winzoro.net Open in urlscan Pro
194.67.68.223 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://winzoro.net/
Effective URL:
https://winzoro.net/
Submission: On January 13 via api (January 13th 2024, 8:30:29 pm UTC) from US — Scanned from DE

Summary HTTP 190 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 31 IPs in 7 countries across 27 domains to perform 190 HTTP transactions. The main IP is 194.67.68.223, located in Russian Federation and belongs to AS-REG, RU. The main domain is winzoro.net.
TLS certificate: Issued by R3 on January 3rd 2024. Valid for: 3 months.

This is the only time winzoro.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 33	194.67.68.223 194.67.68.223	197695 (AS-REG) (AS-REG)
7	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700:e2:... 2606:4700:e2::ac40:8d0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:6b8:a::a 2a02:6b8:a::a	13238 (YANDEX) (YANDEX)
1 39	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5 16	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1 2	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
8	2a02:6b8:20::215 2a02:6b8:20::215	13238 (YANDEX) (YANDEX)
24	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3 8	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2 4	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
2 5	2a02:26f0:350... 2a02:26f0:3500:1b::1724:a38c	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1 3	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1 2	34.251.209.93 34.251.209.93	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
1 1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
3	2600:9000:243... 2600:9000:243d:2000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2600:1f13:800... 2600:1f13:800:7781:527c:d3a1:ca7a:f29f	16509 (AMAZON-02) (AMAZON-02)
190	31

33 194.67.68.223 (Russian Federation) 1 redirects

ASN197695 (AS-REG, RU)
PTR: 194-67-68-223.cloudvps.regruhosting.ru

winzoro.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e2::ac40:8d0d (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8:a::a (Russian Federation)

ASN13238 (YANDEX, RU)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:6b8::1:119 (Russian Federation) 5 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.204 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8:20::215 (Russian Federation)

ASN13238 (YANDEX, RU)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adsdk.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.181.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.123 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:1b::1724:a38c (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.211.84 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ams3-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.251.209.93 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-209-93.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.233 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:243d:2000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f13:800:7781:527c:d3a1:ca7a:f29f (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	553 KB
33	winzoro.net 1 redirects winzoro.net	1 MB
23	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	204 KB
13	yandex.com 4 redirects mc.yandex.com — Cisco Umbrella Rank: 8747	4 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1004 static.adsafeprotected.com — Cisco Umbrella Rank: 721 dt.adsafeprotected.com — Cisco Umbrella Rank: 719	106 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	101 KB
8	adnxs.com 2 redirects cdn.adnxs.com — Cisco Umbrella Rank: 1783 ib.adnxs.com — Cisco Umbrella Rank: 253 ams3-ib.adnxs.com — Cisco Umbrella Rank: 6829	33 KB
8	yastatic.net yastatic.net — Cisco Umbrella Rank: 6536	210 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	764 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	5 KB
6	yandex.ru 1 redirects yandex.ru — Cisco Umbrella Rank: 2180 mc.yandex.ru — Cisco Umbrella Rank: 3982	169 KB
5	bing.com 2 redirects www.bing.com — Cisco Umbrella Rank: 53	14 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	324 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	3 KB
4	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 971	150 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 583	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 874 s.tribalfusion.com — Cisco Umbrella Rank: 2405	1 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 11938	1 KB
1	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 727	571 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 707	387 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1872	173 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 53518	611 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3445	104 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	463 B
1	microsoft.com adsdk.microsoft.com — Cisco Umbrella Rank: 4271	38 KB
190	27

	Domain	Requested by
33	winzoro.net	1 redirects winzoro.net
26	pagead2.googlesyndication.com	winzoro.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
24	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net winzoro.net tpc.googlesyndication.com
13	mc.yandex.com	4 redirects winzoro.net mc.yandex.ru
13	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com winzoro.net googleads.g.doubleclick.net
10	s0.2mdn.net	winzoro.net s0.2mdn.net googleads.g.doubleclick.net
8	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
8	yastatic.net	yandex.ru
7	dt.adsafeprotected.com	googleads.g.doubleclick.net
7	fonts.googleapis.com	winzoro.net pagead2.googlesyndication.com googleads.g.doubleclick.net
5	www.bing.com	2 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	winzoro.net googleads.g.doubleclick.net
4	ams3-ib.adnxs.com	googleads.g.doubleclick.net cdn.adnxs.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
4	use.fontawesome.com	winzoro.net use.fontawesome.com
3	static.adsafeprotected.com	fw.adsafeprotected.com googleads.g.doubleclick.net
3	www.google.com	1 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	mc.yandex.ru	1 redirects winzoro.net
3	fonts.gstatic.com	fonts.googleapis.com
3	yandex.ru	winzoro.net yandex.ru
2	googleads4.g.doubleclick.net	winzoro.net
2	www.googleadservices.com
2	c1.adform.net	2 redirects
2	fw.adsafeprotected.com	1 redirects winzoro.net
2	counter.yadro.ru	1 redirects winzoro.net
1	tags.bluekai.com	googleads.g.doubleclick.net
1	onetag-sys.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	cdn.adnxs.com	winzoro.net
1	adsdk.microsoft.com	winzoro.net
190	37

This site contains links to these domains. Also see Links.

Domain
oauth.vk.com
www.facebook.com
www.liveinternet.ru
vk.com
vsthemes.org
7themes.su

Subject Issuer	Validity	Valid
winzoro.net R3	`2024-01-03` - `2024-04-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-10-26` - `2024-04-24`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-12-26` - `2024-06-05`	5 months	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-12-20` - `2024-07-21`	7 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
adsdk.microsoft.com Microsoft Azure RSA TLS Issuing CA 03	`2024-01-08` - `2024-07-06`	6 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
r.bing.com Microsoft Azure ECC TLS Issuing CA 05	`2023-10-18` - `2024-06-27`	8 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-11` - `2024-12-11`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://winzoro.net/
Frame ID: E9C68CFDDB55A218C403CA6AD6DE379A
Requests: 77 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/zrt_lookup_fy2021.html
Frame ID: 14275B504156A68C39C80BC9F03036DA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&adk=1812271804&adf=3025194257&lmt=1705177824&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_l%7C188x810_r&format=0x0&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177824517&bpp=2&bdt=408&idt=337&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6897414945557&frm=20&pv=2&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=354
Frame ID: 5E4F6354CE5CF6D2A81FBD195ADB5EBB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Frame ID: 2EE93A3DBE541BD724B4BECB04EAD871
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Frame ID: 246DDB284A4408B486194951FDE4183F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4AA27C1C9B9ADAE16DA0CD13AD43F011
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 5A0C14335102CA5F04331B3F8290FE58
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C0DB229D84B4CA4F41010C2E2C4ABB63
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 6B9CE262196307559832325D98835C62
Requests: 1 HTTP requests in this frame

Frame: https://adsdk.microsoft.com/native-to-display/sdk.js
Frame ID: 30BB5A0F014E28CD2457D3053DEC0AD7
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGOarnYICMAE&v=APEucNWC0T5u0QkXkSVgEHrNBZ1hRFUrUrb-QRAaV4RQxWz4iZecNWaJeZ75quO0EhBrS6560PR2lyu726kC-6jFFbj_yP3qgZgpTtWSFf3zT8GdJp8Mr0d7LBsY514xCC3d9Jpfro9_7yfHfhnuqB2rqH-jxpdJMriWwNaKW-mu2ctgF-S-EdU
Frame ID: 3FB3746FF0A138432A0B4483307241D3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: EDE7F07746B5F8F9737877E0CDB78F8F
Requests: 28 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: 63FEA008B57EC2AD2044AEDA4BD77733
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B2E3E90CDF650DEF376F70DA484E9784
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7280784C3DC3DF23EFD94868E7DBBD3E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 30696474D17AFD4586DCA2EF88638CBC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5EE621A7E39AA7266B04F9356A006959
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: CB90D0959A1DA8B892D0CF6AD8F8A60E
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: E3D2A7921A72C258FDF6CFBE6F8107A0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: B6EFE02265AC5093FE13C3A8F98CC063
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: EC5FBA113E6FE398DE549B7F195BB861
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
Frame ID: F1DD26499ABA14F5E43DFC329AAFD2D7
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6643C1D34FFD7A9AB109C11BF306D305
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Оформление интерфейса рабочего стола windows 11/10/8/7/XP

Page URL History Show full URLs

http://winzoro.net/ HTTP 301
https://winzoro.net/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

190
Requests

91 %
HTTPS

58 %
IPv6

27
Domains

37
Subdomains

31
IPs

7
Countries

4069 kB
Transfer

8256 kB
Size

46
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://oauth.vk.com/authorize?client_id=3469268&redirect_uri=https%3A%2F%2Fwinzoro.net%2Findex.php%3Fdo%3Dauth-social%26provider%3Dvk&scope=offline%2Cemail&state=ed8c22c496a793bd895282ef09a148e2&response_type=code&v=5.90
Title: Вконтакте

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/oauth?client_id=405359266316555&redirect_uri=https%3A%2F%2Fwinzoro.net%2Findex.php%3Fdo%3Dauth-social%26provider%3Dfc&scope=public_profile%2Cemail&display=popup&state=ed8c22c496a793bd895282ef09a148e2&response_type=code
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

URL: https://vk.com/winzoro

Search URL Search Domain Scan URL

URL: https://vsthemes.org/
Title: VSThemes.org

Search URL Search Domain Scan URL

URL: http://7themes.su/
Title: 7themes.su

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://winzoro.net/ HTTP 301
https://winzoro.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://counter.yadro.ru/hit?t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.5822443461710589 HTTP 302
https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.5822443461710589

Request Chain 53

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10247.XT3yeB3KIE8xAAlIWJYGz8rKbknstwr-9gSJTDywHoU0neVlgXq2HkwrXMYLjjXo.fZxqatpc_qWdq4KYrkqnZOu5maI%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10247.FQ24H-woCrBd39vs_mpK3VbX7s9DQdl7mHPeuYv1rF0kQS97F9uTngDeU3x7SnlVdOF3Tjaojfl_Dwe4DmW-3c68PU4ICo1vDvjvgj0KoydjyVFDnj6DfMsRBb3beTbnbximkIXHGem1R1x1ir_8VkcK_wz0ISM74jNIfZVniy73jHkurSnjj7sXhQNAt85sEdtQHipwAqrm9n_lHysKqkGAy4bivHkiBpeMMhYp_-g%2C.0bhVZqgLWLKW47AConXnA4JM7fM%2C HTTP 302
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10247.prGwNf_fZRdmrZ60d39qbqa-IbcePXO5xYgUaenDGEf6DQnl-qHP2CWbyXZt06XBOTtC05lEyMrNlC44KcUD-zdOUlZ_BjE8NFK5jkYR7ui_j4K_CNoTqOVvJBonWOrID10h3lziNBujvDF3rGV15PrGyQPsKcRdetagw6V-D9GfeQ7oVvMctg-638aiKZDZgDinNE62AxeB4Zh3yzHPMQ%2C%2C.Wc9hGTJYZDTuZmmUwXfcy7z7VbA%2C

Request Chain 55

https://mc.yandex.com/watch/294956?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A2%3Adp%3A1%3Als%3A472052775772%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A490540034%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc(p-1)clc(0-0-0)lt(7800)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A2%3Adp%3A1%3Als%3A472052775772%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A490540034%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc%28p-1%29clc%280-0-0%29lt%287800%29aw%281%29rcm%281%29ti%281%29

Request Chain 56

https://mc.yandex.com/watch/9377854?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A1%3Adp%3A0%3Als%3A413573535997%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A514999624%3Arqn%3A1%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C111%2C2%2C100%2C0%2C%2C428%2C6%2C%2C%2C%2C748%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Afp%3A497%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A1%3Adp%3A0%3Als%3A413573535997%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A514999624%3Arqn%3A1%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C111%2C2%2C100%2C0%2C%2C428%2C6%2C%2C%2C%2C748%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Afp%3A497%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1

Request Chain 109

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaLy4XPGMtHMRa4pxCaewQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG7tsijtLQ82hDl9nd7Klak&google_cver=1

Request Chain 111

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM5NjcwNzQwNjE3NDA1NTE4MQ%3D%3D

Request Chain 112

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=3b6910c6-5a5e-4f6f-84fd-ec507bad4ad2&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=da1d5f3e-281f-47ce-aa8c-819554e6a247&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3D23d4720c7b8e407990373e322b111f36%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=7965948&trafficGroup=knaqe_3c&trafficSubGroup=erfreir&aid=7624900472311954308 HTTP 303
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=23d4720c7b8e407990373e322b111f36&SNR=1&GV=2&med=10

Request Chain 131

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 140

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJSgZBIBmvrhqTRxWyJGqBQ&google_cver=1&google_push=AXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSgZBIBmvrhqTRxWyJGqBQ&google_cver=1&google_push=AXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 141

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAOgqJ7GXJLjypexl49sGhA&google_cver=1&google_push=AXcoOmSJYEPQ_UBl2wpakhOBlviFOFxX27jURXeUhBQRDQDKbg217PDNgDeclr7jxNNVzw3bEQbteI0d1qQ9uGTzLDlbT2tuBHi8wic HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSJYEPQ_UBl2wpakhOBlviFOFxX27jURXeUhBQRDQDKbg217PDNgDeclr7jxNNVzw3bEQbteI0d1qQ9uGTzLDlbT2tuBHi8wic&google_hm=7VfvFPtcTAe-K9HQKMXXLoY

Request Chain 143

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEA4CHd2C8-fQUZ_bJcEM8fk&google_cver=1&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IMi48tF2o-RcJG4_PQwcYFLPE HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEA4CHd2C8-fQUZ_bJcEM8fk&google_cver=1&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IMi48tF2o-RcJG4_PQwcYFLPE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgzNDM5NTExMDYzNDg5ODMy&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IMi48tF2o-RcJG4_PQwcYFLPE

Request Chain 144

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELaqwJhzDJvLK4HbJ3IpkpE&google_cver=1&google_push=AXcoOmSowcx7V-Qrz_1J-J-Ql2K6Y8S5q-4JZjJxlmjzjn5IsYUwplv1f0g2crRA560hVPqC04MGDYTMouOGb36JAYmlLAgCo6se3w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSowcx7V-Qrz_1J-J-Ql2K6Y8S5q-4JZjJxlmjzjn5IsYUwplv1f0g2crRA560hVPqC04MGDYTMouOGb36JAYmlLAgCo6se3w

Request Chain 156

https://googleads.g.doubleclick.net/pagead/adview?ai=C24fy4fKiZfjiJ5bB1fAP8oSC6AfMj86zdMrjnujxEbCQHxABIOOQ1RFgleKQgqAHoAH34pu0KMgBAqgDAcgDyQSqBMMBT9DCPe9BnvdMTyi4MqVQV2nG_MWTtR_wwXD0aFCnI37xPNBcBLuOOYHXv4lKg6Sfagk5DPNhIqHLlaEeZ-9aqBvTYkNVPB3dqvpPPnT8vJTXjCxZ0XCOR6WeDj_zrBZTw2vfW5vg5RnUkhnvl2aw_kPLf-h2mzK6bBLZ5p3tnqc6siFYX8QFpXa4_qKoR0uN7l7_IcHuGNWsYEtL3Srr5M6Gq-Gmxsy_jPD9cKjKJvnaSb0q4wSzZCQZPbDlXKxOYhTIwATwot6pogSIBZ3NgI5EkgUECAQYAZIFBAgFGASgBgKAB_ea7JMDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ0tMF0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljuss60mtuDA5oJPWh0dHBzOi8vZnJlZS53ZWJjb21wYW5pb24uY29tL21pbmltZS9kZS8_Y2FtcGFpZ249MTgyODI5ODEwMjGACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNDM3OTM1Mzg0MDU5OTYzMxgAshgFGAIiAQA&sigh=ncBIfMpdZag&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_EVN6q8QmD8VjMR0LrzhqE3Dz7EPEwI1O6qGNLQ_Nj5aRTtoCOhJVzI-bADRJ4tU3NEP0SYQRGAE&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212780750324979679978%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223477947903635351313%22}&andc=true

Request Chain 163

https://fw.adsafeprotected.com/rfw/st/1898970/77442773/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4379353840599633&ias_chanId=1&ias_placementId=20903658371&bidurl=https://winzoro.net/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jU4fb-noNF-zsZPxsY4dw4&adsafe_url=https%3A%2F%2Fwinzoro.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&adsafe_type=be&adsafe_jsinfo=,id:9c13727a-7f5a-61d5-eff1-0480a4622d9a,c:1dpbdf,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7b546d5668-lbtck,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:145,mot:0,app:0,maw:0,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:158,oid:959cafa7-b252-11ee-851e-fa762a69d2cd,v:19.8.473,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?ias_xappb=

Request Chain 183

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=3b6910c6-5a5e-4f6f-84fd-ec507bad4ad2&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=da1d5f3e-281f-47ce-aa8c-819554e6a247&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3D23d4720c7b8e407990373e322b111f36%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=7965948&trafficGroup=knaqe_3c&trafficSubGroup=erfreir&aid=7624900472311954308 HTTP 303
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=23d4720c7b8e407990373e322b111f36&tids=15000&med=10

190 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
winzoro.net/
Redirect Chain

http://winzoro.net/
https://winzoro.net/

69 KB
13 KB

206ms
112ms

Document
text/html

194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

b2a19e48b1d64482b90942e9d5f95002bd146b1ea5e08742e4b582a3b1770df9

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 13 Jan 2024 20:30:24 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: same-origin same-origin
server: nginx
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies: master-only master-only
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Sat, 13 Jan 2024 20:30:23 GMT
Location: https://winzoro.net/
Referrer-Policy: same-origin
Server: nginx
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 171ms
60ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Exo+2:300,400,500,700&subset=cyrillic

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1f753192dcf35c9feebe309f936821c36a397a993388b992158458c505fe386a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 20:30:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:24 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.2.0/css/ 46 KB
10 KB 32ms
16ms Stylesheet
text/css 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 48200
etag: W/"20a9ce516eaea76da29a23adc43e8998"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFbq0sR%2B9OP4TjlRvVK4ozBnNEbKtcL6FRA8vcfCK3hP%2FBoxG4K6F7DiPzJRFJUGqTfF2kUK6STHTRXmxEloCq9kOOJ91BXrd60%2FuFwDJU60jHLEM%2F1IOip2l6Oy4xkpm8uhEIYPxH%2FbRAeLpFB5QGL0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 84506598cae718b7-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 engine.css
winzoro.net/templates/alliline/assets/min/ 24 KB
5 KB 97ms
97ms Stylesheet
text/css 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/assets/min/engine.css?1697072480
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 9ffef098b884c7af804c3cdc2ef744a2d3837a7fa303d317a2002cc7629463ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-60e0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.css
winzoro.net/templates/alliline/assets/min/ 31 KB
7 KB 99ms
98ms Stylesheet
text/css 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/assets/min/styles.css?1697072480
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 3fed9e40fb165dcb840e9b2965ce16e1842a6e83aaddaf06214605437a414314

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-7bbd"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo.png
winzoro.net/templates/alliline/dleimages/ 27 KB
27 KB 100ms
100ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/templates/alliline/dleimages/logo.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 9b67e1e53d9fe07a1569190b3c25ae4ab4d57a49b2515d30c20d32a6689683bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-6b12"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 noavatar.png
winzoro.net/templates/alliline/dleimages/ 572 B
785 B 140ms
140ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/templates/alliline/dleimages/noavatar.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f99a2c60ac365f5cebd3b520372c07dac909708e0fb5f8848a0a967c7fc0b98e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-23c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 342 KB
97 KB 166ms
68ms Script
text/javascript 2a02:6b8:a::a
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

144eaca90f0eb38009892ae28e4de4ce2cc0296c513dc627534c17ed6345bce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1705177824233486-9029778511635456553-balancer-l7leveler-kubr-yp-sas-55-BAL-2680
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Jan 2024 21:30:24 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 213ms
101ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4379353840599633

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

390c15beb4150f68770dc1eaa5a6e0e9c3f7272ea2baf16fdf7c6dbf2dcacad7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51172
x-xss-protection: 0
server: cafe
etag: 6656512064887353295
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sat, 13 Jan 2024 20:30:24 GMT

GET
H2 200 2b_-_nier_automata_4k_preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 57 KB
57 KB 140ms
135ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/2b_-_nier_automata_4k_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 595cd9a2de22651074274868eb8c71804fee5e4891463be8e8a6a33de3a0d2e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Fri, 12 Jan 2024 15:03:38 GMT
server: nginx
etag: W/"65a154ca-e328"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dark_fish_pond_4k_preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 24 KB
25 KB 249ms
245ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/dark_fish_pond_4k_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 9ee749cd4c320fd306a4869f045b68c53a2fc40fcadc308512a1d30089ae2269

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Fri, 12 Jan 2024 14:54:48 GMT
server: nginx
etag: W/"65a152b8-6198"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lotus-garden-by-night_preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 107 KB
108 KB 250ms
245ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/lotus-garden-by-night_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: c1e84e77886cb0b49a993754cd2e047fb2c7193666b0eae4a0438446d52944bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Tue, 09 Jan 2024 11:28:59 GMT
server: nginx
etag: W/"659d2dfb-1acd8"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 a-dark-empty-street-dark-blue-digital_preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 118 KB
118 KB 249ms
245ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/a-dark-empty-street-dark-blue-digital_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f48c347e022b097c3b3b58b10839018a1968a5d05dfd4236235ad9730a8b112d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Mon, 08 Jan 2024 15:45:18 GMT
server: nginx
etag: W/"659c188e-1d71f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 screenshot_nohesi_bmw_m2_f87_arrabassada_7-0-124-6-57-3.png
winzoro.net/uploads/posts/2024-01/thumbs/ 91 KB
90 KB 249ms
246ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/screenshot_nohesi_bmw_m2_f87_arrabassada_7-0-124-6-57-3.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 918c8cb2ac249970d3010f76893a171cf37933e1344100f96391a12ca2a6f22f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Sun, 07 Jan 2024 03:57:38 GMT
server: nginx
etag: W/"659a2132-16af3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 69 KB
69 KB 249ms
246ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: ff76f7951ae4fc055896e75a07b9148e6fb51513b64f903937e23cccf06ae816

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Sat, 06 Jan 2024 13:28:48 GMT
server: nginx
etag: W/"65995590-11520"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 base-profile-screenshot-2024_01_05-22_50_47_33.png
winzoro.net/uploads/posts/2024-01/thumbs/ 102 KB
102 KB 249ms
246ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/base-profile-screenshot-2024_01_05-22_50_47_33.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 64c71c617264d56f971998d75c816080bb63ec6fbd3018dc1a5f27122be12368

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Fri, 05 Jan 2024 16:51:06 GMT
server: nginx
etag: W/"6598337a-1967c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 short-hair-anime-girl-in-rainy-night_preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 101 KB
102 KB 249ms
246ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/short-hair-anime-girl-in-rainy-night_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: ae57576f0a8f95a874f7f6ff3ff57afb08c7be35dbb0d54309d77723c2ad25b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Fri, 05 Jan 2024 12:44:39 GMT
server: nginx
etag: W/"6597f9b7-195e1"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tokyo-night-cute-girl-ultrawide_preview.png
winzoro.net/uploads/posts/2024-01/thumbs/ 140 KB
140 KB 250ms
247ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2024-01/thumbs/tokyo-night-cute-girl-ultrawide_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: cddc656948ccc3c6b14b73ab94b4b9e268f6dd59c18836522402eb4866d07b61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Wed, 03 Jan 2024 19:27:36 GMT
server: nginx
etag: W/"6595b528-22ec2"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1490788171_luchshie-temy-dlya-windows-7-2015.jpg
winzoro.net/uploads/posts/2017-03/thumbs/ 11 KB
11 KB 250ms
247ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2017-03/thumbs/1490788171_luchshie-temy-dlya-windows-7-2015.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 53ceacc2aac8cea5abbb9ded4b8b408ffecf8d663688a4040f9a995005511d58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:10 GMT
server: nginx
etag: W/"652746fa-2c7c"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1320232974_3206.jpg
winzoro.net/uploads/posts/2011-11/thumbs/ 7 KB
7 KB 250ms
247ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2011-11/thumbs/1320232974_3206.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 34f5640f8d12e4c7093f5ff4b9e97c58e7b60e933bcfdc55d9599c25e45de06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:09:55 GMT
server: nginx
etag: W/"65274763-1bc7"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1679045042_rezero_preview.jpg
winzoro.net/uploads/posts/2023-03/thumbs/ 17 KB
17 KB 250ms
247ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-03/thumbs/1679045042_rezero_preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: bb9862636f090c8c16734d3cbd2980e6a4a9ad253d8c3f0c189cf003e65edb6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:09:33 GMT
server: nginx
etag: W/"6527474d-44e2"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1321617453_3238.jpg
winzoro.net/uploads/posts/2011-12/thumbs/ 12 KB
12 KB 250ms
247ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2011-12/thumbs/1321617453_3238.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 2599f936c72270127820233448053eefd3d8d98d988d409edbb63284d1dad9a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:09:19 GMT
server: nginx
etag: W/"6527473f-2ffb"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1551902896_retro-winrar-theme-preview.jpg
winzoro.net/uploads/posts/2019-03/thumbs/ 22 KB
22 KB 250ms
248ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2019-03/thumbs/1551902896_retro-winrar-theme-preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f82f46e38db02a449bea635ab766c498642bb5040573fb3d7743f5241fe976b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:09:35 GMT
server: nginx
etag: W/"6527474f-5809"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1322840331_1898.jpg
winzoro.net/uploads/posts/2011-12/thumbs/ 15 KB
15 KB 250ms
248ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2011-12/thumbs/1322840331_1898.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 2c4340f1a944564d501c74e39a4098d11df9a01380ab232d522c14c5d9e3859d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:09:17 GMT
server: nginx
etag: W/"6527473d-3ad6"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-135.webp
winzoro.net/uploads/posts/2023-09/thumbs/ 11 KB
12 KB 250ms
248ms Image
image/webp 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-09/thumbs/snimok-jekrana-135.webp
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 138313ba91a77c618c029500c84ae2867deb4eb88560b177941c913fa5e9917b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
last-modified: Thu, 12 Oct 2023 01:08:19 GMT
server: nginx
etag: "65274703-2d2c"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 11564
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 preview.png
winzoro.net/uploads/posts/2023-11/thumbs/ 119 KB
119 KB 250ms
248ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: d18f91781d6892fc24796d9253c6b82869799d2995b7ebdf90b835877df718ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Tue, 21 Nov 2023 16:23:26 GMT
server: nginx
etag: W/"655cd97e-1daeb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1691583879_texas-cyberpunk-city-street-arknights_preview.jpg
winzoro.net/uploads/posts/2023-08/thumbs/ 13 KB
13 KB 250ms
248ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-08/thumbs/1691583879_texas-cyberpunk-city-street-arknights_preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: b306ba1af362db6ca00b654c6ddf9c3c84a448bacaf741277e525c782db9f336

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:45 GMT
server: nginx
etag: W/"6527471d-3563"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-144.png
winzoro.net/uploads/posts/2023-11/thumbs/ 136 KB
136 KB 250ms
249ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-144.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 92a198bd1a2c8dec4aebbef1fe41a1219a0dd5061bf57ec3ca53773bc3169c6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Wed, 01 Nov 2023 17:26:46 GMT
server: nginx
etag: W/"65428a56-21f6f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1693025324_preview.jpg
winzoro.net/uploads/posts/2023-08/thumbs/ 10 KB
10 KB 250ms
249ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-08/thumbs/1693025324_preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 39fe29cf7b41b3c265736d9c0a69cc6986ca78ccc31fdec26b8e25fba2cf2d99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:45 GMT
server: nginx
etag: W/"6527471d-2613"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1689924976_snimok-jekrana-134.png
winzoro.net/uploads/posts/2023-07/thumbs/ 62 KB
62 KB 251ms
249ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-07/thumbs/1689924976_snimok-jekrana-134.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f3901fe1a0442e50f28c14d6eae3dec8c35e6271d6b8bff15df81b6d5f7495f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:07:57 GMT
server: nginx
etag: W/"652746ed-f710"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.php
winzoro.net/engine/classes/min/ 2 KB
1 KB 291ms
287ms Stylesheet
text/css 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/engine/classes/min/index.php?f=engine/editor/css/default.css&v=5686h

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

f55a11baf33fb17425e40acd9266d2277424db4e0ae3bf3c703418de8b13101d

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
last-modified: Thu, 12 Oct 2023 01:00:39 GMT
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
etag: "pub1697072439;gz"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
content-length: 721
x-xss-protection: 1; mode=block, 1; mode=block
expires: Sun, 12 Jan 2025 20:30:24 GMT

GET
H2 200 index.php Show response
winzoro.net/engine/classes/min/ 84 KB
30 KB 292ms
287ms Script
application/x-javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/engine/classes/min/index.php?g=general&v=5686h

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
last-modified: Thu, 12 Oct 2023 01:00:39 GMT
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
etag: "pub1697072439;gz"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=31536000
content-length: 29771
x-xss-protection: 1; mode=block, 1; mode=block
expires: Sun, 12 Jan 2025 20:30:24 GMT

GET
H2 200 index.php Show response
winzoro.net/engine/classes/min/ 155 KB
39 KB 289ms
288ms Script
application/x-javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/engine/classes/min/index.php?f=engine/classes/js/jqueryui.js,engine/classes/js/dle_js.js&v=5686h

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

df301479921863d00f49551cae9e1cf786a17544c23839747864617049f9b51f

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
last-modified: Thu, 12 Oct 2023 01:00:39 GMT
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
etag: "pub1697072439;gz"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=31536000
content-length: 39723
x-xss-protection: 1; mode=block, 1; mode=block
expires: Sun, 12 Jan 2025 20:30:24 GMT

GET
H2 200 readmore.js Show response
winzoro.net/templates/alliline/scripts/min/ 4 KB
2 KB 251ms
249ms Script
application/javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/scripts/min/readmore.js?1697072480
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 300f5b02f9f5a3977cefc61c55e73223b22aac671597c11012f4c8112a2af5f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-101d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.js Show response
winzoro.net/templates/alliline/scripts/min/ 60 KB
16 KB 251ms
249ms Script
application/javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/scripts/min/scripts.js?1699970664
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 6b9d2722f54eab704e54d8f412c8958a14729d81c74422a483e2d5daea80deca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
last-modified: Tue, 14 Nov 2023 14:04:24 GMT
server: nginx
etag: W/"65537e68-f172"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 joinchat Show response
winzoro.net/ 11 KB
8 KB 289ms
288ms Script
application/javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/joinchat

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

c96b538e5d0c06df68fee2c32f2479692e63c58b9d3299f71942e558267ccc90

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v21/ 39 KB
40 KB 212ms
101ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2:300,400,500,700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 12:57:25 GMT
x-content-type-options: nosniff
age: 27179
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:31:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jan 2025 12:57:25 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 61 KB
61 KB 24ms
23ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1355306
alt-svc: h3=":443"; ma=86400
content-length: 62472
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "b75b4bfe0d58faeced5006c785eaae23"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k0tIxh7ZzMUJBH8Gsb%2F8EHP5OafmOqRD1jmfibhyIzo2Q2ttQRSzCe7KXnc%2BvmjAeTH01EejVYPgCSeCl%2FhYmIBhvVQpeHhM09QwuzbphajKeuZMvlcne0O478Y3%2BoTmC3QPWytaXaBxETS5HAINnZty"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 84506599cc4c18b7-FRA

GET
H2 200 7cHmv4okm5zmbtYsK-4E4Q.woff2
fonts.gstatic.com/s/exo2/v21/ 20 KB
20 KB 163ms
53ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYsK-4E4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2:300,400,500,700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20ac558ae4e736f5a22d58c1bcdab41693e106fb485d0c582be711621ef6456d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 11:34:18 GMT
x-content-type-options: nosniff
age: 118566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20400
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:26:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 11:34:18 GMT

GET
H2 200 fa-regular-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 15 KB
15 KB 15ms
15ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-regular-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ecd9f5bb492be71e3aacc8ca4f170c8f9890242a25e2c6ec9a42f13561b028f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 224880
alt-svc: h3=":443"; ma=86400
content-length: 14888
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "8d9ab84bfe87a3f77112a6698cf639fb"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOFo4cQ1vwpJ5bcsEMXwgdbLqitiRhcF9Myll%2BdDks4WmkzvdIvPx0usSTMndFGrySV0reg0rDjS9rm8fqSOiwr1M5M98ThAYDyh1mnn8wXZxdIZ9WWb4GxTmzvgBw6wkiBxgIEplkK22Io4Y1vRfwRF"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 84506599cc4d18b7-FRA

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 63 KB
63 KB 17ms
17ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1355306
alt-svc: h3=":443"; ma=86400
content-length: 64144
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "6814d0e8136d34e313623eb7129d538e"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6R9wxOVn5c%2FX47JgwYI4itN7P0ZpP5XOjv4zWhcJTLf6ppahOuywJfsKDvjYP%2BNiaWFCkJ4fEAdHKHu1lgngIPloyp0d28BO%2BFKOWbzfFvORJ91a7EokiNGH58X1ckSRnc9znYyEpqH3oG3uvaKjf8%2BS"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 84506599cc5018b7-FRA

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 202 KB
70 KB 161ms
50ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

f4d52b2f18ee8dd9761051674cb84dd5202b61ba4e8d7056b41a205791c7a61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Wed, 27 Dec 2023 07:32:12 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "658bd2fc-11627"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 71207
expires: Sat, 13 Jan 2024 21:30:24 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.5822443461710589
https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.5822443461710589

112 B
598 B

42ms
42ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.5822443461710589

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

HTTP/1.1

Server

88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host204.rax.ru

Software

nginx/1.17.9 /

Resource Hash

bb51b9caddb8a0e55d70c819b8a8903fbf2f94b7ad453653ec6aa0e823524276

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Jan 2024 20:30:24 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 112
Expires: Thu, 12 Jan 2023 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 13 Jan 2024 20:30:24 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.5822443461710589
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Thu, 12 Jan 2023 21:00:00 GMT

GET
H2 200 a9995e36ff90a549205c.js Show response
yastatic.net/partner-code-bundles/943322/ 14 KB
5 KB 190ms
94ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/943322/a9995e36ff90a549205c.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

aaab7ee30db4411af9ed4c4125f6e26036262c5c8809b1f121b4ae3092b16ed1

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:20:38 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4771
last-modified: Thu, 11 Jan 2024 16:15:44 GMT
etag: "656baa80d22775f5887192482b09946d"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 b99aefa4f70f59048afb.js Show response
yastatic.net/partner-code-bundles/943322/ 24 KB
8 KB 232ms
137ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/943322/b99aefa4f70f59048afb.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9002602039ce301a8fee38a1208f12d75325750c4128d8280c542c44cd904dc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:20:38 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7948
last-modified: Thu, 11 Jan 2024 16:15:45 GMT
etag: "ff611f5e94aa6d87245eb89241852337"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 9234343568b2d651159c.js Show response
yastatic.net/partner-code-bundles/943322/ 118 KB
24 KB 234ms
139ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/943322/9234343568b2d651159c.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

df37b48ff9d8a94ef188d94edf5f6a7d88c65fe4c98cc8eeadf91d64a375bc89

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:30:38 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 24627
last-modified: Thu, 11 Jan 2024 16:15:44 GMT
etag: "fe627f6514de647398ed26d4a4675cb2"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 278ms
183ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:20:38 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 187ms
93ms Font
font/woff2 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:40:38 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
x-nginx-request-id: e48ad5cf277983d3
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
access-control-allow-origin: *
content-type: font/woff2
cache-control: public, max-age=31556952
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Jan 2025 02:19:36 GMT

GET
H2 200 eda1763bae60c23b53e6.js Show response
yastatic.net/partner-code-bundles/943322/ 34 KB
11 KB 218ms
140ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/943322/eda1763bae60c23b53e6.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

a2c3bd119d4adab00de8b247990edb41be9a868a9e7bd60750a5afc12a4ea0fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:20:39 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 10676
last-modified: Thu, 11 Jan 2024 16:15:46 GMT
etag: "63a6c25e32e35f27c594ccf6ce2529ab"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 f3783557855b7a70795f.js Show response
yastatic.net/partner-code-bundles/943322/ 59 KB
15 KB 180ms
180ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/943322/f3783557855b7a70795f.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

985eeb8e53e1574439f8dcb6fcbabd1bd494c2466321a819445c53cf92cca34c

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:20:38 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 14844
last-modified: Thu, 11 Jan 2024 16:15:46 GMT
etag: "17e64c73009c8781f2a438d8727d81bd"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 e08913200e7dd3496e95.js Show response
yastatic.net/partner-code-bundles/943322/ 592 KB
113 KB 181ms
181ms Script
text/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/943322/e08913200e7dd3496e95.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

f5d4f9d8676a8d1d9775699e1e0f2150b838006107a962c9527fdb1feed66861

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:20:38 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 115348
last-modified: Thu, 11 Jan 2024 16:15:46 GMT
etag: "1184d91d0da2bb28dbb2e5c32c85140a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 13 Jan 2054 03:06:24 GMT

GET
H2 200 294956 Show response
yandex.ru/ads/meta/ 440 B
684 B 121ms
121ms XHR
application/json 2a02:6b8:a::a
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/meta/294956?target-ref=https%3A%2F%2Fwinzoro.net%2F&pcode-test-ids=913081%2C0%2C46%3B936322%2C0%2C56%3B918135%2C0%2C39%3B909920%2C0%2C89%3B943183%2C0%2C94%3B920184%2C0%2C95%3B886464%2C0%2C94%3B917807%2C0%2C28%3B936421%2C0%2C55%3B892905%2C0%2C5%3B937597%2C0%2C55%3B940996%2C0%2C39%3B944005%2C0%2C34%3B943322%2C0%2C67&pcode-flags-map=eJy1Wdty2zgS%2FRc9xxneL3mDSFDCmiS4IGhbSaVQmkST0a4vW44zM5tU%2Fn27AVASJQeqJLN5cCRZfQj05fTp9pfZFelVv%2BTXipSqJnNaq4oLxVo1J21LxezVmy%2BzP9a3nzazVzMpBjp7MXvafHxi7%2BF9koRhlM6%2Bvn2xh%2BkEL4dC9oq3qiNDT50IqZ9HoUEoWU%2FmNVUFH1qpBC2ZoIWEk5Cuc2MEXhQFu1PAI1Uz1JIJXteA1kp8QYW6JrJY0lJJ1lDFq6qn0o0bBl66v52gUqzwVi2V11xcKioEd%2FsnjZMozXcI8PTiEpy84oNUfc3hB3tN1RwuXBLBaO8GSzM%2F8jUY3gAxOkH1JffXvWIl5cr%2BfgLne%2FBvgpeHeeqdwZsPVQWuo00nV6pmDTsG%2FW7Eq46w8u8%2FYTXA6x9FbTFX%2F%2BaTfgPzp%2BLzPOb%2FzwM%2FGn1M9oUgc1XTdiGXEyMo1uzQLPMyL412ZrTVJCAFgVK5Yv1AasMryEr0RlLRwidl76aEzA8S7wdA9Qc9qaiqBGnc1KWfYehBCOSZHr4BhAUPlEimHUEIwO41KhlKxlUhKJHs6kypZ5EX%2BPHu%2BGOQJAcS6iUREmmoYgIeVCyH9lJVhNUTxHga8SwK0mAPSKTEmPbfgxi6AOGuwLpFzShQd00X4E3WVlxdL5lm9PaKwiNM8qN%2Fztw%2B9rLsgHfbEpKQzNEFpEQk1sMHg6jx0Nd0zs95M%2FWiPQsvKNxx6CVv1FVDup13r0g9TCOeHNVNlsRhsm80tACIQhKTNA2pa%2Fcx0iyKolNrbamumVwqCbn4PRhj7JpBQl8DZ5y2pHhinge%2Bl2jzHryqbMstMV3lqqPY9jt%2BTQWtKlZAMIvVBGzz13%2BmcJPSJWU5VlpHFtBiO8mgKkwhYKppd9esvXTfMc9z2%2BfGdt5SLU%2FG4sHQu86V%2Bx5oAo3QFbykP4nRAy8AdbR9TdDNELeOtHAzgHMjZEkW7BA0LeBBVgTy%2BUaR1mkc%2BInvTZwwHxQrMOF1pnAOJO0mwTz0s3BfoxWDNOuGec0KRXoQP%2F33cWoeRlmQTKItIf9YeRDhs8HNwyTx9sGF9MV0gZruwaETS8gBPwwmtlGQpcFEK1qNWPTC5cw496FutKHubUbZqqFlFYOAshY8UJGCujGywIpBzCSoECi%2Bpar5ghUuuwRikESTQ0MwBdRHK60gxMbdQ17SVvVHMTgBy31b%2FgWSBm9HcqzgCorppgVnIiV1pmaSZnliGBEzqwLt2Zb1yjQ9JIFjye22n19qIWvyyZA8YECdzLkbJY9sA0WUmkJ5AkLjtEmyKDH5c%2BC2hQChVtL%2BUnL3ubMk8sND%2F2nChDYFIAd4LUhzKLWKLQaYQ6DycB4pKNCG062p70VpPCoCkyZyEK0ND7RHiLZcCj4sls4qSX1%2F7Fg1eb3SEVWayg7Nvsx%2B2zy9%2B71ZP37Y3s9e%2BbH3Ynb38Ov2dtO%2FW99u7z%2FMXgVfJ6gx5LAhpAbbxj8HOlAggE7Na1RGNZt25jezu%2FX29uXjJzjbf9f37zd%2FwetftnfrD5uPk48%2BrO%2F0J%2B8%2Fb%2B7N19d%2FbJ8ezMu7lwdv3t9v7aeIvEOADx7Xn28fPv9uf%2F350fz%2F6XH98n7z58eTL%2Fxr%2FXC31aZvn79ia2i%2BoWKBP0tGlCSL3hm%2FMAhscumyoBB7aBeFbmNuwzj0LNWDuihpRYBnTBdsh2ZOnfSUxn5ohbMemPXIi%2F0TZnBamIoE0cqAO87ApF686zekbJCdFppyWFmR0%2FBOPJfFcW4bzqSCD%2BtC8qFYmuqoea9PaASIoP8AHj5THVB8kZF1K%2BiFEJ7CuHhec0g%2BqGBQi5I%2Bk4Xigl0EUe7D6HDhA%2BTh%2B%2BDofXj0PtLvyUUQwxiUBtaeXMQZEsmF7%2FuTBMq8PPFNk6sYNOmSdDqNzKA%2BLJxyyI%2BjODqoL1SarMEkwICYhHQCxH6UG4Cqh%2BBxmEfYjdsiDC2h2XyHbMXpBnmUaFGPCxDo8VAC7eCGinIreJZElFo3GZQeElqSYum0htpJkl17XHRSQc6wTp4zsvfVPRivwFGK2OzQjUzvos70xQx0aBI%2BA2TlTkek%2B%2FR7%2B%2F0WqsEaMtp%2B%2BvQ3eY48kwYvcnB%2F5IXJiyTMgfrDeJJKGXBCPgG1kxGquJ%2FDDY3XrNrG7EI5X0Dc3NI6i1Ob3YI2HNMFWGLu5LYsSwLbpat%2BbLLj5KCgYlVDcGyANHfPCr6X5Wf4Rc92BWpRrlkGNaZgiyW8guvVtJJmOCfAymcelgS%2BzcZBoM%2BxDN33BJss3NGnLaeF4T0sIK2ZnZrd8%2BLYOwzMOPjyDkCEnIM4IgqkQXVEcGPgAW0M%2FYSVci9IcnMfIxnxhIJC%2F4aZYr7Sb5l7GPFS3yoK%2FWXNSmApsFLsrnaBfWLiozdhAnZePj0LKGFvzAdBryHpqBkf3QNN4HmG%2Fa38Zq1%2BJDY8UtuiBY%2FzOchj8BqQAByOLpwTKKDGdvVrlfBu1NJjEnIRrjpwcnPjhEG8H5V222%2BAwwnJST5gG8XZlDy00tMKEgn0eLQ5AYhDm3nojBFk3EsgU5S8GBqcGEan7NzkBsZNikumV9BkxLk5Flqnf65yEX%2B3R9JihdVM7o7pxA%2B9OLNLCRQ7JUdCcVv4wGPGYsmHujS7T%2B114%2F9xyNfj2eE5gb%2FYot0PKXIxJZL17a16eNxu7p%2FWT9uHe%2FXudvvu3%2BtfbzfT54cw3B8%2B39b76YMmE9Hxw06utYMtX48%2BvaQ1lefyx8%2FGRmOVJ%2BQNZAqFofy4vA5is8slelPUA7T7RpAzLAKjrN1LmsNBg%2BeXeFs87%2B6hbojUy%2Fc7I4RZArljc2Ttpa0cvS8t5dCeSZw0sIWnl4AoISH7lszN0mEK9bpjQr0Q2HFpc7z1PDaOQEUmh3yzHMg1ZZbYz5iOfwvCNvYMCRMhiJvtIj%2BNw3F9R%2BjV5Mv2L13%2BdAcVepl%2FuoMybQ03qLp1F5eQx9ztNj%2Fzw%2FgUqUWJiH93kBBC7NKQ%2BFr4nSM9Lx%2FlJin78vKYyvIIt1fT2%2BtPjEXFbxTrtUg41obvnm6n1eH5dvnzbfo6rV%2BzvLRfbtx3AYkU2R0PuqQjK83V2rUC5LOZBiQ7mt8eN%2B%2BnHk4zK7Q6wRt9UGPZ8J64t0xYmFbwjO3jmpXQAEGySNa6x94sD3LvuCJuGOENOzQLp0UU5%2BnzRXSm%2BEa7nUTab1ONkJ1228mQmkeQNck3alevaE%2FWiCclFHknd2VNN3FQ%2FLyBXsA8k6dhcLSm1J98ffv1fwTAJvk%3D&pcode-icookie=tmuKzTEaNnEmNiRVUCYiA%2Fh3FgfchaTL0nKeWnLfWMIAuIaTy7Iwt%2B1zeMAilDzi91YPXQQiwIOuQMIuWDI%2FxufHGyE%3D&imp-id=12&enable-flat-highlight=1&charset=utf-8&comboblock-unencoded-vast=1&test-tag=119846767427586&ad-session-id=6969581705177824468&target-id=68236543&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fwinzoro.net&top-ancestor-undetermined=0&pcode-version=943322&pcodever=943322&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A9.7%2C%22isInIframe%22%3Afalse%2C%22w%22%3A220%2C%22h%22%3A0%2C%22width%22%3A220%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A200%2C%22top%22%3A769%2C%22sspInfo%22%3A%7B%22deviceSizeSsp%22%3A%7B%7D%7D%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D&grab-orig-len=3800&grab=eyJncmFiX3ZlcnNpb24iOjJ9CiKkFIzsKOoAqDEHrMTcLzwnbcw5zMmxf_ax5ru02SApLSUlpyWKiKiOKrAn8T7mxH5tZsu8pK2XwEnMPaenN4UD9EQArjCcqEWF5lZ8_wZ8mpYII4QwDIigGNMZI72Bls5YlCZauiiPDAVtCDMAKZQFCEJFiBmqQ3moCtV_4PKAMFQHCA6aOoQcEIWav2VNCO2W4B1cqKHsA6Jblp1MzRPnmSkljt_hcDmcLqvL5gINCZ2ruafTF1H5WakvUDGbitic5CRRnmbMb06zqMgiVMxcDC_Isftv1pWvCFUnvizEGSDyAC-EXI2jWmD-QH-7J0aIvRsBkfuX51AR4Ll7W3Wjq9w7v_LW5Qem-tvBDOB-KD3hpAdLeRCg3DrO8XtDyZbn3ZTfbLe_UJQBwQ1BtH2uKFdNzQkN5dolDPB-dxS3IduqrejYt0ngAz-pylBzk2huCfdPDPXBlW5VbsCTy-wSrRRpoSVOE1NcF8tr1hvDL6P7qniATvdb3W9z8y-N2xtAJpBrN89qecXbFoRrVFVOoNTT1g6PV9XL7dVlJEOq5BjHvlqoDu6eD_tGkkkSKc5DgLtVcrV7U6Qmbbt0kbzZUMYxKmYfKIUhNZMezKJMmGnpTDnIHgTipCQhKYThtVykBXn0eWbIs-INB0J4GWlKllZQ3pibTEV2qyUtXUxSZrQI8wzUNEnpXAOUznUwXCe8BybIH-KczIghd5YbwWxsPv1VisQu5og8TfQnhg9QkHMgxFf3pOZ8p6o6zjMx9JkmhH0lgbxl4dm8D9YD8K3TkyS5vky03bXoehzlZlItKIDTFQMlKw-KzuBBmnQeHEMurlcI7Mbuxft5UgBXdNjdFN0CyEQTQajgvykZX0dBWWS6r5MZQhdxPITteJyJDYzgK3MmPqCuv42O7UnJiRSgxd7DmTRYlUdwJgnYypE4kwSg--V9VTkn0mB4f8tRW_MZ86beJ3EmPFBzolBnEMUGMwbxBus2lX8F6kTJ5whV-26QlLiMyZ6FMgDxuuIoW3Aua_A34AQlunRHR3eNI1aelpsKijKhobK853wC7lAvLOtZ3pcnPG60prkL347RIVlGtFRwEShsoxMbHXybLqPSkJJJ-qgOk4mpuiERaLExTSJ_iH6cvRnhZeTzbZ3lCkbVB7HD6ZT8hZ360T7o-ZWJRhel-hvSS37Jf4gYzDSNJKyihK2v1lGWUc3xjM3_Vf8OHGo7gIRj8dHElqiMYhGRq4CqwTzZSRnlGVmkJSlIDLqYmRa1JOxEAFYRMHDtDOItUehOUTgdOBgGF_jPIVWZkD55HhufJM1MEDaP-7ZNW8UONWzNICNXGXQwOFgpg0jTSBc_ijJZAam153lHkUW3qWPgKnVWRhsrpY7mTet5hZ4k0n4cJUUBQZMHsGNwsYZtUIOH9NHbWSl91JQIn9L-iI96DmHTCOdgHy0ebQiIo7EfaLZm0GHn5rjeyeBkofRRl1nO_iSKkqoFSZTgxxvtjFZWyiflcWxOyuMs1mUxhLwz9tDFHDYuHo2JlZJoGaGQl_kR5rNcXzyKPDE8smz-CwJRneH4uIPsZAAdVi7-C7WDhf4LUUqqTTuLj1IXdbLQc-64IbLTM9BD5OwdWAR6QRwL47o3TpYEv8uQUUdZ570XK1ypEKhFrB_aoY83og5A8GrLGwMq1lHwxR2HcQwpweJphJAb-wNcD8YQkDtrgD_Y0UKI7D7b9LYHst3pYAQS29kIAbxQNgegk5vzZnqrnYWIvRb9Jd74NIbLeXbFB7n4RT9nO12lxjTyCU0hzuD1LG7j4oaJw3fxHcFPouzP6GQhEi7iAtRikWchSu6o8ticJia2ptjOwAUrQm9lIVaESpuV-tzMft-sUYcfmTnNkJRm0pKsSMAHZhLTo7Y6WMdhoyTdh0VMg_gjY6Ev2J9ECWqqzy9bk2nlPJlORlZKJliGwhwluXmYbHTGZDJywWQ6rHZ20WwgPv2GO2rOii4NCJY2dpUAhyk5ljJKE92jSEFJnzg_uqpFl5Gt3CJ-1GCga3KmnYmbB7ceNYf3GzjAgQdfs-5zDqIr1Zi2SmvQ6BsXlJ6eG7LJM6JmIcQoRAVgy_hRaimKhESXkT7KPNK-ZVCCnyYhzRb3OkbP2Ng2Jm7oLrZncNhYyb3ASCmKLH_kOVkZG3NtqS8fTORU6Dhx3BCqbM_IOgj1VGlU2p8mi3L9EasfIVjIPtbp9UuYRt9pY-AGcd5hfUYGFqKNUBX6NHuLodRellHkWh06zh4X2Oz2Z7DxRta1g6OUEkEOMbY3tGNkbwhjzE7W9mgtfcYMAmeNe3gZEXg2iEdxkI-VhmZtSYbKoKBzGe0ikx77EVXciZuD2GZ_HrnypgcuhBbgBfB_yIyLcrOjANHiHm3_6X2Mc9ZSgfBHex_TMwFYjrA29g7-TL2ba2yjDvAH7iy3KYXmxzZLvaMOvsliJsu7nMfZDOljUlyEYK111xDK4A3JbOffXnd_bRp2RvWPofYMN3IkFRuDAvlYNtwwAfDTyQw9Ur151D8GCVA8uYtVoB5rqyOX-kI3xoCI6KvXvra2XbDpF36d_WmAcFe35UVouPJs0lvHXOrbBaiH-IK5PKlmLh_5gLDW-h9IbaYk83XRbxblJF-1ifIJIbJvROxFWd-hFaOf39yv0Cfkdq0RV8PXhR8l_laQxzkO5p7lyxe0g4D1m-iDcrE9seunp3vA7xGrjpUBQV1g9XGn2Kr7Qk4CNCee3K_itjFi-3Y_0Fpx3pvOiyDCAA_NhwDvUAJMmqRosqM6nSiyzeI2IaioLqiGPsY5V17gPNRjAkENbUFNaC9GATDVZSwRO4pakRlKlUhPhXkSKR2DSLjbezubYs65vWf8WrpFHA57fUKQaBKBoI1XVpNbNmnYcshbmbgTruwVsQfJhZ5dIf52Py4VJwn3EtARqxF8-oCounGJ-caDhsRtc1vdq0-8fBOOMch2UZvejHrzht6Fwl5lV9D39cnYDYDvuewWAnsfTDrT4IgP8CahyUxJmpvQhLCPlQPmQhpmy1dMLF2lj1N42-ac__C0YYpgcyXv-WT-usS5ansJDPWKa51j_xQrrdb2aXiNggf8DDMH3PuCWrVCDnqbILTP-A-5wcPbF_fsQRyRsbyD6tDl_0Mdw_UP9XfuoVHm5iSN06O5IpQ4eQcwlP239-N6KiTt2Gjv1HSQ4_etHEs39dZsjH2PP1Ekr5lBdcte0bddyO3WiqkBwd742mH2KY7b3Brc-ir6JP2Ol8thee5DsOaqe1e1M80P3DsGgK5P3n88tffZc6rK-f_26P7sYXKlq1A_8iSTq-pz9X5Z5TPRIxHHa2B9qFHWLyGqadJLuYorhm60NGU-szv_2VLvmTy2iKj294qZEGZadmYc_pT571bGlXcP-5yy3_7gYi0D3s1Bn3iZQMSZ16gUxyWBI_bHdjxJfSa3HqrAuvCgUUDrLHSwbGQMr53OGelAwh-7H7mnluexP3A95cANvy39HDjsdVC5rzsIdajfPg4K7qa7o92fAnMQ3n3m6GDizlPyV9zbkkNCP93Ns2wTtlCHhu51N4_TIYc5unfNP1bT0B7tt-0_nBDWhwA9qhj0A3UXeccI9IEAME_FywEjbxK5T1kjr8jgPPT_-GqDk0er_Uc90kSUpIWI4eSRJTXnpUF485qH2VTfcVafxjhutarApU_KF-VtdP9EORttQmbaP4rBMOYTC8emgL21BbwF0SKtxmjShGyFe9fCskUNL9YJlLXrfaBbo801yjkA_A%3D%3D&uniformat=true&callback=Ya%5B3418242682107%5D

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

e201707d5b0e61c0c9da71d3b25c204a141c4d103a1deb92f89380871e58c67a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1705177824503572-7315609061541959636-balancer-l7leveler-kubr-yp-sas-55-BAL-6944
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
uniformat-product-type: None
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Sat, 13 Jan 2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
uniformat: true
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:24 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/ 402 KB
136 KB 221ms
119ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4379353840599633&plah=winzoro.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4379353840599633

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a22cdee9f3fbfce1ca0b1326df3b5656a89519dbdf27616829de5c63f112145e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139393
x-xss-protection: 0
server: cafe
etag: 9865694825781818154
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:24 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/ Frame 1427 9 KB
4 KB 162ms
52ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4379353840599633

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 85812
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 20:40:12 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 20:40:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sync_cookie_image_finish
mc.yandex.ru/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10247.XT3yeB3KIE8xAAlIWJYGz8rKbknstwr-9gSJTDywHoU0neVlgXq2HkwrXMYLjjXo.fZxqatpc_qWdq4KYrkqnZOu5maI%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10247.FQ24H-woCrBd39vs_mpK3VbX7s9DQdl7mHPeuYv1rF0kQS97F9uTngDeU3x7SnlVdOF3Tjaojfl_Dwe4DmW-3c68PU4ICo1vDvjvgj0KoydjyVFDnj6DfMsRBb3beTbnbximkIXHGe...
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10247.prGwNf_fZRdmrZ60d39qbqa-IbcePXO5xYgUaenDGEf6DQnl-qHP2CWbyXZt06XBOTtC05lEyMrNlC44KcUD-zdOUlZ_BjE8NFK5jkYR7ui_j...

43 B
582 B

52ms
52ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10247.prGwNf_fZRdmrZ60d39qbqa-IbcePXO5xYgUaenDGEf6DQnl-qHP2CWbyXZt06XBOTtC05lEyMrNlC44KcUD-zdOUlZ_BjE8NFK5jkYR7ui_j4K_CNoTqOVvJBonWOrID10h3lziNBujvDF3rGV15PrGyQPsKcRdetagw6V-D9GfeQ7oVvMctg-638aiKZDZgDinNE62AxeB4Zh3yzHPMQ%2C%2C.Wc9hGTJYZDTuZmmUwXfcy7z7VbA%2C

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10247.prGwNf_fZRdmrZ60d39qbqa-IbcePXO5xYgUaenDGEf6DQnl-qHP2CWbyXZt06XBOTtC05lEyMrNlC44KcUD-zdOUlZ_BjE8NFK5jkYR7ui_j4K_CNoTqOVvJBonWOrID10h3lziNBujvDF3rGV15PrGyQPsKcRdetagw6V-D9GfeQ7oVvMctg-638aiKZDZgDinNE62AxeB4Zh3yzHPMQ%2C%2C.Wc9hGTJYZDTuZmmUwXfcy7z7VbA%2C
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
499 B 54ms
50ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25 Dec 2023 13:57:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65898a2e-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 13 Jan 2024 21:30:24 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/294956/
Redirect Chain

https://mc.yandex.com/watch/294956?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3...
https://mc.yandex.com/watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen...

256 B
348 B

49ms
49ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A2%3Adp%3A1%3Als%3A472052775772%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A490540034%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc%28p-1%29clc%280-0-0%29lt%287800%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

a27805bdd4f2ee713d40dc92b094d5f9ae275f2ad5f36c9892ff3447638a2cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 256
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A2%3Adp%3A1%3Als%3A472052775772%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A490540034%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc%28p-1%29clc%280-0-0%29lt%287800%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/9377854/
Redirect Chain

https://mc.yandex.com/watch/9377854?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US...
https://mc.yandex.com/watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-...

420 B
455 B

53ms
52ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A1%3Adp%3A0%3Als%3A413573535997%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A514999624%3Arqn%3A1%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C111%2C2%2C100%2C0%2C%2C428%2C6%2C%2C%2C%2C748%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Afp%3A497%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

449450db9f2f6579fc906e43a4893af830d65a61ac9128bb7177a7d5739630ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 420
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A1%3Adp%3A0%3Als%3A413573535997%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A514999624%3Arqn%3A1%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C111%2C2%2C100%2C0%2C%2C428%2C6%2C%2C%2C%2C748%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Afp%3A497%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5E4F 492 KB
99 KB 663ms
663ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&adk=1812271804&adf=3025194257&lmt=1705177824&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_l%7C188x810_r&format=0x0&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177824517&bpp=2&bdt=408&idt=337&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6897414945557&frm=20&pv=2&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=354

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4379353840599633&plah=winzoro.net

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56b08a7f6b74be28d557c136f2a2f094150a00721eb2329bc176613de14fb5ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 101699
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:30:25 GMT
expires: Sat, 13 Jan 2024 20:30:25 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 85ms
85ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=HEADER&cls=header%20block%20clear&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 1
mc.yandex.com/watch/294956/ 43 B
86 B 49ms
49ms Ping
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/294956/1?page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1705177824_5de192a7a515eae54cec464518aa988f1c5548a977338df822a1b1e793442b62&browser-info=pa%3A1%3Aar%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A2%3Adp%3A1%3Als%3A472052775772%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A410684112%3Arqn%3A1%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C111%2C2%2C100%2C0%2C%2C428%2C6%2C%2C%2C%2C748%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Afp%3A497%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825&t=mc(p-2-h-1)clc(0-0-0)rqnt(1)lt(7800)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%226969581705177824468%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

GET
H2 200 294956
mc.yandex.com/watch/ 43 B
0 53ms
52ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/294956?page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1705177824_5de192a7a515eae54cec464518aa988f1c5548a977338df822a1b1e793442b62&browser-info=pv%3A1%3Aar%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A2%3Adp%3A1%3Als%3A472052775772%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A474047813%3Arqn%3A2%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1705177823800%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc(p-2-h-1)clc(0-0-0)rqnt(2)lt(7800)aw(1)rcm(1)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

POST
H2 200 1
mc.yandex.com/watch/9377854/ 43 B
74 B 53ms
52ms Ping
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/9377854/1?page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&hittoken=1705177824_201537f45dd50b526d3164706d60ea24d71b6c5ba9d42cd3f62522cb5809c78f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1201%3Acn%3A1%3Adp%3A1%3Als%3A413573535997%3Ahid%3A534540146%3Az%3A60%3Ai%3A20240113213024%3Aet%3A1705177825%3Ac%3A1%3Arn%3A322571863%3Arqn%3A2%3Au%3A1705177825369060052%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1705177823800%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1705177825&t=gdpr(14%2C14)mc(p-2-h-1)clc(0-0-0)rqnt(2)lt(7800)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%226969581705177824468%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:24 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:24 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 101ms
100ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c40eb775f01e9d162c4500814fa7c222aad26e0f7fd011a1df553e9787dd8d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12367
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/ 162 KB
55 KB 129ms
129ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87a5ced2a3f05591404b0fd2b735e8fe56edf86a437f27b49d3d6ebc0a181c8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56395
x-xss-protection: 0
server: cafe
etag: 4881723130422468132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 85ms
84ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_exclusion_zone&typ=noex&cor=3477519439784246&num=0&dvc=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2EE9 109 KB
41 KB 438ms
437ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9246fcaa46029492ead200a7148b4918c095121de40d714b030a184939f2108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41589
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:30:26 GMT
expires: Sat, 13 Jan 2024 20:30:26 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 86ms
86ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=1&wpc=ca-pub-4379353840599633&warn=12%2C13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=false&a=6%2C1%2C5%2C7&apv=20240109_093450&sat=1704924508322&afm=0%2C5&as_count=0&d_count=0&ng_count=0&am_count=1&atf_count=0&mdns=0&alldns=0.099&allp=1&fd=(0%2C0%2C0)%2C(1%2C0%2C0)%2C(2%2C1%2C1)&pgh=2830&abl=false&rr=n&su=winzoro.net&pvc=1379562072330320&r=0.1&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
544 B 62ms
61ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Symbols%3Aopsz%2Cwght%2CFILL%2CGRAD%4020..48%2C100..700%2C0..1%2C-50..200

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02d22e0e65f356e82a50816c858ab485adf56eb324b6c5b44c4dcd08c442a284

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 20:30:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
731 B 62ms
62ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Text%3A400%2C500%2C700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0de0a1e343c53355f109cdfefb4e4cab0609f38cf0c387c7914ec1a22ae2fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 19:39:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 css2
fonts.googleapis.com/ 591 B
440 B 71ms
71ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Google+Symbols:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e7cd255233d8e6b4a7d033d4b41b443ea3bd86c8e070085d23b5bcaee462005e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 20:30:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
731 B 70ms
70ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0de0a1e343c53355f109cdfefb4e4cab0609f38cf0c387c7914ec1a22ae2fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 19:39:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 85ms
85ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_prose&sts=ok&evt=place&vh=1200&eid=44787782&pos=UNKNOWN_POSITION&vpt=DESKTOP&pvc=1379562072330320

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 HhzZU5Ak9u-oMExPeInvcuEmPosC9zyteYEFU68cPrjdKM1XLPTxlGmzczpgWvF1d8Yp7AudBnt3CPar1JFWjoLAUv3G-tSXmA.woff2
fonts.gstatic.com/s/googlesymbols/v244/ 671 KB
672 KB 53ms
52ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesymbols/v244/HhzZU5Ak9u-oMExPeInvcuEmPosC9zyteYEFU68cPrjdKM1XLPTxlGmzczpgWvF1d8Yp7AudBnt3CPar1JFWjoLAUv3G-tSXmA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Symbols%3Aopsz%2Cwght%2CFILL%2CGRAD%4020..48%2C100..700%2C0..1%2C-50..200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fefe0d5f8b0a89d09eb9342c11f6725880d11e64227a14fcf5edc94e01e8950

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 04:05:35 GMT
x-content-type-options: nosniff
age: 59090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 687548
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 21:56:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jan 2025 04:05:35 GMT

GET ads
googleads.g.doubleclick.net/pagead/ Frame 246D 0
0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 240ms
125ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 4AA2 9 KB
4 KB 51ms
50ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 5A0C 9 KB
4 KB 50ms
50ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame C0DB 9 KB
4 KB 50ms
50ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 6B9C 9 KB
4 KB 51ms
51ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 4AA2 4 KB
671 B 60ms
60ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 19:31:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4AA2 205 B
650 B 162ms
52ms Image
image/png 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 16:23:12 GMT
x-content-type-options: nosniff
age: 101233
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 11 Jan 2025 16:23:12 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4AA2 604 B
695 B 162ms
53ms Image
image/png 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 19:10:39 GMT
x-content-type-options: nosniff
age: 91186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 11 Jan 2025 19:10:39 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/ Frame 4AA2 16 KB
7 KB 84ms
53ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 22:18:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 22:18:42 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/ Frame 4AA2 22 KB
9 KB 89ms
58ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 23:16:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 23:16:40 GMT

GET
H2 200 sdk.js Show response
adsdk.microsoft.com/native-to-display/ Frame 30BB 94 KB
38 KB 108ms
15ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adsdk.microsoft.com/native-to-display/sdk.js
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 759ce2a2ce00d61d23c78b075f72880dba5cec69876073fc1313ccfe536c7101

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: br
last-modified: Mon, 08 Jan 2024 22:48:38 GMT
vary: Accept-Encoding
x-azure-ref: 20240113T203025Z-01thtkr9m17gdf81bw5e7anaw0000000022000000000cx5x
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a0a0c049-401e-00db-1b69-457bcf000000
cache-control: private, max-age=3600, stale-while-revalidate=86400
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/240/ Frame 30BB 80 KB
28 KB 38ms
6ms Script
application/x-javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/240/trk.js
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 519e50788224b3422c6e6b1cce48d5decb83eece248558b54e48f88491e48aa4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Expires: Thu, 14 Nov 2024 14:07:00 GMT
Date: Sat, 13 Jan 2024 20:30:25 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 5120606
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27680
X-Served-By: cache-lga21956-LGA, cache-fra-eddf8230116-FRA
Last-Modified: Wed, 15 Nov 2023 14:06:46 GMT
Server: AkamaiNetStorage
X-Timer: S1705177826.851728,VS0,VE0
ETag: "ccac3ab7f323b8743d099010fcce15a4:1700057206.383562"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 7, 826800

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 30BB 3 KB
1 KB 127ms
116ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 16:19:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 30BB 20 KB
8 KB 78ms
67ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 19:20:11 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 30BB 205 KB
65 KB 283ms
160ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame C0DB 2 KB
903 B 157ms
152ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 21:28:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 21:28:23 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame C0DB 23 KB
9 KB 121ms
117ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 11:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 11:25:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame C0DB 3 KB
1 KB 117ms
113ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 16:19:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame C0DB 20 KB
8 KB 109ms
105ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 19:20:11 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C0DB 205 KB
65 KB 315ms
199ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame C0DB 37 KB
15 KB 183ms
101ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 18:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 04:29:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 11 Apr 2024 18:49:09 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3FB3 624 B
246 B 93ms
93ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGOarnYICMAE&v=APEucNWC0T5u0QkXkSVgEHrNBZ1hRFUrUrb-QRAaV4RQxWz4iZecNWaJeZ75quO0EhBrS6560PR2lyu726kC-6jFFbj_yP3qgZgpTtWSFf3zT8GdJp8Mr0d7LBsY514xCC3d9Jpfro9_7yfHfhnuqB2rqH-jxpdJMriWwNaKW-mu2ctgF-S-EdU

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:30:25 GMT
expires: Sat, 13 Jan 2024 20:30:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EDE7 89 KB
31 KB 108ms
108ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame EDE7 3 KB
1 KB 146ms
145ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 16:19:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame EDE7 20 KB
8 KB 126ms
125ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 19:20:11 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EDE7 205 KB
65 KB 193ms
87ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE7 42 B
63 B 85ms
85ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ca8kNh5rw9bLbb640FrRih30r8BEdHwz-akwg44Ze8VLQ6dUQrVX4U_NC2VIdazZ6kd-IQU3rXoSVdl8vZpWok4-kpLrlWYX5bOJsLmvykYqKgm7U

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 63FE 2 KB
480 B 60ms
60ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 19:28:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 63FE 2 KB
856 B 113ms
113ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 21:28:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 21:28:23 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame 63FE 23 KB
9 KB 113ms
113ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 11:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 11:25:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 63FE 3 KB
1 KB 119ms
118ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 16:19:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 63FE 20 KB
8 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 19:20:11 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 63FE 205 KB
65 KB 300ms
230ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:25 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 63FE 37 KB
15 KB 90ms
54ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 18:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 04:29:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 11 Apr 2024 18:49:09 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 3FB3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1

43 B
769 B

31ms
30ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGOarnYICMAE&v=APEucNWC0T5u0QkXkSVgEHrNBZ1hRFUrUrb-QRAaV4RQxWz4iZecNWaJeZ75quO0EhBrS6560PR2lyu726kC-6jFFbj_yP3qgZgpTtWSFf3zT8GdJp8Mr0d7LBsY514xCC3d9Jpfro9_7yfHfhnuqB2rqH-jxpdJMriWwNaKW-mu2ctgF-S-EdU
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngNTVueTjwAJ2V4RXglfvAiM9KhHJJzVfJhJQnmM2dLvrkTzMkALy9i9VDEqzhuF3avm%2FOgLM992QB1CCXt9f76%2FJk%2F52bYPPE8jsCBYsGRqXXmwP7KlSJOKHjQ5jaZWfpm3Cp1ojmnx4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 845065a509fb9104-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 3FB3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaLy4XPGMtHMRa4pxCaewQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1

43 B
734 B

33ms
33ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGOarnYICMAE&v=APEucNWC0T5u0QkXkSVgEHrNBZ1hRFUrUrb-QRAaV4RQxWz4iZecNWaJeZ75quO0EhBrS6560PR2lyu726kC-6jFFbj_yP3qgZgpTtWSFf3zT8GdJp8Mr0d7LBsY514xCC3d9Jpfro9_7yfHfhnuqB2rqH-jxpdJMriWwNaKW-mu2ctgF-S-EdU
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqIgBqGuBVDEeB%2BL89zIQrdvnYPmHtn%2B4ymi1%2BgMcboqpYNxBO6oVAFyvVe%2B4vHl5ldzA3jyllcfpxbvKd03AdJevLstk2MEtRRg9c4bSKwCJeoUDyJvS%2Faj9PddUIV94Vi7IebpqrGANg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 845065a509fc9104-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKIkXFiMpfVJDoRTXbVE1Mw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 3FB3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG7tsijtLQ82hDl9nd7Klak&google_cver=1

43 B
1014 B

8ms
7ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG7tsijtLQ82hDl9nd7Klak&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGOarnYICMAE&v=APEucNWC0T5u0QkXkSVgEHrNBZ1hRFUrUrb-QRAaV4RQxWz4iZecNWaJeZ75quO0EhBrS6560PR2lyu726kC-6jFFbj_yP3qgZgpTtWSFf3zT8GdJp8Mr0d7LBsY514xCC3d9Jpfro9_7yfHfhnuqB2rqH-jxpdJMriWwNaKW-mu2ctgF-S-EdU

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
an-x-request-uuid: 9d5f63cd-986d-4e94-9e03-397a548be8a3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.134; 185.213.155.134; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG7tsijtLQ82hDl9nd7Klak&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 3FB3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM5NjcwNzQwNjE3NDA1NTE4MQ%3D%3D

170 B
409 B

97ms
46ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM5NjcwNzQwNjE3NDA1NTE4MQ%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
an-x-request-uuid: 832df0d2-b5c5-478c-8848-5f02ad80b36d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM5NjcwNzQwNjE3NDA1NTE4MQ%3D%3D
x-proxy-origin: 185.213.155.134; 185.213.155.134; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

c.gif
www.bing.com/aes/ Frame 30BB
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=3b6910c6-5a5e-4f6f-84fd-ec507bad4ad2&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=da1d5f3e-281f-47ce...
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=23d4720c7b8e407990373e322b111f36&SNR=1&GV=2&med=10

0
547 B

51ms
51ms

Image
text/plain

2a02:26f0:3500:1b::1724:a38c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=23d4720c7b8e407990373e322b111f36&SNR=1&GV=2&med=10
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2a02:26f0:3500:1b::1724:a38c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6D2BDC66F9DB4613B5CE3E51FB9C1F27 Ref B: DUS30EDGE0709 Ref C: 2024-01-13T20:30:26Z
x-cdn-traceid: 0.8ca12417.1705177826.22372033
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
alt-svc: h3=":443"; ma=93600
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Sat, 13 Jan 2024 20:30:26 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 92D8330483254D4DB8525296BEBCC2B5 Ref B: FRAEDGE1218 Ref C: 2024-01-13T20:30:26Z
x-cdn-traceid: 0.8ca12417.1705177826.22371f0f
vary: Origin
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=23d4720c7b8e407990373e322b111f36&SNR=1&GV=2&med=10
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=93600
content-length: 154
expires: 0

GET
H2 200 th
www.bing.com/ Frame 30BB 12 KB
13 KB 74ms
9ms Image
image/jpeg 2a02:26f0:3500:1b::1724:a38c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/th?id=OADD2.8864830095747_1QCDWB0VWGSDD3IZKJ&pid=21.2&c=17&roil=0.195&roit=0&roir=0.805&roib=0.61&w=180&h=180&qlt=90
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:1b::1724:a38c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4a313efd109e3c0c719d82b04946c123576620456e19af9b31de3aab54b049e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cdn-traceid: 0.8ca12417.1705177826.22371f10
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-type: image/jpeg
cache-control: public, max-age=2592000
timing-allow-origin: *
access-control-allow-headers: *
content-length: 12711
alt-svc: h3=":443"; ma=93600

GET
H2 200 rd_log Show response
ams3-ib.adnxs.com/ Frame 30BB 0
535 B 60ms
25ms Script
text/html 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwinzoro.net&e=wqT_3QL4A-j4AQAAAwDWAAUBCODli60GEIT38p7M0sXoaRgAKjYJjeTHU3Y_pj8RZ5aUWTqupT8ZAAAAgD0K1z8hZw0SACkRJNAxAAAA4FG4rj8w_JnmAzi1AUC1XkjjA1C6iYq2AVi_sT1gAGifpFR4tPYFgAEBigEDVVNEkgUG8EmYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAPoBDTEtd2luem9yby5uZXTYAvAG4AKiqDHqAhNodHRwczovL3dpbhEf8FiAAwCIAwGQAwCYAwmgAwGqAwDAA9gEyAMA2AOxuTTgAwDoAwD4AwOABACSBAQvdWFwmAQAqAQAsgQMCAAQABgAIAAwADgAuAQAwAQAyAQA2gQCCAHgBAHwBAXNWIgFAZgFAKAF5uHXhd3nz_AlwAUAyQUABQEU8D_SBQkJBQt4AAAA2AUB4AUB8AWNYPoFBAgAEACQBgCYBgC4BgDBBgEgNAAA8D_QBsKNBNoGFgoQCRIZAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB7T2BdIHDRVkASYI2gcGAV6kGADgBwDqBwIIAPAHieMCiggCEACVCAAAgD-YCAHACPAG0ggGCAAQABgA&s=9207d6d81612a48cf3323b9a2c67fcc0540c122f&bdref=https%3A%2F%2Fwinzoro.net&bdtop=false&bdifs=2&bstk=https%3A%2F%2Fwinzoro.net,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
an-x-request-uuid: c6409b70-cf0a-4279-b43d-d91e557c876d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.134; 185.213.155.134; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE7 0
20 B 85ms
85ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7623553406677&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE7 0
20 B 86ms
86ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7623553406677&version=m202309260101&ct=76&x=1&cor=11956204646012264000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EDE7 109 KB
41 KB 114ms
114ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Atudb1Dy1m0CBG6gRrK5XuUYZ5LoHsokGN9_8xCrB4cCQ9bkLr8wErWux03qTvd8FCaAx-QJUT5KRduAHU1m--jc5WSJsr-X9Rm3JCT-an7weuBU3wIG77QSx_rmz3zDg7FWtm1o5auJxRgSVYTJoaiNYXjtZIT32Ks4YTldQpkc7fTiQ&dbm_d=AKAmf-D5-p5KLT1vvE4F5DZEhemehPoUK5CoI8Vr2n8BFDrGzSxJY9bCmEaFGAZyk2PSz-C_pEHQ7ws6c91_SNvFZcVJ4Bjsrh4OtCDyXbbxKB_TRIQdJJobuRNve7QakeK67x20Ds047NMxqshyVdVuPp2VJR_aQXVNQgccvYHVzZGRBxczA_bR4Oj0n64tFg6l3UUqL4ueVLAztvUTspCDnItQv5tOp-_etI4AHVKtIY5ji8z8xIM7PqMVaiv6JofTbxOUAcp1wlrl5j-DgZOOCeEtbO2W-NKE0IGNab-ID8YzTq4kIra-3Atnz5f3-1v5Dyhn5mg3UUbTD94GSBBK2DeY6JDxjtHjTlqTKF83WUlNIhqmnNLregsXRIrO7P2vKzu6R-qo287CthcI6Z09PuHZBkEARBzahX6w0MVAAfgouLBwLYt_74vrLRD-tHLXZp7ZcPH1hygOOzltxEm8euDuPGzRblcDg1dT3hPK5m3_sh2Xcqgo4I6Hclu9BAN6Jszvq8cENo56gxDNv0fJ82zA6e1KetaqZlUfS6mw6cyIBKMhzOYTnEShcPJAMeXfh7ueeU_mAZ143LXh_EL1-gjPSU9gLX1AriN2dBnphQefsMrIVAXomyS-NPXuOUt2WeRlNxHuyF5_SUgJ8UL_uwIUyJGmgnKknKjJOv3fLjVRvTw8kOavHAxA5THfgnFhUnaNAe7V2vzQtvYm-Ywf9r-JRR9HycvHOf1kuhgPyJ_Yl8LlPtnOEWP5a4wRelfLAVkB76veFhRoWoCsyB7A7z_-174O3m9sUZAnCgf_jVC7fwAWvGL2UVbjnbh3uxnT0rHnCD0wgA_QfedOVBrj_XxRdMBzVHSyIW-0q4h3mNyrnrHHko-jgcqQxlZuJftnMWZZN3Gw617v1fB6PotLAU8ACIZRasLCP06MIenmyv8jwKxZAn6WzgR74FFU7XGohPHj8M5_WNBPfc85tGgI-ykIjyMEkyusce9FnCvZQfonw0EAPjChtRdjBPgfiweprOW7CE3IIZHjTe9HK3SAgbRLfsMv7VdWraQ_0O10Tt7e9ebn-Y8_ZD_1Mz8T5ZSPo24LTek4Z9NxpScTNbtjT0d4_9N-y0LVfydzemmZFHnu8RdUAfWpNtb0Oh01gEnl9VpOa3r42bbm1KGMCEz-BJ1pjQG5uKGlirhiB8gIiqKUSToROpdPAHfgzgXe94AaO6wHOj06OS2naZtRUQI6r1TCw7Ji6-EkAaMDghydYU24P-J1uIckYixZZtkXpy-jE7Z6uTAbXJnDiAi8Zyixezgc05vssTrsAEi85gH5JL0RpSfpw2_mMukJOg9Iww2UuWpv-s0IXG4AQzzlhwYiFXEZUBz3YXMMjsYF8K1SPRaboQB_F7lkGAH6qOE3e3lfcnQtpDPTysPTKHgzjkLj_-o2rdeBbGNTpvi5sk_wJ6aiSLAPqNUhWCpwyc0oVxFCKW5jj_A1etfVkiGoyvlRepcptDndDZeWwl7IGKqMABHqi_RRLmGtTuBToLWfUNu_N7OhqsQ4NDL-k1xfkwkKteWnX3Gt9vD9VWj5lBVqOh36Z62ZeIR4qbHl4cgtDOesbQlMa-cQ6P32qPi-Ei0kaxeRxpayWOpRnhQ7XCM2lLcLMGIu479TZhIBc-qBnVeKDB-k2-vjdCRdMjgLtEQRBLNQw5lT5bko7WpV06rZNdgelvj2eKF-HIKGH0ehhSc7oQ_WzFiD7UmtSEQy-J7X0RBQ4uMK9cbqfhDnYBBw0_Bb-NwDLSgbwsjEKFrU8LrLJb51T32AAPBYTo0ezgVlueSlCxzP1C6y1GvgyELHxLd4-c7h6cZkWrcI2B4fHouxJyTXRc65tmtlseuQ28L8E1DvNO-y3wfIxaLIcg3wjJuBRZPhV7PhwAYFGVbSnjUMNM8EgCgUi-v8HV7ID7_eUNckCFzR7MgbbN2I7DXlbYVPHqVrmUuem3fKZ6kzxe6kog1rNY7cngYBUl-WLZTB-p7IY4BZZflhrE71n1d_m1ROq2xrrJwYIcb_Cuig9UEFfx6pKWNZdu1kL7yGy0iHG12iWifNAFJGrv4tiXVv-C05UuzvjPNB6aynxawyc-CpvinQ3CRtfldwOa9cmQM-ddMhLTkGiJ7bi1NOfG99PfNd-ww-_hTP8RtTXUp8MSlJJVcypB4QSU_Cn3IqTgZqIzj0Q1JFHsZFF7Rn0ag8IN2bAoy13c1Nq3pD4kKXjJDJoZbZzXu4IGEvya1aJ2sfwTRUoJRiwJT_LdAef3HF0k0ADIKQ2o2M6APMiQ4gmXUMj1kuBxF-iCjB5LaG7XC-iljIOpfsPFiR1nB62KylaWJ4USJNh3A2v31JLihPnVWpzPRBZKevDgreIVVpLDRgXZi60r8T2ZzAqMHSvDqmkB3CZ8RomuM-NBmDSpJex1MsiUgXMOXOAJzjTaSjwso6DjctgDWnuJW4C0Y1-ekL3JuUWizISylIrY9FXMzc9d_oU5IQqLiknFJHAn_Rx4c0Z94LkwaxRAgAuo2sDGx0plV8G2hdOa2eBU_7fGy6TBqjtkyjjVmzANTdU-6qI7WuHOoUfaiFckoEqxmUGfX6UvWNC8PVjnMH6x9SAl8kJ9h3UA535-702V62fKmMlwr3uF6q42iyrRwC5fzR3yX-w9aRrBzhTL-p6wcvJoCm4wdJ01OcTbt_tmvqzpGrGK5hdPQQjhrSCVGji7RmVQOz9Nv2MtdPx-u4TQgUDL6yNvEUwzwaFaJalOR0vuhBI-ALhkxH-1OsNITBMAnp9NkO-_wxTc7y3qeGqQKMZVClhypinsrBCbHVSPnxCPoCziH9MAvxmdvwQIKaHxNL2uptUXKxdRh3ZKMnRS4UNsUBFrzxgWRFFsWE5cXjcAgknux_7FfcWif9wPzBHjBRI3blB1HNyACbFEv-eARXaUr0gbov_LbrZSsz33sOJEg6EfNxJtX636hX64ROx8rjE6BCQ3x6RGdQYFEw17yUDrJE2jGA2KZiSdiMiD9V6zNT3gcRND5rwc3Ydw_DUmxh4ch-nke4Y9lK9THWsndufyclJ1s3yuzjl1bzk4Cbr40PUoGw02xP_zhq0_wkZiNTOTT0RHw_i21dHy0wPqk46hUtePdVlfgPzuCKKRCjtMpokdFg063AiW1lkWkAjpBHRTzrQOYaB5Tf-ottI6L18qbV6nl4iAMN1xN5wWtLy7ZIN1Y1gu_MGNN7DjLcCSald6yjUT4kS-J1eB318FKvjNrFtnMrbStrU8r2ugVtbQSHXcSXQfUXrkzCClcTfTi_Q7-CruoEfuqPOqT-sYiYibXqhBZW3j3vkpfTpNMk5pBlIDolesgnjFkYR3UMwjzZXWpTUFPvDTJ5XmZAADvxygtNdnk1JR4TnKQNTCdN6LXGLuetrl6vFXfbVDdGaAqsIBKe-GqFgFQ3h7n0d8_0_-mwpcBeDM-zbGob-Y6eI4P2Yv6eiFfDZzVPZ-RCEsVfFVmxgcmTiLmDxfSS96NjM7T1l4HQfAl30xG5a1FSewYFkcqRF-nRjEA8HXk11CvyNhbzHM7wNIdkjq-jIMS2gqM7N8iv5J3e7MNfHKwHXs7GxYwUmFDkmVbOXGeWzBmtheXfk7V_9aQR0SnEJWy7oe8CnJ3l_0Yc8LnV81uN44XdamWmZYN7tBDf4CBdwtQJCMc3wZ2gvdBOfrWdeXnliYkuqfZyTAQI0UfR&cid=CAQSTwAvHhf_j_l0NckTnQlAxtGJUptVkNn1SvE3AAkP3hdsiSILgW9ktjrkGizoJjdifAJs5vDlW5mqr5N1DpFdLCUEpnbdNJr7D6NwBS-jQAwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=11956204646012264000&adk=521587873&idt=115&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6242af9a4ab5625d56a9e4792b1f3413b42d2b0d56625da3da9e9ea0197e1863

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42143
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B2E3 13 KB
5 KB 51ms
51ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 944
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:14:42 GMT
expires: Sun, 12 Jan 2025 20:14:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7280 829 B
1 KB 171ms
61ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d2e8fd678a0040f1ebb05484cc55e33bb0f537ab5dd0c0a25e0e375da2e838b2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ErL1FcJMnuKTbVDZpJWeXA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ErL1FcJMnuKTbVDZpJWeXA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:30:26 GMT
expires: Sat, 13 Jan 2024 20:30:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 vevent
ams3-ib.adnxs.com/ Frame 30BB 0
842 B 21ms
21ms Ping
text/html 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwinzoro.net&e=wqT_3QKWB-iWAwAAAwDWAAUBCODli60GEIT38p7M0sXoaRgAKjYJjeTHU3Y_pj8RZ5aUWTqupT8ZAAAAgD0K1z8hZw0SACkRJNAxAAAA4FG4rj8w_JnmAzi1AUC1XkjjA1C6iYq2AVi_sT1gAGifpFR4tPYFgAEBigEDVVNEkgUG8EmYAaABoAHYBKgBAbABALgBAcABBcgBAtABANgBAOABAPABAPoBDTEtd2luem9yby5uZXTYAvAG4AKiqDHqAhNodHRwczovL3dpbhEfVIADAIgDAZADAJgDCaADAaoDmgMKsAIVKfCGd3cuYmluZy5jb20vYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9ZGExZDVmM2UtMjgxZi00N2NlLWFhOGMtODE5NTU0ZTZhMjQ3JmJpZElkPTE1MDAwJmJpZGRlcklkPTQmY21FeHBJZD1MVjMmb0FkVW5pFVwYcHVibGlzaAUpLDE2MjY0NTMzMCZySZpxALhydHlwZT1udXJsJnRhZ0lkPTc5NjU5NDgmdHJhZmZpY0dyb3VwPWtuYXFlXzNjJg0WCFN1YgkZ9CoBZXJmcmVpciZhaWQ9JHtBVUNUSU9OX0lEfRIFMTIwODUaEzc2MjQ5MDA0NzIzMTE5NTQzMDgiCTM4MTg0NjcxNCoEYmluZzo4VTJWaGNtTm9RV1FqTnprM01UUTRNREF4TVRnMU1qWWpNak16TVRVeE5EUXdOekF6TURNMk53PT3AA9gEyAMA2AOxuTTgAwDoAwD4AwOABACSBAQvdWFwmAQAqAQAsgQMCAAQABgAIAAwADgAuAQAwAQAyAQA2gQCCAHgBAHwBLqJirYBiAUBmAUAoAXm4deF3efP8CXABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWNYPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCjQTaBhYKEAAAAAAAAAARPXgAEAAYAOAGAfIGAggAgAcBiAcAoAcByAe09gXSBw0JEScBJgzaBwYIBQmo4AcA6gcCCADwB4njAooIAhAAlQgAAIA_mAgBwAjwBtIICQj___8_EAIYAA..&s=92d2bfa598686f797b539834da9f7062be7ecdc7&type=nv&nvt=5&jm=1003&sid=7845925511445117869&vd=ct~0|rr~0&sv=240&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=7965948&sw=1600&sh=1200&pw=0&ph=0&ww=0&wh=0&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/240/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
an-x-request-uuid: df900412-bc7e-4838-aee5-f623326026b0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.134; 185.213.155.134; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 148742464806174268
tpc.googlesyndication.com/simgad/ Frame 2EE9 18 KB
18 KB 51ms
51ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/148742464806174268?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnNnQgcSmGSEKCUC5zdqT6lGRhJ_g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79e2f319a4307b8efa970936f6bf86a8236c2de2cb980c5950ed65b48a28c18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 06:46:19 GMT
x-content-type-options: nosniff
age: 395047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18245
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 17:40:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Jan 2025 06:46:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame 2EE9 23 KB
9 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 11:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 11:25:48 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3069 143 B
166 B 51ms
50ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 19:38:21 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 2EE9 3 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15044
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 16:19:42 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5EE6 1 KB
643 B 53ms
53ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 40616
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 09:13:30 GMT
etag: 48472445140208031
expires: Sun, 14 Jan 2024 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 2EE9 20 KB
8 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 19:20:11 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2EE9 0
0 105ms
59ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQUK1a_CMS45szdxQlyPHOdJM_aXRgzwsLHpHDKQ4_712MDz1phcuExP3hhTYdPyjAil-_-Trxf0g-0sdHFDVZ8zMCQ7g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2EE9 205 KB
65 KB 153ms
152ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:26 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 2EE9 36 KB
15 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 23:21:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 23:21:47 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame B2E3 39 KB
15 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jan 2025 16:19:44 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3069
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
21 B

64ms
63ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:30:26 GMT
expires: Sat, 13 Jan 2024 20:30:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 20:30:26 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1898970/77442773/ Frame EDE7 60 KB
15 KB 116ms
35ms Script
application/javascript 34.251.209.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1898970/77442773/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4379353840599633&ias_chanId=1&ias_placementId=20903658371&bidurl=https://winzoro.net/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jU4fb-noNF-zsZPxsY4dw4
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.209.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-209-93.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3656e2aaff68f611690aec056ed305278bc82a76fe2e9ebe47c4f122f24e845d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame EDE7 111 KB
39 KB 180ms
51ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 21:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81967
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 13 Jan 2024 21:44:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/ Frame EDE7 11 KB
4 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Atudb1Dy1m0CBG6gRrK5XuUYZ5LoHsokGN9_8xCrB4cCQ9bkLr8wErWux03qTvd8FCaAx-QJUT5KRduAHU1m--jc5WSJsr-X9Rm3JCT-an7weuBU3wIG77QSx_rmz3zDg7FWtm1o5auJxRgSVYTJoaiNYXjtZIT32Ks4YTldQpkc7fTiQ&dbm_d=AKAmf-D5-p5KLT1vvE4F5DZEhemehPoUK5CoI8Vr2n8BFDrGzSxJY9bCmEaFGAZyk2PSz-C_pEHQ7ws6c91_SNvFZcVJ4Bjsrh4OtCDyXbbxKB_TRIQdJJobuRNve7QakeK67x20Ds047NMxqshyVdVuPp2VJR_aQXVNQgccvYHVzZGRBxczA_bR4Oj0n64tFg6l3UUqL4ueVLAztvUTspCDnItQv5tOp-_etI4AHVKtIY5ji8z8xIM7PqMVaiv6JofTbxOUAcp1wlrl5j-DgZOOCeEtbO2W-NKE0IGNab-ID8YzTq4kIra-3Atnz5f3-1v5Dyhn5mg3UUbTD94GSBBK2DeY6JDxjtHjTlqTKF83WUlNIhqmnNLregsXRIrO7P2vKzu6R-qo287CthcI6Z09PuHZBkEARBzahX6w0MVAAfgouLBwLYt_74vrLRD-tHLXZp7ZcPH1hygOOzltxEm8euDuPGzRblcDg1dT3hPK5m3_sh2Xcqgo4I6Hclu9BAN6Jszvq8cENo56gxDNv0fJ82zA6e1KetaqZlUfS6mw6cyIBKMhzOYTnEShcPJAMeXfh7ueeU_mAZ143LXh_EL1-gjPSU9gLX1AriN2dBnphQefsMrIVAXomyS-NPXuOUt2WeRlNxHuyF5_SUgJ8UL_uwIUyJGmgnKknKjJOv3fLjVRvTw8kOavHAxA5THfgnFhUnaNAe7V2vzQtvYm-Ywf9r-JRR9HycvHOf1kuhgPyJ_Yl8LlPtnOEWP5a4wRelfLAVkB76veFhRoWoCsyB7A7z_-174O3m9sUZAnCgf_jVC7fwAWvGL2UVbjnbh3uxnT0rHnCD0wgA_QfedOVBrj_XxRdMBzVHSyIW-0q4h3mNyrnrHHko-jgcqQxlZuJftnMWZZN3Gw617v1fB6PotLAU8ACIZRasLCP06MIenmyv8jwKxZAn6WzgR74FFU7XGohPHj8M5_WNBPfc85tGgI-ykIjyMEkyusce9FnCvZQfonw0EAPjChtRdjBPgfiweprOW7CE3IIZHjTe9HK3SAgbRLfsMv7VdWraQ_0O10Tt7e9ebn-Y8_ZD_1Mz8T5ZSPo24LTek4Z9NxpScTNbtjT0d4_9N-y0LVfydzemmZFHnu8RdUAfWpNtb0Oh01gEnl9VpOa3r42bbm1KGMCEz-BJ1pjQG5uKGlirhiB8gIiqKUSToROpdPAHfgzgXe94AaO6wHOj06OS2naZtRUQI6r1TCw7Ji6-EkAaMDghydYU24P-J1uIckYixZZtkXpy-jE7Z6uTAbXJnDiAi8Zyixezgc05vssTrsAEi85gH5JL0RpSfpw2_mMukJOg9Iww2UuWpv-s0IXG4AQzzlhwYiFXEZUBz3YXMMjsYF8K1SPRaboQB_F7lkGAH6qOE3e3lfcnQtpDPTysPTKHgzjkLj_-o2rdeBbGNTpvi5sk_wJ6aiSLAPqNUhWCpwyc0oVxFCKW5jj_A1etfVkiGoyvlRepcptDndDZeWwl7IGKqMABHqi_RRLmGtTuBToLWfUNu_N7OhqsQ4NDL-k1xfkwkKteWnX3Gt9vD9VWj5lBVqOh36Z62ZeIR4qbHl4cgtDOesbQlMa-cQ6P32qPi-Ei0kaxeRxpayWOpRnhQ7XCM2lLcLMGIu479TZhIBc-qBnVeKDB-k2-vjdCRdMjgLtEQRBLNQw5lT5bko7WpV06rZNdgelvj2eKF-HIKGH0ehhSc7oQ_WzFiD7UmtSEQy-J7X0RBQ4uMK9cbqfhDnYBBw0_Bb-NwDLSgbwsjEKFrU8LrLJb51T32AAPBYTo0ezgVlueSlCxzP1C6y1GvgyELHxLd4-c7h6cZkWrcI2B4fHouxJyTXRc65tmtlseuQ28L8E1DvNO-y3wfIxaLIcg3wjJuBRZPhV7PhwAYFGVbSnjUMNM8EgCgUi-v8HV7ID7_eUNckCFzR7MgbbN2I7DXlbYVPHqVrmUuem3fKZ6kzxe6kog1rNY7cngYBUl-WLZTB-p7IY4BZZflhrE71n1d_m1ROq2xrrJwYIcb_Cuig9UEFfx6pKWNZdu1kL7yGy0iHG12iWifNAFJGrv4tiXVv-C05UuzvjPNB6aynxawyc-CpvinQ3CRtfldwOa9cmQM-ddMhLTkGiJ7bi1NOfG99PfNd-ww-_hTP8RtTXUp8MSlJJVcypB4QSU_Cn3IqTgZqIzj0Q1JFHsZFF7Rn0ag8IN2bAoy13c1Nq3pD4kKXjJDJoZbZzXu4IGEvya1aJ2sfwTRUoJRiwJT_LdAef3HF0k0ADIKQ2o2M6APMiQ4gmXUMj1kuBxF-iCjB5LaG7XC-iljIOpfsPFiR1nB62KylaWJ4USJNh3A2v31JLihPnVWpzPRBZKevDgreIVVpLDRgXZi60r8T2ZzAqMHSvDqmkB3CZ8RomuM-NBmDSpJex1MsiUgXMOXOAJzjTaSjwso6DjctgDWnuJW4C0Y1-ekL3JuUWizISylIrY9FXMzc9d_oU5IQqLiknFJHAn_Rx4c0Z94LkwaxRAgAuo2sDGx0plV8G2hdOa2eBU_7fGy6TBqjtkyjjVmzANTdU-6qI7WuHOoUfaiFckoEqxmUGfX6UvWNC8PVjnMH6x9SAl8kJ9h3UA535-702V62fKmMlwr3uF6q42iyrRwC5fzR3yX-w9aRrBzhTL-p6wcvJoCm4wdJ01OcTbt_tmvqzpGrGK5hdPQQjhrSCVGji7RmVQOz9Nv2MtdPx-u4TQgUDL6yNvEUwzwaFaJalOR0vuhBI-ALhkxH-1OsNITBMAnp9NkO-_wxTc7y3qeGqQKMZVClhypinsrBCbHVSPnxCPoCziH9MAvxmdvwQIKaHxNL2uptUXKxdRh3ZKMnRS4UNsUBFrzxgWRFFsWE5cXjcAgknux_7FfcWif9wPzBHjBRI3blB1HNyACbFEv-eARXaUr0gbov_LbrZSsz33sOJEg6EfNxJtX636hX64ROx8rjE6BCQ3x6RGdQYFEw17yUDrJE2jGA2KZiSdiMiD9V6zNT3gcRND5rwc3Ydw_DUmxh4ch-nke4Y9lK9THWsndufyclJ1s3yuzjl1bzk4Cbr40PUoGw02xP_zhq0_wkZiNTOTT0RHw_i21dHy0wPqk46hUtePdVlfgPzuCKKRCjtMpokdFg063AiW1lkWkAjpBHRTzrQOYaB5Tf-ottI6L18qbV6nl4iAMN1xN5wWtLy7ZIN1Y1gu_MGNN7DjLcCSald6yjUT4kS-J1eB318FKvjNrFtnMrbStrU8r2ugVtbQSHXcSXQfUXrkzCClcTfTi_Q7-CruoEfuqPOqT-sYiYibXqhBZW3j3vkpfTpNMk5pBlIDolesgnjFkYR3UMwjzZXWpTUFPvDTJ5XmZAADvxygtNdnk1JR4TnKQNTCdN6LXGLuetrl6vFXfbVDdGaAqsIBKe-GqFgFQ3h7n0d8_0_-mwpcBeDM-zbGob-Y6eI4P2Yv6eiFfDZzVPZ-RCEsVfFVmxgcmTiLmDxfSS96NjM7T1l4HQfAl30xG5a1FSewYFkcqRF-nRjEA8HXk11CvyNhbzHM7wNIdkjq-jIMS2gqM7N8iv5J3e7MNfHKwHXs7GxYwUmFDkmVbOXGeWzBmtheXfk7V_9aQR0SnEJWy7oe8CnJ3l_0Yc8LnV81uN44XdamWmZYN7tBDf4CBdwtQJCMc3wZ2gvdBOfrWdeXnliYkuqfZyTAQI0UfR&cid=CAQSTwAvHhf_j_l0NckTnQlAxtGJUptVkNn1SvE3AAkP3hdsiSILgW9ktjrkGizoJjdifAJs5vDlW5mqr5N1DpFdLCUEpnbdNJr7D6NwBS-jQAwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=11956204646012264000&adk=521587873&idt=115&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 11:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 11:31:29 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame EDE7 31 KB
12 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 23:06:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 23:06:20 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame EDE7 41 KB
14 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87758
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
DATA 200
OK truncated
/ Frame EDE7 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a686fc509438cdb44476e044782dc4c139eb2b132fb082782dea0db26aa872a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5EE6 35 B
463 B 34ms
9ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI3IEgGXVc6ag0J8e4OYlNs&google_cver=1&google_push=AXcoOmR4kKp6UscoqWElGJqxc1nidau3bTkx_jusllWrns1sCp43d-a04MVGb2JklavCco8fKAcYyoiiIXAlaZd7k_jlPub_hulfPZ4

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 5EE6 0
104 B 147ms
67ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEAMXuTmoQEJIBI8xRxRGExg&google_cver=1&google_push=AXcoOmQFIbmkQOeO19UCUIZKts3DA3B-CFgWVRNcarKx3Q_TG40W1RKaOV6woDK08ZRAEN8PgJ3R5wHokWp26vtzWu9FJgkX4e0e28k
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 5EE6
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJSgZBIBmvrhqTRxWyJGqBQ&google_cver=1&google_push=AXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSgZBIBmvrhqTRxWyJGqBQ&google_cver=1&google_push=AXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv...

43 B
420 B

195ms
177ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSgZBIBmvrhqTRxWyJGqBQ&google_cver=1&google_push=AXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 845065a6c9f4362a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 173
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSgZBIBmvrhqTRxWyJGqBQ&google_cver=1&google_push=AXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSPiRpLQu8HJJBQo85gGEJ8J689L4r7O8_L8bd6SMEfkuAdPUYeYhZKIDy7mC4dQ5e7Z2ir2hHZVdv0fBMeYmpaAEnvMHv53pk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 845065a598a5362a-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5EE6
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAOgqJ7GXJLjypexl49sGhA&google_cver=1&google_push=AXcoOmSJYEPQ_UBl2wpakhOBlviFOFxX27jURXeUhBQRDQDKbg217PDNgDeclr7jxNNVzw3bEQbteI0d1qQ...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSJYEPQ_UBl2wpakhOBlviFOFxX27jURXeUhBQRDQDKbg217PDNgDeclr7jxNNVzw3bEQbteI0d1qQ9uGTzLDlbT2tuBHi8wic&google_hm=7VfvFPtcTAe-K9HQK...

170 B
232 B

46ms
45ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSJYEPQ_UBl2wpakhOBlviFOFxX27jURXeUhBQRDQDKbg217PDNgDeclr7jxNNVzw3bEQbteI0d1qQ9uGTzLDlbT2tuBHi8wic&google_hm=7VfvFPtcTAe-K9HQKMXXLoY

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:25 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSJYEPQ_UBl2wpakhOBlviFOFxX27jURXeUhBQRDQDKbg217PDNgDeclr7jxNNVzw3bEQbteI0d1qQ9uGTzLDlbT2tuBHi8wic&google_hm=7VfvFPtcTAe-K9HQKMXXLoY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 5EE6 0
173 B 55ms
19ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESENJu15XOwfYw6k_AI6VOKYY&google_cver=1&google_push=AXcoOmQr9zB6x_OAWNHcoAInlYzGbu8lNjbt9dAFjABbwVS3mpvQM4AMKzxnHnuswYX94-EN2cDEHs3zge6BRSYdmS8QA3orxH55Cw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5EE6
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEA4CHd2C8-fQUZ_bJcEM8fk&google_cver=1&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IM...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEA4CHd2C8-fQUZ_bJcEM8fk&google_cver=1&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yA...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgzNDM5NTExMDYzNDg5ODMy&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IM...

170 B
188 B

47ms
46ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgzNDM5NTExMDYzNDg5ODMy&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IMi48tF2o-RcJG4_PQwcYFLPE

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgzNDM5NTExMDYzNDg5ODMy&google_push=AXcoOmT7uFSlEZh2KcfuzL5BIdqkU46Fr7ehZXf7rINhE5Mnsnr1h6C5mjxltGgto1T-es971yAj93IMi48tF2o-RcJG4_PQwcYFLPE
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5EE6
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELaqwJhzDJvLK4HbJ3IpkpE&google_cver=1&google_push=AXcoOmSowcx7V-Qrz_1J-J-Ql2K6Y8S5q-4JZjJxlmjzjn5IsYUwplv1f0g2crRA560hVPqC04MGDYTMouOG...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSowcx7V-Qrz_1J-J-Ql2K6Y8S5q-4JZjJxlmjzjn5IsYUwplv1f0g2crRA560hVPqC04MGDYTMouOGb36JAYmlLAgCo6se3w

170 B
232 B

45ms
45ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSowcx7V-Qrz_1J-J-Ql2K6Y8S5q-4JZjJxlmjzjn5IsYUwplv1f0g2crRA560hVPqC04MGDYTMouOGb36JAYmlLAgCo6se3w

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSowcx7V-Qrz_1J-J-Ql2K6Y8S5q-4JZjJxlmjzjn5IsYUwplv1f0g2crRA560hVPqC04MGDYTMouOGb36JAYmlLAgCo6se3w
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5EE6 0
50 B 44ms
44ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IW9F_pn02LhtKCA4vIuYGNEn7TUq_XRI4o0QeDnVbEaruNkNvIHnNc-7NAcNjYh64f7pEh

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 2EE9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fb295f8f149365c2b4281045e2d5bbc23fcc871600772238f9486109453465f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7280 0
0 85ms
84ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240109&jk=1379562072330320&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B2E3 0
10 B 51ms
51ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ygX-8g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame CB90 38 KB
13 KB 51ms
51ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 73176
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 00:10:50 GMT
expires: Sun, 12 Jan 2025 00:10:50 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 30BB 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 898d625499f9e2647de18cd437069809649e31d4df478114b25dbd143bcb9488

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 30BB 0
25 B 100ms
99ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CtuqL4PKiZZuiOKDH1fAPv723sAnS4Nfgbo-ktpOTCsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi00Mzc5MzUzODQwNTk5NjMzyAEJqAMByAMCqgSvAU_Q-UK06hYghrgEXQ53M8slMGfd648JT35rLFX-Ach7Qgd33D7t1n6N8YQpY7T3eDotaA-bdTqfVgksh3hUDX0WyJL_np56F8oZHgaYz4m_GlOzWMnhbJGA6QI6-BJ1xpQVbNL3pbKiGsUDPCmYOFXFaZS5bXqk-4l-aTgnjbJd0d0gRO9JhpCiujKeFyuLC8_NF_A-NtDylPLDRW6_q58vPxYfZdzXsG98RzN0zxWABsDSn4bIuLH48QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYuOqhtJrbgwOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDM3OTM1Mzg0MDU5OTYzMxgA&sigh=wzYt5ujlYQQ&uach_m=%5BUACH%5D&cid=CAQSTwAvHhf_j_l0NckTnQlAxtGJUptVkNn1SvE3AAkP3hdsiSILgW9ktjrkGizoJjdifAJs5vDlW5mqr5N1DpFdLCUEpnbdNJr7D6NwBS-jQAwYAQ&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 it
ams3-ib.adnxs.com/ Frame 30BB 0
818 B 14ms
14ms Image
text/html 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwinzoro.net&e=wqT_3QKWB-iWAwAAAwDWAAUBCODli60GEIT38p7M0sXoaRgAKjYJjeTHU3Y_pj8RZ5aUWTqupT8ZAAAAgD0K1z8hZw0SACkRJNAxAAAA4FG4rj8w_JnmAzi1AUC1XkjjA1C6iYq2AVi_sT1gAGifpFR4tPYFgAEBigEDVVNEkgUG8EmYAaABoAHYBKgBAbABALgBAcABBcgBAtABANgBAOABAPABAPoBDTEtd2luem9yby5uZXTYAvAG4AKiqDHqAhNodHRwczovL3dpbhEfVIADAIgDAZADAJgDCaADAaoDmgMKsAIVKfCGd3cuYmluZy5jb20vYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9ZGExZDVmM2UtMjgxZi00N2NlLWFhOGMtODE5NTU0ZTZhMjQ3JmJpZElkPTE1MDAwJmJpZGRlcklkPTQmY21FeHBJZD1MVjMmb0FkVW5pFVwYcHVibGlzaAUpLDE2MjY0NTMzMCZySZpxALhydHlwZT1udXJsJnRhZ0lkPTc5NjU5NDgmdHJhZmZpY0dyb3VwPWtuYXFlXzNjJg0WCFN1YgkZ9CoBZXJmcmVpciZhaWQ9JHtBVUNUSU9OX0lEfRIFMTIwODUaEzc2MjQ5MDA0NzIzMTE5NTQzMDgiCTM4MTg0NjcxNCoEYmluZzo4VTJWaGNtTm9RV1FqTnprM01UUTRNREF4TVRnMU1qWWpNak16TVRVeE5EUXdOekF6TURNMk53PT3AA9gEyAMA2AOxuTTgAwDoAwD4AwOABACSBAQvdWFwmAQAqAQAsgQMCAAQABgAIAAwADgAuAQAwAQAyAQA2gQCCAHgBAHwBLqJirYBiAUBmAUAoAXm4deF3efP8CXABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWNYPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCjQTaBhYKEAAAAAAAAAARPXgAEAAYAOAGAfIGAggAgAcBiAcAoAcByAe09gXSBw0JEScBJgzaBwYIBQmo4AcA6gcCCADwB4njAooIAhAAlQgAAIA_mAgBwAjwBtIICQj___8_EAIYAA..&s=92d2bfa598686f797b539834da9f7062be7ecdc7&pp=ZaLy4AAOERsIFWOgAA3evz0Z_5xl6i33shtkvQ&ppt=1&pubclick=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6ti_4PKiZZuiOKDH1fAPv723sAnS4Nfgbo-ktpOTCsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi00Mzc5MzUzODQwNTk5NjMzyAEJqAMByAMCqgSyAU_Q-UK06hYghrgEXQ53M8slMGfd648JT35rLFX-Ach7Qgd33D7t1n6N8YQpY7T3eDotaA-bdTqfVgksh3hUDX0WyJL_np56F8oZHgaYz4m_GlOzWMnhbJGA6QI6-BJ1xpQVbNL3pbKiGsUDPCmYOFXFaZS5bXqk-4l-aTgnjbJd0d0gRO9JhpCi-DC_hekv8aJZ7YSLqIl2IvbgT-q2hYf2nZBG4WBXmkNkh7KWooE0NzSABsDSn4bIuLH48QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYuOqhtJrbgwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3SmOZxYkmnHBz5JkicQ1I-UzMhgA%26client%3Dca-pub-4379353840599633%26adurl%3D&cbvp=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
an-x-request-uuid: 9f82791a-9b72-43fe-9787-226be6a40a84
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.134; 185.213.155.134; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame E3D2 50 KB
19 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 13:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26759
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jan 2025 13:04:27 GMT

GET
H2 200 main.19.8.473.js Show response
static.adsafeprotected.com/ Frame EDE7 214 KB
66 KB 61ms
13ms Script
application/javascript 2600:9000:243d:2000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.473.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1898970/77442773/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4379353840599633&ias_chanId=1&ias_placementId=20903658371&bidurl=https://winzoro.net/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jU4fb-noNF-zsZPxsY4dw4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:2000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68687158d2c493d42ae6dee2f15fc2c761da3abf8d92c4474e1dbc527b6930d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:05:29 GMT
x-amz-version-id: TozINgEWWkvQmqDfTCTq3yrdeWW.56xS
content-encoding: gzip
via: 1.1 7965c3a45d2bf992e197c959a86e759c.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 98698
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 11 Jan 2024 21:47:36 GMT
server: AmazonS3
etag: W/"38edfb290172e1aef8532f19eb4cbbe4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: suy6q2jnEFFmaObV-M5664sFLxRzE9bMfow9rd2wtNDtpM_eoJPdTw==

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame B6EF 50 KB
19 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 13:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26759
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jan 2025 13:04:27 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2EE9
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C24fy4fKiZfjiJ5bB1fAP8oSC6AfMj86zdMrjnujxEbCQHxABIOOQ1RFgleKQgqAHoAH34pu0KMgBAqgDAcgDyQSqBMMBT9DCPe9BnvdMTyi4MqVQV2nG_MWTtR_wwXD0aFCnI37xPNBcBLu...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212780750324979679978%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window...

0
0

145ms
71ms

Fetch
text/css

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212780750324979679978%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223477947903635351313%22}&andc=true

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12780750324979679978","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"3477947903635351313"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 20:30:26 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12780750324979679978","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"3477947903635351313"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame CB90 39 KB
15 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 16:19:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jan 2025 16:19:44 GMT

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame EC5F 50 KB
19 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 13:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26759
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jan 2025 13:04:27 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 107 KB
22 KB 160ms
55ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8adb9b85292100b02bcaf8e97b9080e3236a6aad2bb8dc0354bf39e2237ae8aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 32588
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22632
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 11:27:18 GMT
expires: Sun, 12 Jan 2025 11:27:18 GMT
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EDE7 0
0 187ms
80ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2V5AlJWWOTfX_DHrtjGoYa9v7_O27Z38EE6m5dfqIFIke5GCFZhfnw9wdv5dIH1GRRjSseW14d-UmNiqhvCOfIreh3MHjNET1WgLjnFA_CI96bMHZ2nk60n3AeCXjflUNitt5UJx-2wW2uqxj4tqSR9S1NoxlzQnUrVPBwMAawVRYb7WmB2qMAzUx2JRlBW2tH3zdmX_t0HPwzWblI2ViuQQrVsJFqOiaJVye4wsiLg-S-nvJkw2uaee48p488xsQWaFg0OFkD_SJdawEJ8h-d1sy3k_rDOv1od39Ltbnf58xjNXKgvo7nyRKaKEpcGTiADcY6YFhDbfaGZGGzRcQDV5nx7b89fjxT53xZd6N3Xba-UMbwU87x6qypvkJNJV7X6Si-rmW6TimkPjCEDroOYLJVIoTbAIKk4RsxS76I81UxHNbUSkqvN2iIFbNOTT0whsUTERGslPXFtpcGHPtUUCmrxLYkyReWXpcGRi12RiEBriK8i_m58s6R55lVhRfPLqd0AgHeETPQLglsS_y_Yqxh4FJ3RTNpewmmdTuOtlamh5Z7sFiEBTEdFL0kJXsWFatQKUjY5djsjIztNDmKOXtX_kFYjANj3tiCD3IPy9m-TCHY3U-RXAns5B0OMoF3JuP-wZCrvgzn1MvKH3KJRWfID5YiNsWDTNFa7D24JS6vFvMTIZeWtOxzztq4sSy400yyWDet_LiU3x6FdiDx9YJoXAvOSan8c9-hhyfXpKCgBF3dfsG8rvak8G8R83U7kYKxW9UrlhzuQlwry4DSqIL5LP-0eWYXsiaCgeV1u3kPHn5h8u94BZD-hbUgTtK0cqX8HJx93aMYeyIhMFfV7B_uOLk0q7CfekeROKyZd5DHRLv2zTqE5RF6heTu0as4TYWtr_OOwmAB6xllUtR7sH014ctEL_f5jNSLRzFsVO4nblUP4_wu_cLMU4Hl-Wdv4dglkaoxVoSe3YS-WcR-I2daEOSOZwMpnrRruqImRSkVbATg9RlUg-UjQSAL0zKF9SDiIf7fO4KQX33X5eF6pKrrrawojYndfvBa-sQTjcUF5_68sOgZ9VILLuIXXl4GmaeDm5mCNV5R03hErzQrX4bjSNx5UTSPaQTZaKe0q4dYKOrGSNwI4duKWAjkAShLxPageSWyKGjdbXJHy_-WGeaGrC-dJ-9FAWtGcYyUkEmcznDkt4qmGQc2rEPUf48gJ_Njsed0DsLILwHkItC3K0rzuYwaQDVIVcLkieHeeAdBl8ax2wtqPXxHRfngvk&sai=AMfl-YSod2e5KGE0FWd6HtVL9RuO1XOh7KN0q2RhGIEFGSPmbfYhNBNIQV7hzj0JkMq92zhIyWH1i4ZHOzQt8ztBn--Ik-Wk2OhM67gNywaGSXqT5gpLpWUTGbb0m_pPG8mRCc8kki5Q5LrASTBFLe8qSgaXVrn1RIN2Ydl1SEmkO-uHoKELHmjZTeC0FGiGsiU32rI84p5doRwc3R5d_UXJWz7Zi-7WBJ7_B9_PjYayLJXdLOcv80wFVSU2EYo6RfKOFvj3YGalzt5Fv3YYodU635UjE3QWlE_gsqbX7RsPuvbBUpiBXyYqGWZNkkk9e0emKQ4&sig=Cg0ArKJSzBbhFCRjeMkNEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=251&cbvp=1&cstd=249&cisv=r20240109.51213&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 93656
tags.bluekai.com/site/ Frame EDE7 62 B
571 B 201ms
148ms Image
image/gif 69.192.160.219
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/93656?limit=0&phint=event%3Dimp&phint=aid%3D6531095&phint=cid%3D31200026&phint=crid%3D208225788&phint=pid%3D384554404
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.160.219 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-219.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Sat, 13 Jan 2024 20:30:26 GMT
content-length: 62
bk-server: 8f87
content-type: image/gif

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 162ms
70ms Preflight
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 20:30:26 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame EDE7
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1898970/77442773/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4379353840599633&ias_chanId=1&ias_placementId=20903658371&bi...
https://static.adsafeprotected.com/skeleton.js?ias_xappb=

17 B
465 B

9ms
9ms

Script
application/javascript

2600:9000:243d:2000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:243d:2000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 03:51:51 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 7965c3a45d2bf992e197c959a86e759c.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 31336716
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: _k__reTaMCQXD9yh4YOq0vzbtxa50wSbiAt4tXt5YOPkms9YuSPjSQ==

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: nginx
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6643 91 KB
23 KB 10ms
10ms Script
application/javascript 2600:9000:243d:2000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:2000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 7965c3a45d2bf992e197c959a86e759c.cloudfront.net (CloudFront)
date: Thu, 11 Jan 2024 08:50:00 GMT
x-amz-cf-pop: DUS51-P4
age: 1503610
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: tce4H0QCiGGgbUF1uhRUuaEsgn0L8c5iddbNxKSvAZa96HqwT3JNqA==

GET
H2 200 294956 Show response
yandex.ru/ads/meta/ 440 B
449 B 131ms
130ms XHR
application/json 2a02:6b8:a::a
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/meta/294956?target-ref=https%3A%2F%2Fwinzoro.net%2F&pcode-test-ids=913081%2C0%2C46%3B936322%2C0%2C56%3B918135%2C0%2C39%3B909920%2C0%2C89%3B943183%2C0%2C94%3B920184%2C0%2C95%3B886464%2C0%2C94%3B917807%2C0%2C28%3B936421%2C0%2C55%3B892905%2C0%2C5%3B937597%2C0%2C55%3B940996%2C0%2C39%3B944005%2C0%2C34%3B943322%2C0%2C67&pcode-flags-map=eJy1Wdty2zgS%2FRc9xxneL3mDSFDCmiS4IGhbSaVQmkST0a4vW44zM5tU%2Fn27AVASJQeqJLN5cCRZfQj05fTp9pfZFelVv%2BTXipSqJnNaq4oLxVo1J21LxezVmy%2BzP9a3nzazVzMpBjp7MXvafHxi7%2BF9koRhlM6%2Bvn2xh%2BkEL4dC9oq3qiNDT50IqZ9HoUEoWU%2FmNVUFH1qpBC2ZoIWEk5Cuc2MEXhQFu1PAI1Uz1JIJXteA1kp8QYW6JrJY0lJJ1lDFq6qn0o0bBl66v52gUqzwVi2V11xcKioEd%2FsnjZMozXcI8PTiEpy84oNUfc3hB3tN1RwuXBLBaO8GSzM%2F8jUY3gAxOkH1JffXvWIl5cr%2BfgLne%2FBvgpeHeeqdwZsPVQWuo00nV6pmDTsG%2FW7Eq46w8u8%2FYTXA6x9FbTFX%2F%2BaTfgPzp%2BLzPOb%2FzwM%2FGn1M9oUgc1XTdiGXEyMo1uzQLPMyL412ZrTVJCAFgVK5Yv1AasMryEr0RlLRwidl76aEzA8S7wdA9Qc9qaiqBGnc1KWfYehBCOSZHr4BhAUPlEimHUEIwO41KhlKxlUhKJHs6kypZ5EX%2BPHu%2BGOQJAcS6iUREmmoYgIeVCyH9lJVhNUTxHga8SwK0mAPSKTEmPbfgxi6AOGuwLpFzShQd00X4E3WVlxdL5lm9PaKwiNM8qN%2Fztw%2B9rLsgHfbEpKQzNEFpEQk1sMHg6jx0Nd0zs95M%2FWiPQsvKNxx6CVv1FVDup13r0g9TCOeHNVNlsRhsm80tACIQhKTNA2pa%2Fcx0iyKolNrbamumVwqCbn4PRhj7JpBQl8DZ5y2pHhinge%2Bl2jzHryqbMstMV3lqqPY9jt%2BTQWtKlZAMIvVBGzz13%2BmcJPSJWU5VlpHFtBiO8mgKkwhYKppd9esvXTfMc9z2%2BfGdt5SLU%2FG4sHQu86V%2Bx5oAo3QFbykP4nRAy8AdbR9TdDNELeOtHAzgHMjZEkW7BA0LeBBVgTy%2BUaR1mkc%2BInvTZwwHxQrMOF1pnAOJO0mwTz0s3BfoxWDNOuGec0KRXoQP%2F33cWoeRlmQTKItIf9YeRDhs8HNwyTx9sGF9MV0gZruwaETS8gBPwwmtlGQpcFEK1qNWPTC5cw496FutKHubUbZqqFlFYOAshY8UJGCujGywIpBzCSoECi%2Bpar5ghUuuwRikESTQ0MwBdRHK60gxMbdQ17SVvVHMTgBy31b%2FgWSBm9HcqzgCorppgVnIiV1pmaSZnliGBEzqwLt2Zb1yjQ9JIFjye22n19qIWvyyZA8YECdzLkbJY9sA0WUmkJ5AkLjtEmyKDH5c%2BC2hQChVtL%2BUnL3ubMk8sND%2F2nChDYFIAd4LUhzKLWKLQaYQ6DycB4pKNCG062p70VpPCoCkyZyEK0ND7RHiLZcCj4sls4qSX1%2F7Fg1eb3SEVWayg7Nvsx%2B2zy9%2B71ZP37Y3s9e%2BbH3Ynb38Ov2dtO%2FW99u7z%2FMXgVfJ6gx5LAhpAbbxj8HOlAggE7Na1RGNZt25jezu%2FX29uXjJzjbf9f37zd%2FwetftnfrD5uPk48%2BrO%2F0J%2B8%2Fb%2B7N19d%2FbJ8ezMu7lwdv3t9v7aeIvEOADx7Xn28fPv9uf%2F350fz%2F6XH98n7z58eTL%2Fxr%2FXC31aZvn79ia2i%2BoWKBP0tGlCSL3hm%2FMAhscumyoBB7aBeFbmNuwzj0LNWDuihpRYBnTBdsh2ZOnfSUxn5ohbMemPXIi%2F0TZnBamIoE0cqAO87ApF686zekbJCdFppyWFmR0%2FBOPJfFcW4bzqSCD%2BtC8qFYmuqoea9PaASIoP8AHj5THVB8kZF1K%2BiFEJ7CuHhec0g%2BqGBQi5I%2Bk4Xigl0EUe7D6HDhA%2BTh%2B%2BDofXj0PtLvyUUQwxiUBtaeXMQZEsmF7%2FuTBMq8PPFNk6sYNOmSdDqNzKA%2BLJxyyI%2BjODqoL1SarMEkwICYhHQCxH6UG4Cqh%2BBxmEfYjdsiDC2h2XyHbMXpBnmUaFGPCxDo8VAC7eCGinIreJZElFo3GZQeElqSYum0htpJkl17XHRSQc6wTp4zsvfVPRivwFGK2OzQjUzvos70xQx0aBI%2BA2TlTkek%2B%2FR7%2B%2F0WqsEaMtp%2B%2BvQ3eY48kwYvcnB%2F5IXJiyTMgfrDeJJKGXBCPgG1kxGquJ%2FDDY3XrNrG7EI5X0Dc3NI6i1Ob3YI2HNMFWGLu5LYsSwLbpat%2BbLLj5KCgYlVDcGyANHfPCr6X5Wf4Rc92BWpRrlkGNaZgiyW8guvVtJJmOCfAymcelgS%2BzcZBoM%2BxDN33BJss3NGnLaeF4T0sIK2ZnZrd8%2BLYOwzMOPjyDkCEnIM4IgqkQXVEcGPgAW0M%2FYSVci9IcnMfIxnxhIJC%2F4aZYr7Sb5l7GPFS3yoK%2FWXNSmApsFLsrnaBfWLiozdhAnZePj0LKGFvzAdBryHpqBkf3QNN4HmG%2Fa38Zq1%2BJDY8UtuiBY%2FzOchj8BqQAByOLpwTKKDGdvVrlfBu1NJjEnIRrjpwcnPjhEG8H5V222%2BAwwnJST5gG8XZlDy00tMKEgn0eLQ5AYhDm3nojBFk3EsgU5S8GBqcGEan7NzkBsZNikumV9BkxLk5Flqnf65yEX%2B3R9JihdVM7o7pxA%2B9OLNLCRQ7JUdCcVv4wGPGYsmHujS7T%2B114%2F9xyNfj2eE5gb%2FYot0PKXIxJZL17a16eNxu7p%2FWT9uHe%2FXudvvu3%2BtfbzfT54cw3B8%2B39b76YMmE9Hxw06utYMtX48%2BvaQ1lefyx8%2FGRmOVJ%2BQNZAqFofy4vA5is8slelPUA7T7RpAzLAKjrN1LmsNBg%2BeXeFs87%2B6hbojUy%2Fc7I4RZArljc2Ttpa0cvS8t5dCeSZw0sIWnl4AoISH7lszN0mEK9bpjQr0Q2HFpc7z1PDaOQEUmh3yzHMg1ZZbYz5iOfwvCNvYMCRMhiJvtIj%2BNw3F9R%2BjV5Mv2L13%2BdAcVepl%2FuoMybQ03qLp1F5eQx9ztNj%2Fzw%2FgUqUWJiH93kBBC7NKQ%2BFr4nSM9Lx%2FlJin78vKYyvIIt1fT2%2BtPjEXFbxTrtUg41obvnm6n1eH5dvnzbfo6rV%2BzvLRfbtx3AYkU2R0PuqQjK83V2rUC5LOZBiQ7mt8eN%2B%2BnHk4zK7Q6wRt9UGPZ8J64t0xYmFbwjO3jmpXQAEGySNa6x94sD3LvuCJuGOENOzQLp0UU5%2BnzRXSm%2BEa7nUTab1ONkJ1228mQmkeQNck3alevaE%2FWiCclFHknd2VNN3FQ%2FLyBXsA8k6dhcLSm1J98ffv1fwTAJvk%3D&pcode-icookie=tmuKzTEaNnEmNiRVUCYiA%2Fh3FgfchaTL0nKeWnLfWMIAuIaTy7Iwt%2B1zeMAilDzi91YPXQQiwIOuQMIuWDI%2FxufHGyE%3D&duid=MTcwNTE3NzgyNTM2OTA2MDA1Mg%3D%3D&imp-id=16&enable-flat-highlight=1&charset=utf-8&comboblock-unencoded-vast=1&test-tag=119846767427586&ad-session-id=6969581705177824468&target-id=14688299&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fwinzoro.net&top-ancestor-undetermined=0&pcode-version=943322&pcodever=943322&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A9.7%2C%22isInIframe%22%3Afalse%2C%22w%22%3A1598%2C%22h%22%3A90%2C%22width%22%3A1598%2C%22height%22%3A90%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1%2C%22top%22%3A1231%2C%22sspInfo%22%3A%7B%22deviceSizeSsp%22%3A%7B%7D%7D%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A19%2C%22right%22%3A19%7D%2C%22req_no%22%3A1%7D&grab-orig-len=3800&grab=eyJncmFiX3ZlcnNpb24iOjJ9CiKkFIzsKOoAqDEHrMTcLzwnbcw5zMmxf_ax5ru02SApLSUlpyWKiKiOKrAn8T7mxH5tZsu8pK2XwEnMPaenN4UD9EQArjCcqEWF5lZ8_wZ8mpYII4QwDIigGNMZI72Bls5YlCZauiiPDAVtCDMAKZQFCEJFiBmqQ3moCtV_4PKAMFQHCA6aOoQcEIWav2VNCO2W4B1cqKHsA6Jblp1MzRPnmSkljt_hcDmcLqvL5gINCZ2ruafTF1H5WakvUDGbitic5CRRnmbMb06zqMgiVMxcDC_Isftv1pWvCFUnvizEGSDyAC-EXI2jWmD-QH-7J0aIvRsBkfuX51AR4Ll7W3Wjq9w7v_LW5Qem-tvBDOB-KD3hpAdLeRCg3DrO8XtDyZbn3ZTfbLe_UJQBwQ1BtH2uKFdNzQkN5dolDPB-dxS3IduqrejYt0ngAz-pylBzk2huCfdPDPXBlW5VbsCTy-wSrRRpoSVOE1NcF8tr1hvDL6P7qniATvdb3W9z8y-N2xtAJpBrN89qecXbFoRrVFVOoNTT1g6PV9XL7dVlJEOq5BjHvlqoDu6eD_tGkkkSKc5DgLtVcrV7U6Qmbbt0kbzZUMYxKmYfKIUhNZMezKJMmGnpTDnIHgTipCQhKYThtVykBXn0eWbIs-INB0J4GWlKllZQ3pibTEV2qyUtXUxSZrQI8wzUNEnpXAOUznUwXCe8BybIH-KczIghd5YbwWxsPv1VisQu5og8TfQnhg9QkHMgxFf3pOZ8p6o6zjMx9JkmhH0lgbxl4dm8D9YD8K3TkyS5vky03bXoehzlZlItKIDTFQMlKw-KzuBBmnQeHEMurlcI7Mbuxft5UgBXdNjdFN0CyEQTQajgvykZX0dBWWS6r5MZQhdxPITteJyJDYzgK3MmPqCuv42O7UnJiRSgxd7DmTRYlUdwJgnYypE4kwSg--V9VTkn0mB4f8tRW_MZ86beJ3EmPFBzolBnEMUGMwbxBus2lX8F6kTJ5whV-26QlLiMyZ6FMgDxuuIoW3Aua_A34AQlunRHR3eNI1aelpsKijKhobK853wC7lAvLOtZ3pcnPG60prkL347RIVlGtFRwEShsoxMbHXybLqPSkJJJ-qgOk4mpuiERaLExTSJ_iH6cvRnhZeTzbZ3lCkbVB7HD6ZT8hZ360T7o-ZWJRhel-hvSS37Jf4gYzDSNJKyihK2v1lGWUc3xjM3_Vf8OHGo7gIRj8dHElqiMYhGRq4CqwTzZSRnlGVmkJSlIDLqYmRa1JOxEAFYRMHDtDOItUehOUTgdOBgGF_jPIVWZkD55HhufJM1MEDaP-7ZNW8UONWzNICNXGXQwOFgpg0jTSBc_ijJZAam153lHkUW3qWPgKnVWRhsrpY7mTet5hZ4k0n4cJUUBQZMHsGNwsYZtUIOH9NHbWSl91JQIn9L-iI96DmHTCOdgHy0ebQiIo7EfaLZm0GHn5rjeyeBkofRRl1nO_iSKkqoFSZTgxxvtjFZWyiflcWxOyuMs1mUxhLwz9tDFHDYuHo2JlZJoGaGQl_kR5rNcXzyKPDE8smz-CwJRneH4uIPsZAAdVi7-C7WDhf4LUUqqTTuLj1IXdbLQc-64IbLTM9BD5OwdWAR6QRwL47o3TpYEv8uQUUdZ570XK1ypEKhFrB_aoY83og5A8GrLGwMq1lHwxR2HcQwpweJphJAb-wNcD8YQkDtrgD_Y0UKI7D7b9LYHst3pYAQS29kIAbxQNgegk5vzZnqrnYWIvRb9Jd74NIbLeXbFB7n4RT9nO12lxjTyCU0hzuD1LG7j4oaJw3fxHcFPouzP6GQhEi7iAtRikWchSu6o8ticJia2ptjOwAUrQm9lIVaESpuV-tzMft-sUYcfmTnNkJRm0pKsSMAHZhLTo7Y6WMdhoyTdh0VMg_gjY6Ev2J9ECWqqzy9bk2nlPJlORlZKJliGwhwluXmYbHTGZDJywWQ6rHZ20WwgPv2GO2rOii4NCJY2dpUAhyk5ljJKE92jSEFJnzg_uqpFl5Gt3CJ-1GCga3KmnYmbB7ceNYf3GzjAgQdfs-5zDqIr1Zi2SmvQ6BsXlJ6eG7LJM6JmIcQoRAVgy_hRaimKhESXkT7KPNK-ZVCCnyYhzRb3OkbP2Ng2Jm7oLrZncNhYyb3ASCmKLH_kOVkZG3NtqS8fTORU6Dhx3BCqbM_IOgj1VGlU2p8mi3L9EasfIVjIPtbp9UuYRt9pY-AGcd5hfUYGFqKNUBX6NHuLodRellHkWh06zh4X2Oz2Z7DxRta1g6OUEkEOMbY3tGNkbwhjzE7W9mgtfcYMAmeNe3gZEXg2iEdxkI-VhmZtSYbKoKBzGe0ikx77EVXciZuD2GZ_HrnypgcuhBbgBfB_yIyLcrOjANHiHm3_6X2Mc9ZSgfBHex_TMwFYjrA29g7-TL2ba2yjDvAH7iy3KYXmxzZLvaMOvsliJsu7nMfZDOljUlyEYK111xDK4A3JbOffXnd_bRp2RvWPofYMN3IkFRuDAvlYNtwwAfDTyQw9Ur151D8GCVA8uYtVoB5rqyOX-kI3xoCI6KvXvra2XbDpF36d_WmAcFe35UVouPJs0lvHXOrbBaiH-IK5PKlmLh_5gLDW-h9IbaYk83XRbxblJF-1ifIJIbJvROxFWd-hFaOf39yv0Cfkdq0RV8PXhR8l_laQxzkO5p7lyxe0g4D1m-iDcrE9seunp3vA7xGrjpUBQV1g9XGn2Kr7Qk4CNCee3K_itjFi-3Y_0Fpx3pvOiyDCAA_NhwDvUAJMmqRosqM6nSiyzeI2IaioLqiGPsY5V17gPNRjAkENbUFNaC9GATDVZSwRO4pakRlKlUhPhXkSKR2DSLjbezubYs65vWf8WrpFHA57fUKQaBKBoI1XVpNbNmnYcshbmbgTruwVsQfJhZ5dIf52Py4VJwn3EtARqxF8-oCounGJ-caDhsRtc1vdq0-8fBOOMch2UZvejHrzht6Fwl5lV9D39cnYDYDvuewWAnsfTDrT4IgP8CahyUxJmpvQhLCPlQPmQhpmy1dMLF2lj1N42-ac__C0YYpgcyXv-WT-usS5ansJDPWKa51j_xQrrdb2aXiNggf8DDMH3PuCWrVCDnqbILTP-A-5wcPbF_fsQRyRsbyD6tDl_0Mdw_UP9XfuoVHm5iSN06O5IpQ4eQcwlP239-N6KiTt2Gjv1HSQ4_etHEs39dZsjH2PP1Ekr5lBdcte0bddyO3WiqkBwd742mH2KY7b3Brc-ir6JP2Ol8thee5DsOaqe1e1M80P3DsGgK5P3n88tffZc6rK-f_26P7sYXKlq1A_8iSTq-pz9X5Z5TPRIxHHa2B9qFHWLyGqadJLuYorhm60NGU-szv_2VLvmTy2iKj294qZEGZadmYc_pT571bGlXcP-5yy3_7gYi0D3s1Bn3iZQMSZ16gUxyWBI_bHdjxJfSa3HqrAuvCgUUDrLHSwbGQMr53OGelAwh-7H7mnluexP3A95cANvy39HDjsdVC5rzsIdajfPg4K7qa7o92fAnMQ3n3m6GDizlPyV9zbkkNCP93Ns2wTtlCHhu51N4_TIYc5unfNP1bT0B7tt-0_nBDWhwA9qhj0A3UXeccI9IEAME_FywEjbxK5T1kjr8jgPPT_-GqDk0er_Uc90kSUpIWI4eSRJTXnpUF485qH2VTfcVafxjhutarApU_KF-VtdP9EORttQmbaP4rBMOYTC8emgL21BbwF0SKtxmjShGyFe9fCskUNL9YJlLXrfaBbo801yjkA_A%3D%3D&uniformat=true&callback=Ya%5B3280049958668%5D

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

65c67dee4a50229434e645ad20f4dbed161d96cb7392d0d8d7dff4fc9f180367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1705177826540031-11144611996844721043-balancer-l7leveler-kubr-yp-sas-55-BAL-3342
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
uniformat-product-type: None
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Sat, 13 Jan 2024 20:30:26 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
uniformat: true
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:30:26 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
215 B 567ms
186ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbdv,pingTime:-3,time:173,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:157%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:173,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:157,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B25~0%5D,as:%5B25~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,rmeas:1,rend:0,renddet:DIV,siq:158%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
215 B 567ms
187ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbdv,pingTime:-6,time:173,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:173,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:157,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B25~0%5D,as:%5B25~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,rmeas:1,rend:0,renddet:DIV,siq:158%7D&tpiLookup=ao:winzoro.net*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
216 B 558ms
184ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbdC,pingTime:-2,time:180,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:522,beZ:523,mfA:667,cmA:668,inA:669,inZ:671,prA:671,prZ:677,si:680,poA:680,poZ:689,cmZ:689,mfZ:689,loA:695,loZ:697,ltA:702,ltZ:702,mdA:524,mdZ:595%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:157%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:180,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:157,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B32~0%5D,as:%5B32~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:158,sinceFw:22,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame F1DD 32 KB
11 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 23:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 13 Jan 2024 23:49:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB90 0
20 B 91ms
90ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BigxE4vKiZfSyAa7N9u8PzaOI8AIAAAAAOAHgBAI&bg=!i4iliMfNAAaumcC-jpk7ADQBe5WfOELZwEU3tPMOCacK50TzRkACoNLiLrz-1J77X3VTh3ZM_ONXYmEUmFuzFiH6IOyGAgAAAGRSAAAAAmgBB5kDA99RjxXQkTHKcBXwv1T97R3SbktFRgvljcLLHDOzVGqAILzzrDZ1XQJR-PvUs2qDERUjWdZQ5UKcr9LoQdQffaKgHUp4WLHkbF2NBYMqYknoH4S1m5kBUJ3DBXKkNci_oPT5nnoILb6Rbyap5mRk0xV3P5_q5dNZcIuu1gzXcfdQWe8BLFvQQHxjp2Y7ObRZPK-zn9BLnbVSn2F94EFGm9GmFz69WeqFhqBKXAatKFLt6ZgQZJl6X2BSxVH8fNtD3qWfIPLnuNHiPrdVl49HvAGsljCEKhv1jZYCRcH9Hp_wVuFkPq8EsstFkQ9B7Uh31b3jJOQusEgJ0H0zgsl2kxKNm7L3PsaUKMa1tEh8NM-E2RtWUSCHfbAKPrtaBMRnP7nIeljbhfVtg4XRHHWJmtBoRO9atLBysbffl4_-0jMSRBIzTz7E2Ye71towoR4xm1mp5LpAuS7MgR_1WxNhZutfmKPEJeFgvcKvWaNGSSfpKVa3F1S-APowUHMhyJRo0Eeo_bOrTu_nBpfUNRjs5avD5INcEH6Dbm5Vk674s6SwskVtZDW51Vt3ZuBqVGnX7TR--PcchunHHi0-6EPrL10rwQOpb0rr7HNTtrLqQxoDRidbFtE4O-WfgPKg6h4oqpzfn6hJDkBaa8OpXKQCFM4JxvSilFWZZgji0ug1Pw4s-gOpxn9pbeE-q-sPfesLPNYVa2RgJDlWQArxBDWa0ReCZR_RgNghNwtrwwkqvKwIc9s7sAE8ksWzdINrmimm7r2uHlE2Q-_JbSYSUgfTX-V1rKX8KjzxD881a5gnmLFB6bERP-d78ItVgv009MRxNyV57_-jDOV2KZXUITylbF6UkE5QhpUzRoZvh6jo1NJLuCo5ax7KAADaFvL_eDz7PRWKDURkxsL_PUhChS_pE8T44j_zYITDgOe8lKMCNpxKRTqz41kzUHE3QgwpoHvJjr5kD44bzNALBPb4KVRIxXalvg59Xf1VXHLlkUpYWaFRzoR87-OSdM_6BCjs-2h7LEhOEg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EDE7 0
0 76ms
75ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2V5AlJWWOTfX_DHrtjGoYa9v7_O27Z38EE6m5dfqIFIke5GCFZhfnw9wdv5dIH1GRRjSseW14d-UmNiqhvCOfIreh3MHjNET1WgLjnFA_CI96bMHZ2nk60n3AeCXjflUNitt5UJx-2wW2uqxj4tqSR9S1NoxlzQnUrVPBwMAawVRYb7WmB2qMAzUx2JRlBW2tH3zdmX_t0HPwzWblI2ViuQQrVsJFqOiaJVye4wsiLg-S-nvJkw2uaee48p488xsQWaFg0OFkD_SJdawEJ8h-d1sy3k_rDOv1od39Ltbnf58xjNXKgvo7nyRKaKEpcGTiADcY6YFhDbfaGZGGzRcQDV5nx7b89fjxT53xZd6N3Xba-UMbwU87x6qypvkJNJV7X6Si-rmW6TimkPjCEDroOYLJVIoTbAIKk4RsxS76I81UxHNbUSkqvN2iIFbNOTT0whsUTERGslPXFtpcGHPtUUCmrxLYkyReWXpcGRi12RiEBriK8i_m58s6R55lVhRfPLqd0AgHeETPQLglsS_y_Yqxh4FJ3RTNpewmmdTuOtlamh5Z7sFiEBTEdFL0kJXsWFatQKUjY5djsjIztNDmKOXtX_kFYjANj3tiCD3IPy9m-TCHY3U-RXAns5B0OMoF3JuP-wZCrvgzn1MvKH3KJRWfID5YiNsWDTNFa7D24JS6vFvMTIZeWtOxzztq4sSy400yyWDet_LiU3x6FdiDx9YJoXAvOSan8c9-hhyfXpKCgBF3dfsG8rvak8G8R83U7kYKxW9UrlhzuQlwry4DSqIL5LP-0eWYXsiaCgeV1u3kPHn5h8u94BZD-hbUgTtK0cqX8HJx93aMYeyIhMFfV7B_uOLk0q7CfekeROKyZd5DHRLv2zTqE5RF6heTu0as4TYWtr_OOwmAB6xllUtR7sH014ctEL_f5jNSLRzFsVO4nblUP4_wu_cLMU4Hl-Wdv4dglkaoxVoSe3YS-WcR-I2daEOSOZwMpnrRruqImRSkVbATg9RlUg-UjQSAL0zKF9SDiIf7fO4KQX33X5eF6pKrrrawojYndfvBa-sQTjcUF5_68sOgZ9VILLuIXXl4GmaeDm5mCNV5R03hErzQrX4bjSNx5UTSPaQTZaKe0q4dYKOrGSNwI4duKWAjkAShLxPageSWyKGjdbXJHy_-WGeaGrC-dJ-9FAWtGcYyUkEmcznDkt4qmGQc2rEPUf48gJ_Njsed0DsLILwHkItC3K0rzuYwaQDVIVcLkieHeeAdBl8ax2wtqPXxHRfngvk&sai=AMfl-YSod2e5KGE0FWd6HtVL9RuO1XOh7KN0q2RhGIEFGSPmbfYhNBNIQV7hzj0JkMq92zhIyWH1i4ZHOzQt8ztBn--Ik-Wk2OhM67gNywaGSXqT5gpLpWUTGbb0m_pPG8mRCc8kki5Q5LrASTBFLe8qSgaXVrn1RIN2Ydl1SEmkO-uHoKELHmjZTeC0FGiGsiU32rI84p5doRwc3R5d_UXJWz7Zi-7WBJ7_B9_PjYayLJXdLOcv80wFVSU2EYo6RfKOFvj3YGalzt5Fv3YYodU635UjE3QWlE_gsqbX7RsPuvbBUpiBXyYqGWZNkkk9e0emKQ4&sig=Cg0ArKJSzBbhFCRjeMkNEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=496&vt=11&dtpt=245&dett=3&cstd=249&cisv=r20240109.51213&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 20:30:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Logo.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 5 KB
5 KB 59ms
58ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/Logo.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70857504e246762877461c8aa20de02df0d734bb0ad14dde07cb0e02cff8fb91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 01:23:49 GMT
date: Sat, 13 Jan 2024 01:23:49 GMT
x-content-type-options: nosniff
age: 68797
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5264
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 preis.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 3 KB
3 KB 58ms
57ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/preis.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15ccee2d40ee38a8ae37ac2127e8848538e32bb4f3818ddd0a7dfca8c8c27f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 12:28:54 GMT
date: Sat, 13 Jan 2024 12:28:54 GMT
x-content-type-options: nosniff
age: 28892
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2604
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Product.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 4 KB
4 KB 74ms
73ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/Product.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03ab6a2705d68b74be89276301d8af152e0860463294152ed1fe89353c44c724

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sat, 11 Jan 2025 11:43:10 GMT
date: Fri, 12 Jan 2024 11:43:10 GMT
x-content-type-options: nosniff
age: 118036
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4237
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Date.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 914 B
942 B 87ms
87ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/Date.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3039b83f93f42d39138d253991aaa0ed99c7d63ac80aa4ab9b00f25b43b9ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 06:28:34 GMT
date: Sat, 13 Jan 2024 06:28:34 GMT
x-content-type-options: nosniff
age: 50512
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 914
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 HL.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 1 KB
1 KB 86ms
85ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/HL.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4be0f63f270ac9e5fa60b6e0560cfff6ed5a1ea06a39ffe6c0f28d098baa569f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 08:19:13 GMT
date: Sat, 13 Jan 2024 08:19:13 GMT
x-content-type-options: nosniff
age: 43873
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1464
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Visual.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 5 KB
5 KB 79ms
78ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/Visual.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa9264be58c8ef61d1bd2e36c7ee38974a8c79e198a8859eaee5eca85c996e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sat, 11 Jan 2025 15:23:33 GMT
date: Fri, 12 Jan 2024 15:23:33 GMT
x-content-type-options: nosniff
age: 104813
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5048
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 BG2.png
s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/ Frame F1DD 9 KB
9 KB 66ms
66ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/BG2.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2bcea3cd95d241d79f71ce3066c3670e8af27fdde3b26e5e21dd5c01a3bacad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1722357807103029491/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 09:10:49 GMT
date: Sat, 13 Jan 2024 09:10:49 GMT
x-content-type-options: nosniff
age: 40777
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9404
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:19:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
215 B 278ms
185ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbi9,pingTime:-10,time:461,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjIxNiBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1705177826808%7C%7C429d2a6d2b0d1ba3b00202905c7fafe4%7C%7Cacc8ce73e974315fdfcc4ebb5f3c527d%7C%7C8495c14f359bfd3a8b0b8393474af975%7C%7C8647a696db4dd33689d8d7486f91f616%7C%7C348a54be8b9550854c0b27c26e72ad3e%7C%7C524ecbe73b9ee9347cbaa8522cb36c1f%7C%7C6fc8735febb96d5b8b55e4448c13f2a2%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:26 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 87ms
87ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240109&jk=1379562072330320&bg=!jo2ljcLNAAaumcC-jpk7ADQBe5WfOPzW-MRNzIBGnPBVd6cjfVvSYmSyx2wNG7FSRA_RCtnIDUxz2-N2aNyDc--X3R2qAgAAADpSAAAAAmgBBwoA3k77Y-4xz8vheZ_WUA6FJGmAN9vReTKWjgaoOz-u76uwL1Ku1pKcBuAPHl0mOLCoV8AAxoQ4SsCkSTe8eRVbX-n5urJJyuhSzgARsRyjplpprxFO3eMjg8eRzj5xmZFv4wcqiE6AX2HoJND0gBTZStmhTsuVZ7na4hBTBy8osrccw3qw0JrWO3J5inde2C7iNwnsOJQt2QtB7eqB6-w0QVT4HlXgASSjlWAWEOowlIJrJW0gEBdUUsyQMlc4SX5WqF9pXqxd74_u07LI5LNS4MGbb68Hnso2u12rMy0G9pkCrSvslF7yv64nDdS7Vz2x8IkvlbVMyHBxq_kkXYdcsNURLZa9rpmjyDSETK7BQRhWEjkXJWB8d-n_ssymvJn0eIHzkRQ-JCssz7E7dMluaDEMBkqJDNg-tyXXOrEG_Jfcs7oMOVjFD7-VYujBHrN2QCQHbUk5f8TrqfanhLOViQGjIrGOFiZf4wx9qQXgKc0HiK4PLMmYAUh24LauX868BMEsVd6B0L5u-iucwjrTM01G_yBe6as080gocadwb_suhJRkYQzkQhggPErjKMyOTJs4v8UsQx_94bQmL_UUcBgX1MA1yCKXlANDDb1971z7tLu-gc0ioNj_VXXj6vIjyokMIuj0adxngKoYi_vnjaPjCygOHDky8inM2kR26XdvlL411j8M01wqJp6tDg_ToFm3aFWs7dp6cBMTOJ6T0Qy3mrEYh-81fQdyfPwJZhvgDSydyslR7uXcmIuMWkYUZxjWPj7e3LD1I_T2Q275sxEiDOwreZ06hjlUubO1KJzRtGH0f2W2-q0PW3G6chZU9ymyj9W99LBOT0DA3DQ7eRZqQDQRLQ4hayNZUiz6T3NxwwlLOcFX6fLkT2BCAF567fgtbQvO9avf5GwcMzb9lnz6wFO06fui9fGZR9RUzoqBvULhgvVxKVwBhhoIBsdz-EfPN72zlIyv3kEuWXO88CUqy_Dszj56GBF3ozX4BU3cp4OLiYXqAPf0r8tDobox9iSokCvXbhPF1kaf0GEYjBgJu87SzTRDemmo6JKkpFy1YJkbRoSTMLcY05kkqpmgUGMbpWFZk-cvqldX-vGsnad8GVny6J9mrK7eaH6B38cJ7xnsaSEVUZtEC1ouJf6XyfqCU0MMQM4QEHbKO77ahL8hFRxEPeKvsw_fBrkLZFxE6Zm1cqaQImcFJBDr3g8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

POST
H2 200 vevent
ams3-ib.adnxs.com/ Frame 30BB 0
840 B 32ms
32ms Ping
text/html 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwinzoro.net&e=wqT_3QKWB-iWAwAAAwDWAAUBCODli60GEIT38p7M0sXoaRgAKjYJjeTHU3Y_pj8RZ5aUWTqupT8ZAAAAgD0K1z8hZw0SACkRJNAxAAAA4FG4rj8w_JnmAzi1AUC1XkjjA1C6iYq2AVi_sT1gAGifpFR4tPYFgAEBigEDVVNEkgUG8EmYAaABoAHYBKgBAbABALgBAcABBcgBAtABANgBAOABAPABAPoBDTEtd2luem9yby5uZXTYAvAG4AKiqDHqAhNodHRwczovL3dpbhEfVIADAIgDAZADAJgDCaADAaoDmgMKsAIVKfCGd3cuYmluZy5jb20vYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9ZGExZDVmM2UtMjgxZi00N2NlLWFhOGMtODE5NTU0ZTZhMjQ3JmJpZElkPTE1MDAwJmJpZGRlcklkPTQmY21FeHBJZD1MVjMmb0FkVW5pFVwYcHVibGlzaAUpLDE2MjY0NTMzMCZySZpxALhydHlwZT1udXJsJnRhZ0lkPTc5NjU5NDgmdHJhZmZpY0dyb3VwPWtuYXFlXzNjJg0WCFN1YgkZ9CoBZXJmcmVpciZhaWQ9JHtBVUNUSU9OX0lEfRIFMTIwODUaEzc2MjQ5MDA0NzIzMTE5NTQzMDgiCTM4MTg0NjcxNCoEYmluZzo4VTJWaGNtTm9RV1FqTnprM01UUTRNREF4TVRnMU1qWWpNak16TVRVeE5EUXdOekF6TURNMk53PT3AA9gEyAMA2AOxuTTgAwDoAwD4AwOABACSBAQvdWFwmAQAqAQAsgQMCAAQABgAIAAwADgAuAQAwAQAyAQA2gQCCAHgBAHwBLqJirYBiAUBmAUAoAXm4deF3efP8CXABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWNYPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCjQTaBhYKEAAAAAAAAAARPXgAEAAYAOAGAfIGAggAgAcBiAcAoAcByAe09gXSBw0JEScBJgzaBwYIBQmo4AcA6gcCCADwB4njAooIAhAAlQgAAIA_mAgBwAjwBtIICQj___8_EAIYAA..&s=92d2bfa598686f797b539834da9f7062be7ecdc7&type=pv&jm=1003&px=0&py=0&bw=160&bh=160&sf=1&sid=7845925511445117869&vd=ct~0|rr~5&sv=240&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=7965948&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/240/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:27 GMT
an-x-request-uuid: 27a00404-1121-4a9e-bf82-20af2e52d7d5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.134; 185.213.155.134; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EDE7 42 B
64 B 90ms
90ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstbQbUm18TJekuIB8nB-o2lW5KxfIT3VPzBmQWEA2inQX23XzI1iGcFnLD0_tprQhNvAePjcxnMJTd0lnM2mFMXkh2euO4htCR-I0lkyGzlOPQV22DZfvx79LVUTN6husI130luQPoK43DrW5g20UBcSWtw&sai=AMfl-YQvUXVXkkjZtwnTwMe1nLBFPS5FIAQzY0gGaRfsoMUzASW2zQimevfAVfAulvlOdISXMiFPZv6hoVu6pQoEy026R2jYbQR0LVl6QwuyBPv78y0gKjL49XujX55VgiJ9MlGS3G_g6g8Dul7vZ7qqwQ&sig=Cg0ArKJSzHKxFGa_LwpFEAE&cid=CAQSTwAvHhf_j_l0NckTnQlAxtGJUptVkNn1SvE3AAkP3hdsiSILgW9ktjrkGizoJjdifAJs5vDlW5mqr5N1DpFdLCUEpnbdNJr7D6NwBS-jQAwYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=490,906,1000,1000,1000&tos=490,416,94,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705177825826&rpt=395&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

c.gif
www.bing.com/aes/ Frame 30BB
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=3b6910c6-5a5e-4f6f-84fd-ec507bad4ad2&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=da1d5f3e-281f-47ce...
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=23d4720c7b8e407990373e322b111f36&tids=15000&med=10

0
18 B

59ms
59ms

Image
text/plain

2a02:26f0:3500:1b::1724:a38c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=23d4720c7b8e407990373e322b111f36&tids=15000&med=10
Protocol: H3
Server: 2a02:26f0:3500:1b::1724:a38c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 68C13F09C7644836A3F782AD1F1CFF6F Ref B: FRA31EDGE0105 Ref C: 2024-01-13T20:30:27Z
x-cdn-traceid: 0.8ca12417.1705177827.22373d95
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
alt-svc: h3=":443"; ma=93600
content-length: 0
quic-version: 0x00000001

Redirect headers

expires: 0
pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Sat, 13 Jan 2024 20:30:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 207D853494E142E39F96FB4639A166DA Ref B: FRA31EDGE0122 Ref C: 2024-01-13T20:30:27Z
x-cdn-traceid: 0.8ca12417.1705177827.22373cc3
vary: Origin
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=23d4720c7b8e407990373e322b111f36&tids=15000&med=10
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=93600
content-length: 146
quic-version: 0x00000001

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 30BB 42 B
64 B 89ms
88ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstuxnIc4xi5Hc2O1ZSWGWONAG_l9f62x14bsA0RA-rqX4NTqv-tcA2gqy-9WWabBoWagPNQbPoI_laRlk1WlIOwzo18Eg-nkzMhtuwhHoea9M21Cs8H7g&sig=Cg0ArKJSzJul2ajCCVq9EAE&id=lidar2&mcvt=1001&p=0,0,600,160&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705177825810&rpt=445&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
215 B 184ms
184ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbu2,time:1198,type:e,im:%7Bpci:%7Btdr:1003%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1198,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:157,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1050~0%5D,as:%5B1050~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:748,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:158,sis:225%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:27 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 200 9377854
mc.yandex.com/webvisor/ 43 B
0 240ms
96ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/9377854?wv-part=1&wv-type=7&wmode=0&wv-hit=534540146&page-url=https%3A%2F%2Fwinzoro.net%2F&rn=198706834&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1705177828%3Aw%3A1600x1200%3Av%3A1201%3Az%3A60%3Ai%3A20240113213027%3Au%3A1705177825369060052%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Ast%3A1705177828&t=gdpr(14%2C14%2C14%2C14%2C14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:27 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:27 GMT
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:27 GMT

POST
H2 200 9377854
mc.yandex.com/webvisor/ 43 B
0 53ms
52ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/9377854?wv-part=1&wv-type=7&wmode=0&wv-hit=534540146&page-url=https%3A%2F%2Fwinzoro.net%2F&rn=768887477&browser-info=we%3A1%3Aet%3A1705177828%3Aw%3A1600x1200%3Av%3A1201%3Az%3A60%3Ai%3A20240113213028%3Au%3A1705177825369060052%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Ast%3A1705177828&t=gdpr(14%2C14%2C14%2C14%2C14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:28 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:28 GMT
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:28 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE7 0
28 B 85ms
84ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7623553406677&version=m202309260101&ct=76&x=1&cor=11956204646012264000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
215 B 185ms
185ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbNh,pingTime:1,time:2391,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:157%7D,%7Bpiv:100,vs:i,r:,t:1390%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1390,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:157,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1243~0,0~100%5D,as:%5B1243~728.90%5D%7D%7D,%7Bsl:i,t:1390,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:186,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:158,sis:225%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:28 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EDE7 43 B
215 B 184ms
184ms Image
image/gif 2600:1f13:800:7781:527c:d3a1:ca7a:f29f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=9c13727a-7f5a-61d5-eff1-0480a4622d9a&tv=%7Bc:1dpbNh,pingTime:1,time:2391,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:157%7D,%7Bpiv:100,vs:i,r:,t:1390%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1390,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:157,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1243~0,0~100%5D,as:%5B1243~728.90%5D%7D%7D,%7Bsl:i,t:1390,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:186,fm:u1henQU+11%7C12%7C131%7C132%7C133%7C1411%7C151%7C161%7C171*.1898970-77442773%7C1711%7C17121%7C1713%7C18%7C19,idMap:171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:158,sis:225%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:527c:d3a1:ca7a:f29f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:28 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 200 9377854
mc.yandex.com/webvisor/ 43 B
0 53ms
52ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/9377854?wv-part=2&wv-type=7&wmode=0&wv-hit=534540146&page-url=https%3A%2F%2Fwinzoro.net%2F&rn=5401336&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1705177829%3Aw%3A1600x1200%3Av%3A1201%3Az%3A60%3Ai%3A20240113213029%3Au%3A1705177825369060052%3Avf%3A6mv6as6uhfnj8xo3ikdxwgrf%3Ast%3A1705177829&t=gdpr(14%2C14%2C14%2C14%2C14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 20:30:29 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13-Jan-2024 20:30:29 GMT
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 13-Jan-2024 20:30:29 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1705177825&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705177825598&bpp=2&bdt=1489&idt=2&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6897414945557&frm=20&pv=1&ga_vid=859772252.1705177825&ga_sid=1705177825&ga_hid=158497198&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C95321957%2C95320869&oid=2&pvsid=1379562072330320&tmod=2025287049&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
winzoro.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: ukq4u8hj1tabpo51l9203gupgf
.yandex.ru/	1970-01-21 02:25:13	Name: yashr Value: 629710311705177824
.yadro.ru/	1970-01-21 02:23:49	Name: FTID Value: 1belBW3NQiOj1belBW002Nut
.yadro.ru/	1970-01-21 02:23:49	Name: VID Value: 3aANs50L7VOj1belBW002Nvg
.winzoro.net/	1970-01-21 02:25:13	Name: _ym_uid Value: 1705177825369060052
.winzoro.net/	1970-01-21 02:25:13	Name: _ym_d Value: 1705177825
.yandex.com/	1970-01-21 03:15:37	Name: i Value: Fe0CrseihJEzg8sKwfZE1TSxbB8+C1LU7guX5aTWHsnQ3C9GPSZ7GdWFm4zQ4R3hyC4CgIcjLgFb7m6sU3bmpNEVN8w=
.yandex.com/	1970-01-21 02:25:13	Name: yandexuid Value: 3957810101705177824
.winzoro.net/	1970-01-20 17:40:49	Name: _ym_isad Value: 2
.mc.yandex.com/	1970-01-20 17:39:38	Name: sync_cookie_csrf Value: 250367730fake
.mc.yandex.ru/	1970-01-20 17:39:38	Name: sync_cookie_csrf Value: 4223793492fake
.mc.yandex.com/	1970-01-20 17:41:04	Name: sync_cookie_ok Value: synced
.yandex.ru/	1970-01-21 03:15:37	Name: yandexuid Value: 3957810101705177824
.yandex.ru/	1970-01-21 03:15:37	Name: yuidss Value: 3957810101705177824
.yandex.ru/	1970-01-21 03:15:37	Name: i Value: Fe0CrseihJEzg8sKwfZE1TSxbB8+C1LU7guX5aTWHsnQ3C9GPSZ7GdWFm4zQ4R3hyC4CgIcjLgFb7m6sU3bmpNEVN8w=
.yandex.ru/	1970-01-21 03:15:37	Name: yp Value: 1705264224.yu.2354565531705177824
.yandex.ru/	1970-01-21 02:25:13	Name: ymex Value: 1707769824.oyu.2354565531705177824
.yandex.com/	1970-01-21 02:25:13	Name: yuidss Value: 3957810101705177824
.yandex.com/	1970-01-21 02:25:13	Name: ymex Value: 1736713824.yrts.1705177824
.yandex.com/	1970-01-21 02:25:13	Name: bh Value: KgI/MA==
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1835314681705177824
.winzoro.net/	1970-01-20 17:39:39	Name: _ym_visorc Value: w
.adnxs.com/	1970-01-20 19:49:13	Name: uuid2 Value: 7396707406174055181
.winzoro.net/	1970-01-21 03:01:13	Name: __gads Value: ID=8c5682e52f0945af:T=1705177824:RT=1705177824:S=ALNI_MaB5_E5sPCefi6Drv8c4jYFDTnIRA
.winzoro.net/	1970-01-21 03:01:13	Name: __gpi Value: UID=00000cf5ff053a62:T=1705177824:RT=1705177824:S=ALNI_MYehiQIUZCIW99Ec6xstzLXsZma8g
.casalemedia.com/	1970-01-21 02:25:13	Name: CMID Value: ZaLy4XPGMtHMRa4pxCaewQAA
.casalemedia.com/	1970-01-20 19:49:13	Name: CMPS Value: 3271
.casalemedia.com/	1970-01-20 19:49:13	Name: CMPRO Value: 3271
.doubleclick.net/	1970-01-21 03:01:13	Name: IDE Value: AHWqTUl6m2JzJwdBXOoufxRIehpr0U6LvTO20fA8lCYMdvx2crmV_i-KvmuXIzF1hGM
.bing.com/	1970-01-21 03:01:13	Name: MUID Value: 1E401FFEB62466E905450BFBB7F66758
.adnxs.com/	1970-01-20 19:49:13	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?atcqCQ!]tbPl1M>e)ZlrFUfJ+tGXxpSKyI!k@k)ZJOn-VyRg+SWaXcj]`dW_=m1y`mbpRzqF1`b`=]=MU>
.doubleclick.net/	1970-01-20 21:58:49	Name: APC Value: AfxxVi5KLnsMnCG5Fm7sM-R5LbtAjQG9ekhOYpF-KbZpKstYmRqoLw
.quantserve.com/	1970-01-20 19:49:13	Name: d Value: EEABCQHyKoEA
.quantserve.com/	1970-01-21 03:09:52	Name: mc Value: 65a2f2e2-27f94-4135e-31ff7
.blismedia.com/	1970-01-21 02:25:17	Name: b Value: 65A2F2E2F47E9EED91A85D0CBLIS
.ctnsnet.com/	1970-01-21 02:25:13	Name: gid_CAESEAOgqJ7GXJLjypexl49sGhA Value: 1
.ctnsnet.com/	1970-01-21 02:25:13	Name: cid_ed57ef14fb5c4c07be2bd1d028c5d72e Value: 1
.adform.net/	1970-01-20 18:24:16	Name: C Value: 1
.doubleclick.net/	1970-01-20 17:39:41	Name: DSID Value: NO_DATA
.adform.net/	1970-01-20 19:06:01	Name: uid Value: 883439511063489832
.tribalfusion.com/	1970-01-20 19:49:13	Name: ANON_ID Value: arntuJNZaiMjAmemFnSwbPh7UqP0q3cIcBZdCpmoZdD3G5Gv7T0cto69YCH33L0oLHguhNZd1sKrBsYHTX3dBON3xDwI
.bluekai.com/	1970-01-20 21:58:49	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 21:58:49	Name: bkpa Value: KJyN0AWvQY9xxBcENnjhhMa5uJLrWiD6AY/k7qXyVdfcc0ToRUOAtW0cHYAKIghnvMfz/jVmjGZ80unqtTjJQKBZSpPuY9OG4M0g/kCWc3N+7ndUSZS+xE2QniEk
.bluekai.com/	1970-01-20 21:58:49	Name: bku Value: ts6O9mn0GZDglRQi
.googleadservices.com/	1970-01-20 19:49:13	Name: ar_debug Value: 1
.adnxs.com/	1970-01-21 03:15:37	Name: XANDR_PANID Value: VJvUcU0HK5Wh8CGHZPAHrSUaDJTB2F2S3GIgu4Dc4s-k9k3oJI9f7L30ze9KSNzcMG-SyB_oHTMBmWehskjt1yeCWUWwsUgpSQvVMFotKXk.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
adsdk.microsoft.com
ams3-ib.adnxs.com
c1.adform.net
cdn.adnxs.com
cm.g.doubleclick.net
cms.quantserve.com
counter.yadro.ru
dclk-match.dotomi.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
mc.yandex.com
mc.yandex.ru
onetag-sys.com
pagead2.googlesyndication.com
s.tribalfusion.com
s0.2mdn.net
static.adsafeprotected.com
tags.bluekai.com
tpc.googlesyndication.com
tr.blismedia.com
use.fontawesome.com
winzoro.net
www.bing.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
yandex.ru
yastatic.net
googleads.g.doubleclick.net
142.250.181.226
142.250.184.194
151.101.193.108
172.64.151.101
185.89.211.84
194.67.68.223
2600:1f13:800:7781:527c:d3a1:ca7a:f29f
2600:9000:243d:2000:8:48e:53c0:93a1
2606:4700::6812:18ad
2606:4700:e2::ac40:8d0d
2620:116:800d:21:b314:a0ef:ab7c:d546
2620:1ec:46::45
2a00:1450:4001:802::2001
2a00:1450:4001:803::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:811::2004
2a00:1450:4001:827::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a02:26f0:3500:1b::1724:a38c
2a02:6b8:20::215
2a02:6b8::1:119
2a02:6b8:a::a
2a02:fa8:8806:13::1370
34.251.209.93
34.96.105.8
35.186.193.173
37.157.6.233
37.252.172.123
51.89.9.252
69.192.160.219
88.212.201.204
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02d22e0e65f356e82a50816c858ab485adf56eb324b6c5b44c4dcd08c442a284
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
03ab6a2705d68b74be89276301d8af152e0860463294152ed1fe89353c44c724
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ecd9f5bb492be71e3aacc8ca4f170c8f9890242a25e2c6ec9a42f13561b028f
138313ba91a77c618c029500c84ae2867deb4eb88560b177941c913fa5e9917b
144eaca90f0eb38009892ae28e4de4ce2cc0296c513dc627534c17ed6345bce4
15ccee2d40ee38a8ae37ac2127e8848538e32bb4f3818ddd0a7dfca8c8c27f4f
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1f753192dcf35c9feebe309f936821c36a397a993388b992158458c505fe386a
1fefe0d5f8b0a89d09eb9342c11f6725880d11e64227a14fcf5edc94e01e8950
20ac558ae4e736f5a22d58c1bcdab41693e106fb485d0c582be711621ef6456d
2599f936c72270127820233448053eefd3d8d98d988d409edbb63284d1dad9a6
2c4340f1a944564d501c74e39a4098d11df9a01380ab232d522c14c5d9e3859d
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
300f5b02f9f5a3977cefc61c55e73223b22aac671597c11012f4c8112a2af5f5
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
34f5640f8d12e4c7093f5ff4b9e97c58e7b60e933bcfdc55d9599c25e45de06d
3656e2aaff68f611690aec056ed305278bc82a76fe2e9ebe47c4f122f24e845d
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
390c15beb4150f68770dc1eaa5a6e0e9c3f7272ea2baf16fdf7c6dbf2dcacad7
39fe29cf7b41b3c265736d9c0a69cc6986ca78ccc31fdec26b8e25fba2cf2d99
3a686fc509438cdb44476e044782dc4c139eb2b132fb082782dea0db26aa872a
3fed9e40fb165dcb840e9b2965ce16e1842a6e83aaddaf06214605437a414314
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
449450db9f2f6579fc906e43a4893af830d65a61ac9128bb7177a7d5739630ea
4a313efd109e3c0c719d82b04946c123576620456e19af9b31de3aab54b049e9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be0f63f270ac9e5fa60b6e0560cfff6ed5a1ea06a39ffe6c0f28d098baa569f
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
519e50788224b3422c6e6b1cce48d5decb83eece248558b54e48f88491e48aa4
53ceacc2aac8cea5abbb9ded4b8b408ffecf8d663688a4040f9a995005511d58
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56b08a7f6b74be28d557c136f2a2f094150a00721eb2329bc176613de14fb5ce
595cd9a2de22651074274868eb8c71804fee5e4891463be8e8a6a33de3a0d2e5
5c40eb775f01e9d162c4500814fa7c222aad26e0f7fd011a1df553e9787dd8d8
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
5fb295f8f149365c2b4281045e2d5bbc23fcc871600772238f9486109453465f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6242af9a4ab5625d56a9e4792b1f3413b42d2b0d56625da3da9e9ea0197e1863
64c71c617264d56f971998d75c816080bb63ec6fbd3018dc1a5f27122be12368
65c67dee4a50229434e645ad20f4dbed161d96cb7392d0d8d7dff4fc9f180367
6b9d2722f54eab704e54d8f412c8958a14729d81c74422a483e2d5daea80deca
70857504e246762877461c8aa20de02df0d734bb0ad14dde07cb0e02cff8fb91
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
759ce2a2ce00d61d23c78b075f72880dba5cec69876073fc1313ccfe536c7101
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74
87a5ced2a3f05591404b0fd2b735e8fe56edf86a437f27b49d3d6ebc0a181c8a
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
898d625499f9e2647de18cd437069809649e31d4df478114b25dbd143bcb9488
8adb9b85292100b02bcaf8e97b9080e3236a6aad2bb8dc0354bf39e2237ae8aa
9002602039ce301a8fee38a1208f12d75325750c4128d8280c542c44cd904dc5
918c8cb2ac249970d3010f76893a171cf37933e1344100f96391a12ca2a6f22f
92a198bd1a2c8dec4aebbef1fe41a1219a0dd5061bf57ec3ca53773bc3169c6a
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
985eeb8e53e1574439f8dcb6fcbabd1bd494c2466321a819445c53cf92cca34c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b67e1e53d9fe07a1569190b3c25ae4ab4d57a49b2515d30c20d32a6689683bf
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9ee749cd4c320fd306a4869f045b68c53a2fc40fcadc308512a1d30089ae2269
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
9ffef098b884c7af804c3cdc2ef744a2d3837a7fa303d317a2002cc7629463ab
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a22cdee9f3fbfce1ca0b1326df3b5656a89519dbdf27616829de5c63f112145e
a27805bdd4f2ee713d40dc92b094d5f9ae275f2ad5f36c9892ff3447638a2cff
a2c3bd119d4adab00de8b247990edb41be9a868a9e7bd60750a5afc12a4ea0fd
aa9264be58c8ef61d1bd2e36c7ee38974a8c79e198a8859eaee5eca85c996e10
aaab7ee30db4411af9ed4c4125f6e26036262c5c8809b1f121b4ae3092b16ed1
ae57576f0a8f95a874f7f6ff3ff57afb08c7be35dbb0d54309d77723c2ad25b0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a19e48b1d64482b90942e9d5f95002bd146b1ea5e08742e4b582a3b1770df9
b306ba1af362db6ca00b654c6ddf9c3c84a448bacaf741277e525c782db9f336
b79e2f319a4307b8efa970936f6bf86a8236c2de2cb980c5950ed65b48a28c18
bb51b9caddb8a0e55d70c819b8a8903fbf2f94b7ad453653ec6aa0e823524276
bb9862636f090c8c16734d3cbd2980e6a4a9ad253d8c3f0c189cf003e65edb6c
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c1e84e77886cb0b49a993754cd2e047fb2c7193666b0eae4a0438446d52944bf
c96b538e5d0c06df68fee2c32f2479692e63c58b9d3299f71942e558267ccc90
c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1
cddc656948ccc3c6b14b73ab94b4b9e268f6dd59c18836522402eb4866d07b61
d0de0a1e343c53355f109cdfefb4e4cab0609f38cf0c387c7914ec1a22ae2fd4
d18f91781d6892fc24796d9253c6b82869799d2995b7ebdf90b835877df718ea
d2bcea3cd95d241d79f71ce3066c3670e8af27fdde3b26e5e21dd5c01a3bacad
d2e8fd678a0040f1ebb05484cc55e33bb0f537ab5dd0c0a25e0e375da2e838b2
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d9246fcaa46029492ead200a7148b4918c095121de40d714b030a184939f2108
df301479921863d00f49551cae9e1cf786a17544c23839747864617049f9b51f
df37b48ff9d8a94ef188d94edf5f6a7d88c65fe4c98cc8eeadf91d64a375bc89
e201707d5b0e61c0c9da71d3b25c204a141c4d103a1deb92f89380871e58c67a
e3039b83f93f42d39138d253991aaa0ed99c7d63ac80aa4ab9b00f25b43b9ec0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e7cd255233d8e6b4a7d033d4b41b443ea3bd86c8e070085d23b5bcaee462005e
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3901fe1a0442e50f28c14d6eae3dec8c35e6271d6b8bff15df81b6d5f7495f1
f48c347e022b097c3b3b58b10839018a1968a5d05dfd4236235ad9730a8b112d
f4d52b2f18ee8dd9761051674cb84dd5202b61ba4e8d7056b41a205791c7a61c
f55a11baf33fb17425e40acd9266d2277424db4e0ae3bf3c703418de8b13101d
f5d4f9d8676a8d1d9775699e1e0f2150b838006107a962c9527fdb1feed66861
f68687158d2c493d42ae6dee2f15fc2c761da3abf8d92c4474e1dbc527b6930d
f82f46e38db02a449bea635ab766c498642bb5040573fb3d7743f5241fe976b4
f99a2c60ac365f5cebd3b520372c07dac909708e0fb5f8848a0a967c7fc0b98e
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
ff76f7951ae4fc055896e75a07b9148e6fb51513b64f903937e23cccf06ae816

winzoro.net Open in urlscan Pro 194.67.68.223 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

190 Requests

91 %HTTPS

58 %IPv6

27 Domains

37 Subdomains

31 IPs

7 Countries

4069 kBTransfer

8256 kBSize

46 Cookies

6 Outgoing links

Page URL History

Redirected requests

190 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

winzoro.net Open in urlscan Pro
194.67.68.223 Public Scan

Screenshot
Live screenshot

Full Image

190
Requests

91 %
HTTPS

58 %
IPv6

27
Domains

37
Subdomains

31
IPs

7
Countries

4069 kB
Transfer

8256 kB
Size

46
Cookies

190 HTTP transactions
3 data transactions