512a8a778cf3df7018899bca0%2F7936673106620456168&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1641884370302&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g8qeaa8gjw6rmgxq5kcgyh8z3gys4sqearg9jjz82tjhessyvwpw256ffqxswj8rta420zc4j9sb1rc6816j0hxh5qre254y3nayrjbwkh4d71js8kbbwk0t7qw1v87wdqdtq291vk89bs4ve909ddy3yfb5jrq48fmp94yw8f8fzv5g9pnccppprs28e8b9s0t4wj5bzht04qgmvy5rfpy8dn64rkqdrf9end8crswm6z74thzh0zfwh0xb84k936wjnmyhqghe3arhrxg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCusZ_0CrdYdneO4Sm7gSPrqXYD5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTI5Nzk1MzM5MDkzOTI1ODigAcKu6N0DyAEJqQKb6KDZvwSzPqgDAaoEwwFP0N7WKaG4wFe9_t-T3cGRc6ND5fyvbYZORLW6vTdazfHTZog5p1j_HJYYgLqW-ZQ0Vm3fHQ0DhK3UsaZLzBWa-FS8DwctshkzUOOSIhfug9lnALTrPDRCH2BvDR9ojz3WypCxNqzcgtD62bZ-yH1iJSeU90C6CqmvTSHVqVm4HYVkAQs45SDpYq3TAUQXSIfwyHjst4IlqwYD5Yi1IULc8OAG6-z2_oeR0hRLZdcnjCbivDkrvf9MPQO-tTU_-ScgeS2ABoKGjrL8sNmW-gGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0y-Pe8YzlcmgzdCmykFnM_PvynxQ%252526client%25253Dca-pub-2979533909392588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028565858aca93c3b487996eb5af450fa2671990023c0a38f485a16513d26013

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=z6IwRA==, md5=1A70ndCinKDnYB0bQF1NeA==
date: Tue, 11 Jan 2022 06:59:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2276948
cf-polished: qual=85, origFmt=jpeg, origSize=25987
x-guploader-uploadid: ADPycdvtjswnQf_48LyUYfM4evVEVDT26BBDBvki-GDqNr5IUVnoO2kCDJBxTeMaZ77Wd2qh3N8EH8ypvB_PDhDl5-7_d85Fsg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8886
last-modified: Thu, 17 Dec 2020 12:29:34 GMT
server: cloudflare
etag: "d40ef49dd0a29ca0e7601d1b405d4d78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjqvkE%2FdLRW%2FAyivgzUWAy0T1IuZZzYPjn5yeYNkGgmi%2BN3pM%2FRkQzaJlZGf87yOCri2jBiOHrikonEt4eiZeAgPm1ZoSbac6Swhnzl%2F7PRDqKB36E3IQpPg88Wt8pNJIneb07%2Fo1NFPWd8f"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1608208174589657
content-type: image/webp
expires: Wed, 12 Jan 2022 06:59:30 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 25987
accept-ranges: bytes
cf-ray: 6cbc43435a5d7735-LHR
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame FD9C 43 B
704 B 53ms
19ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2629118&v=19228&q=388274&r=412871&pv=1&pref3=oneid2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcgoneid__asuidv68ACqoT4NGhAFy1TM29uT8ruhsqS2rkasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 06:59:30 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

POST
H2 200 /
track.adform.net/csimpr/ Frame 6D56 35 B
478 B 21ms
21ms Ping
image/gif 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=51990272&csi=q2QPV7V4JVvsGbcnIqE_I-Q8VmRB2-5ki7Adx6ZWHcnZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900017.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900017.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10664246.js Show response
s1.adform.net/Banners/Elements/Files/160090/10664246/ Frame 5F91 3 KB
1 KB 20ms
19ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/10664246.js?ADFassetID=10664246&bv=258

Requested by

Host: zvonil.octo.net
URL: https://zvonil.octo.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

76bc65439527476ff569e109654703c1b782a2b232aef708e6f5bed590a9da76

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: W/"61b705c2-d05"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 1 KB
885 B 20ms
19ms Stylesheet
text/css 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/screen.css

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4879c5ca67a36e3c2c633557a3a3886ab14b5b6490fa9936acf0fd0abe892778

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: W/"61b705bc-567"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 8AB5 30 KB
13 KB 22ms
22ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:38 GMT
server: nginx
etag: W/"609e6e9a-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 117 B
413 B 22ms
21ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/introfill.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-75"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 117

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 12 KB
12 KB 24ms
23ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/stoerer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e5595db09650405bd6fe4cd28e4433abbbd694d6faa84292c353930bdad1a4d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-2e15"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 11797

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 11 KB
11 KB 26ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/text1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e6bcb09b72fe4af0a7025a07592c4d798c853a0bc53443bbfaeeb58dbaee58bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-2b14"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 11028

GET
H2 200 banderole.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 11 KB
11 KB 28ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/banderole.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

198ea6df487d503e09a019bc8e21eca1dd7487637b707551e99d51d4b8a6bd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-2c57"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 11351

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 4 KB
4 KB 28ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/disclaimer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

339b062715f0fa93bd4509bbd3c7ee6ebb3ce63ef1140c0dbf3aa8935b7aaf7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-fe3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4067

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 2 KB
3 KB 29ms
24ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/date.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

17a618c80f11a8110f4c1a8b195d9de7558162374ae39d796ae29ff9d037eccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-92c"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2348

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 2 KB
2 KB 29ms
25ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c7ad088d10fbd3b025673a12b355062745683bd32b37a41bb68d0492b45a7b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-7f3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2035

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 7 KB
7 KB 36ms
32ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/logostart.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

411c5cad0d24027c726e52a3903531a2c8348c845e6552932c7698e997a81405

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-1a64"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 6756

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 4 KB
4 KB 38ms
34ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/logo.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

77b3b2c53216ee57263fe847e0bd6f28ae2577a25c2ae00ab470dc164c769096

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-108f"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4239

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 26 KB
26 KB 40ms
37ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/model.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7106e3df7535b652c1dc1880f42055cc340ee3d5d5cf7c5b4a077a18dc73cbe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-67be"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 26558

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 12 KB
12 KB 43ms
41ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/background.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ee7cb715e2926a70863d23b71a288a4e6807b6ff7c3e2c51ac806081e2ff6919

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: "61b705bc-3047"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 12359

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 8AB5 38 KB
14 KB 53ms
23ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6444447
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0R%2FPH7ThTEanArnbZyVGa9A0s8bb7c7P%2BII4f%2Bqkn6NwaiR4ualbtqyx4%2BQqU88CO3OS1TzNzA3bXkioDehTiCIEtocKXjasZdF1gN50N8N8t4L3sTsPVxE8Zx6BAn2BxwxRkEcpHwXNhkVqXzlKHjMx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbc43438c1201f0-ZRH
expires: Sun, 01 Jan 2023 06:59:30 GMT

GET
H2 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 8AB5 5 KB
2 KB 63ms
33ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5750419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1730
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lABfDpEqXKZgwwz4ZKVTkYif%2BXxkO3idcUFQQMMW4pKoq3FsGtlgcmj7coi%2BhiaSkdURoqO1y0BNzoZIKs8SJ8hH0uyQo7Kl4sxUYnn6l4xAt5GwOgxarcHE2MEcVmVvNSj0dP8GFMZtfjjqM7%2BWXZsZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbc43438c1401f0-ZRH
expires: Sun, 01 Jan 2023 06:59:30 GMT

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 8AB5 26 KB
9 KB 56ms
26ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18201330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8578
cf-request-id: 0aaca61c2700000204b1291000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KST7C9QBPfuM0eMmOxLF8Fq%2BU%2FqfBb5wr8hQeR3UvkTBYFp2cNlYJB9xKLVfd9GfjNAlElN6w3c%2F3zlkQgC39UPZ4GwtXrsY75RXhuetNUXe1fS%2BiPR1f4VDorR269vLevtMxW99ErMv9k4m1iP4nvfn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbc43438c1501f0-ZRH
expires: Sun, 01 Jan 2023 06:59:30 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/ Frame 8AB5 7 KB
1 KB 43ms
42ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664243/bvpath_258/script.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

88810ce65ee55d7a60e833aa3fce057ba28d3a609f3504d6f66f0f77290d9334

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 08:35:08 GMT
server: nginx
etag: W/"61b705bc-1c0e"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 1 KB
882 B 25ms
21ms Stylesheet
text/css 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/screen.css

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5dd0641f0025e14d995c6a7471d2511350b9c565192b8c3abc61fea5bf66aae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: W/"61b705c2-592"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 5F91 30 KB
13 KB 27ms
21ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:38 GMT
server: nginx
etag: W/"609e6e9a-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 117 B
413 B 27ms
21ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/introfill.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-75"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 117

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 4 KB
4 KB 28ms
20ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/stoerer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

632dbf79906663d624f02e07c694aea26ea7af45d693cc1391dbbd679512e0f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-1011"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4113

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 10 KB
10 KB 28ms
21ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/text1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a82b045c2aa71326b582c74d15b9d82689efca88d14e46cd8e321e9660287fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-26cc"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 9932

GET
H2 200 text2.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 6 KB
6 KB 32ms
25ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/text2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

73eb8d310f0e297aec595be28406cedaf20e9243b8ac5fdcabd3139450f5d53f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-16ea"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 5866

GET
H2 200 text3.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 11 KB
11 KB 34ms
27ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/text3.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

597493b4a8767f74b1392b10e164426ffe9c11949b209bfecb3596a03ad00e09

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-2a2b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 10795

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 1 KB
1 KB 34ms
27ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/disclaimer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

298a49884af0d3488fc30e1d88878c7dbe1c0a07d17f6d9d64a15f854cc6cd78

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-4cf"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1231

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 3 KB
3 KB 34ms
27ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/date.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d6fbd38cd1037972c8b71653774269498b81ebd46a6cb052ec46c0af5fd35574

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-ac2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2754

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 3 KB
3 KB 34ms
28ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6f78bec1015a5b25f2263da8aa6e317d894f766d9c2e20071f894c5c5040e12e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-a3b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2619

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 4 KB
4 KB 34ms
27ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/logostart.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8801fd6b018fa8b0c6fa01c0e7838c184b64df6557c97baeb0d9041bdf657083

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-ea3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3747

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 4 KB
4 KB 34ms
27ms Image
image/png 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/logo.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d0a0a94ad4f9c90d139c619d2d4db0ee85d63b39d7c856f127d432467b7b365d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-ea5"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 3749

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 13 KB
13 KB 36ms
30ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/model.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

26bdaebea407151b3bbb30c8a02532e98c89037df9a680e9032df7852b5314bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-32e4"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 13028

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 10 KB
11 KB 36ms
30ms Image
image/jpeg 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/background.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

afad10f04c603ef14423164cd17a6f8e8c408d193c64d54a43cfa71f0a771031

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: "61b705c2-2906"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 10502

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 5F91 38 KB
14 KB 35ms
28ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6444447
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5DXUOR%2FlEF0fJr%2FSI0NB4nX4vKJv3ljKNrVUMEr0n%2BYO59H1LJZIcruz4BQkPXYVS3OSL9UqIHc0qPB32Wp5SQTtqgJ9QFaWZYqmT7W8zuWxK%2Bh4JTlmczAsWlkzh47rF99ZMS4YbTzOHLEdQu5fUbjl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbc43438c1601f0-ZRH
expires: Sun, 01 Jan 2023 06:59:30 GMT

GET
H2 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 5F91 5 KB
2 KB 34ms
27ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5750419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1730
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2wtzHURMtDpvAlKtPl99vf1ejcUWrk0g%2FZ9ifGFbn8lIZCfu2ISKklAe3T1PN%2BRQZGe6eECtK37hrl5jL%2FqDWFlKwUWslx2ay0WZqpXdKLo5Nnw6Q7v9r%2B9bJtZIEbVsg%2BJk6htfaWwvqOnHLQUytqc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbc43438c1801f0-ZRH
expires: Sun, 01 Jan 2023 06:59:30 GMT

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 5F91 26 KB
9 KB 31ms
24ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18201330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8578
cf-request-id: 0aaca61c2700000204b1291000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRMoWixHONqwdl6SVLqJOgdgfHezUSjO2GTvyeEXqZNQVlgOiBlwsdu9X%2FOh3zPt1XYdjwYH2chU%2Fkh6BWQvYptltlx04EdM8rVsFR0aFv3afpFmJd14DmXbM9zHsAsRo4XCSmceDxiDTtFNocpEhfv0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbc43438c1701f0-ZRH
expires: Sun, 01 Jan 2023 06:59:30 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/ Frame 5F91 9 KB
2 KB 32ms
26ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10664246/bvpath_258/script.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.215/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

569c71881c897bad458436a2c033ade9c9b56a3bba344f02eb2c9e6cd4317093

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 08:35:14 GMT
server: nginx
etag: W/"61b705c2-2296"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DF25 42 B
64 B 88ms
87ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstqCnWXG3EsnXRSS6efni-JkdwR1psHl7MdoMfZzTYpIDD-bxB7pphNH7u7gv6-l7mQSdXwRtvPC_cMym29uufq_Q&sig=Cg0ArKJSzIcp8S1bc7vFEAE&cid=CAASF-RodZylip--066hAwT4RUv0AOJVQ3CR&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20220110&bin=7&avms=nio&bs=0,0&mc=0.74&if=1&app=0&itpl=20&adk=2342716466&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1641884368252&rpt=672&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 50ms
50ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220106&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3a6447f6d360ef55c2f450d0496dc2f8cc763bb187f3653215ecf2ebae0466d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8698
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 68ms
63ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 06:59:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jan 2022 06:59:30 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CB55 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 10 Jan 2022 19:17:35 GMT
expires: Tue, 10 Jan 2023 19:17:35 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5265 783 B
535 B 48ms
47ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9a4d5d689fc3f2a7a08689f56bf460a29439d7b6cbbd05d3a4f545c5b2a44c67

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1HIJAMdCVHNtUF/BJt0PEQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 11 Jan 2022 06:59:30 GMT
date: Tue, 11 Jan 2022 06:59:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-1HIJAMdCVHNtUF/BJt0PEQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5265 0
0 60ms
60ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220106&jk=217545841997741&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js Show response
pagead2.googlesyndication.com/bg/ Frame CB55 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 19:20:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 19:20:25 GMT

GET generate_204
tpc.googlesyndication.com/ Frame CB55 0
0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F684 42 B
64 B 69ms
69ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1pp08RHcfR2EdWdxfV32pRHEdY5f4R9o0Cco9DACniJlJ08bVrzTpLbW5RevwyhRcaMEszYYkeBNdS9UI1CH2iA&sig=Cg0ArKJSzNgXXw9-2yhmEAE&cid=CAASF-Ro57Y5eL-ghMAsC2gRQ2dKnv_DgHTE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2715274491&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1641884368242&rpt=1062&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 72ms
72ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220106&jk=217545841997741&bg=!eHulez_NAAbDtiZlw7Y7ACkAdvg8WhAWn-b7cePijqwK--PR5YENSzpz1558XW82tjecgOkUy3kxMgIAAABzUgAAAApoAQcKAKDPOS8LuHP2r5XkDw3RHTPMzgrk5l3YkwRtVk44RKDpkqell_tJILF74A2k5X13J2w0UYxhpiQwO3m-ScGFaeywQkxflRfZwTI1RMaLPwJbIvn5J6eaUf7Sk2zR8ilaIgH0ouolsQRbLjsn5jDRGrJkvF5VESOvvO94c4k0V4ZrvoAjoTUulLOGH8HUuX2GcScOJUuVnW5hJ9Ppb8M03qE9mQKIg2zRJ2shXGQip8EPgnEdbeZddz51QDk8VY2JXld8AaApqvWeGm9AgiektH4t7rCsl12vDFXP9qrFdPF6AXI3TTtM0tkk50bQrSSGilDZQvs3CJ2VNPGP886Gd5diKVYP6r8Z_o3amxvsg7DRQIJhF0rRwpJfmA4taIoF1sOBw_aSeMErJb06XUZObtsA83CAjtC9zDdaa9tSc48YpPdc2lyp0-CbEC_LEUOQv0nQ-ULFsJRnIoE7bzRz_CLQr0QvF9zB2WWg8cMaGq_uFDxqrDVD4H2Ts6JzOBXTz-vooAGNLIVc36xVcxxXaATGjbMmJtdhltEriVtgno6ahL2SnDT1BsQJMXbUvnCP6zZjxKuZjhxbaUgyVHhzyv5dC2RaYiojJlzyfiSDlMJ637CMcY5kgeexVFWlW9CM8tB18a8Z_hIyj9sjASLqs17DA7VBUvMOHrhY9ly84Q2fL16P_WEDd20j6uTg5691ZVVkZ8Q-xmoklIrJn1xYGp7DoXR8sw1IGShIRECC6-uhq_qkLUaIckb2LkxpCBq5aqW6HhC1MHW0nueQuxCfpIvpSlw65QV-qDTHa8yqa9XyC9St0Ewiy0fBt8WkuVPJ7rpqGDg_fEor-hE4HGP_7Xr0izio1UZjHcEGjcmp-urSK3X5rh-5715EMbEGYEBdZB1rYgLSlTZn6Y-ENAp7Mbw1tTOLnvkSTMWvnKa-w7IUPYKtFUFWDo_8bJz2JXQWOZvK543E-QDMhs4ZSIxNKjvoTLtfKj1blsEYl9rpf2WEXffl_jXeIV3G-AIsn-MfAb9EQtyZlOAvGIie5qHaJcExUYCHsStzI4tZP7J2jLdT7Kw3kHVu_NmuIQBk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zvonil.octo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 06:59:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 6D56 0
150 B 34ms
12ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=90674000051661303891606011836017&a=a2eefa62&vb=v
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=90674000051661303891606011836017&a=20cf4f29
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 06:59:31 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 /
track.adform.net/serving/unload/ Frame 6D56 35 B
478 B 21ms
21ms Ping
image/gif 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=0@@51990272,1285144058836692505,100|1180|0|0|0|0|0|0|0||40|1|||||1|0|0|W7jFBcSuDDTi5nP9TebYOumn3tQYot-A0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS