www.nawa3em.com Open in urlscan Pro
2606:4700:20::681a:aa2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nawa3em.com/
Effective URL:
https://www.nawa3em.com/
Submission Tags: tranco_l324
Submission: On November 21 via api (November 21st 2021, 10:59:07 am UTC) from DE — Scanned from DE

Summary HTTP 251 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 66 IPs in 8 countries across 55 domains to perform 251 HTTP transactions. The main IP is 2606:4700:20::681a:aa2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.nawa3em.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 17th 2021. Valid for: a year.

This is the only time www.nawa3em.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 60	2606:4700:20:... 2606:4700:20::681a:aa2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	2.21.143.57 2.21.143.57	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.97.52 18.66.97.52	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:225... 2600:9000:225e:d400:1e:aead:3c80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.7 18.66.122.7	16509 (AMAZON-02) (AMAZON-02)
4	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
3	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	159.135.137.162 159.135.137.162	39921 (DE-RACKSP...) (DE-RACKSPACE Frankfurt)
1	172.67.142.218 172.67.142.218	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 7	3.250.255.173 3.250.255.173	16509 (AMAZON-02) (AMAZON-02)
1	18.169.85.185 18.169.85.185	16509 (AMAZON-02) (AMAZON-02)
5	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	18.196.167.61 18.196.167.61	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2251:1000:1f:612c:5a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.202.90.208 52.202.90.208	14618 (AMAZON-AES) (AMAZON-AES)
6 20	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	52.56.247.114 52.56.247.114	16509 (AMAZON-02) (AMAZON-02)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3032::ac43:d706	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.149.54 104.19.149.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.111.244.187 104.111.244.187	16625 (AKAMAI-AS) (AKAMAI-AS)
3	34.227.252.121 34.227.252.121	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:303... 2606:4700:3034::6815:648	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
2 4	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
11	34.107.254.252 34.107.254.252	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
3	142.250.186.129 142.250.186.129	15169 (GOOGLE) (GOOGLE)
2	35.186.238.175 35.186.238.175	15169 (GOOGLE) (GOOGLE)
2 4	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
5	142.250.185.97 142.250.185.97	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
4	18.66.97.105 18.66.97.105	16509 (AMAZON-02) (AMAZON-02)
1	18.157.172.39 18.157.172.39	16509 (AMAZON-02) (AMAZON-02)
2 10	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
1 1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
1	213.227.153.220 213.227.153.220	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 2	13.32.121.37 13.32.121.37	16509 (AMAZON-02) (AMAZON-02)
1	151.101.14.132 151.101.14.132	54113 (FASTLY) (FASTLY)
3 5	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:119:50e7... 2620:119:50e7:101::9002:e05	14413 (LINKEDIN) (LINKEDIN)
2 2	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	18.194.231.4 18.194.231.4	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1 1	64.202.112.63 64.202.112.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 2	52.50.243.239 52.50.243.239	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1	52.2.183.88 52.2.183.88	14618 (AMAZON-AES) (AMAZON-AES)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	18.158.154.136 18.158.154.136	16509 (AMAZON-02) (AMAZON-02)
1 1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:215... 2600:9000:2156:0:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	54.156.215.112 54.156.215.112	14618 (AMAZON-AES) (AMAZON-AES)
251	66

60 2606:4700:20::681a:aa2 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

nawa3em.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nawa3em.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.21.143.57 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-143-57.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.52 (United States)

ASN16509 (AMAZON-02, US)

t.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:d400:1e:aead:3c80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.jubna.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.jubnaadserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.7 (United States)

ASN16509 (AMAZON-02, US)

js.datadome.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.135.137.162 (Germany)

ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB)

list.mailigen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.142.218 (United States)

ASN13335 (CLOUDFLARENET, US)

clicks.zwaar.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.250.255.173 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-250-255-173.eu-west-1.compute.amazonaws.com

collector.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.85.185 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-85-185.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.167.61 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-167-61.eu-central-1.compute.amazonaws.com

api-js.datadome.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2251:1000:1f:612c:5a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

detect-survey.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.202.90.208 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-90-208.compute-1.amazonaws.com

survey.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.56.247.114 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-56-247-114.eu-west-2.compute.amazonaws.com

app.jubnaadserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::ac43:d706 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.foxpush.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.149.54 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.244.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-244-187.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.227.252.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-252-121.compute-1.amazonaws.com

l.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::6815:648 (United States)

ASN13335 (CLOUDFLARENET, US)

json.foxpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.foxpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.50 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.107.254.252 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f1.1e100.net

0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.238.175 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 175.238.186.35.bc.googleusercontent.com

mena-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ae-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.97.105 (United States)

ASN16509 (AMAZON-02, US)

ib.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.157.172.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-172-39.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.132 (United States)

ASN54113 (FASTLY, US)

widgets.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.142 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (United Kingdom) 4 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.153.220 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: v182.ce13.ams-01.nl.leaseweb.net

b1t-eudc1.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.37 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-37.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

zem.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.21.141.232 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e7:101::9002:e05 (San Francisco, United States)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:c305::8000 (Dublin, Ireland) 2 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.231.4 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-231-4.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.63 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.243.239 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.2.183.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-183-88.compute-1.amazonaws.com

sync.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.154.136 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-154-136.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:0:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.156.215.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-215-112.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	nawa3em.com 2 redirects nawa3em.com www.nawa3em.com	2 MB
35	doubleclick.net 6 redirects securepubads.g.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	354 KB
25	googlesyndication.com 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	120 KB
15	adsafeprotected.com 1 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	97 KB
15	3lift.com 2 redirects ib.3lift.com tlx.3lift.com eb2.3lift.com	91 KB
13	permutive.com cdn.permutive.com api.permutive.com	429 KB
11	effectivemeasure.net 1 redirects t.effectivemeasure.net collector.effectivemeasure.net detect-survey.effectivemeasure.net survey.effectivemeasure.net	11 KB
9	evidon.com c.evidon.com l.evidon.com	35 KB
7	google.com www.google.com adservice.google.com	2 KB
6	google.de www.google.de adservice.google.de	2 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
5	facebook.com www.facebook.com	650 B
5	googletagmanager.com www.googletagmanager.com	203 KB
4	adsrvr.org 2 redirects match.adsrvr.org	2 KB
4	adnxs.com 2 redirects ib.adnxs.com	4 KB
4	aspnetcdn.com ajax.aspnetcdn.com	44 KB
3	advertising.com 2 redirects sync.adaptv.advertising.com pixel.advertising.com	955 B
3	yahoo.com 3 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	2 KB
3	zemanta.com 1 redirects widgets.zemanta.com b1t-eudc1.zemanta.com b1sync.zemanta.com	3 KB
3	addtoany.com static.addtoany.com	60 KB
3	moatads.com z.moatads.com mb.moatads.com	87 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	704 B
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	737 B
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	googletagservices.com www.googletagservices.com	73 KB
2	mookie1.com mena-gmtdmp.mookie1.com ae-gmtdmp.mookie1.com	430 B
2	foxpush.com json.foxpush.com www.foxpush.com	2 KB
2	foxpush.net cdn.foxpush.net	17 KB
2	jubnaadserve.com cdn.jubnaadserve.com app.jubnaadserve.com	29 KB
2	mailigen.com list.mailigen.com	14 KB
2	datadome.co js.datadome.co api-js.datadome.co	41 KB
2	facebook.net connect.facebook.net	114 KB
2	google-analytics.com www.google-analytics.com	20 KB
1	sitescout.com pixel-sync.sitescout.com	191 B
1	2mdn.net s0.2mdn.net
1	turn.com 1 redirects ad.turn.com	412 B
1	bing.com c.bing.com	592 B
1	bidswitch.net x.bidswitch.net	220 B
1	linkedin.com px.ads.linkedin.com	596 B
1	outbrainimg.com zem.outbrainimg.com	37 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	travelaudience.com 1 redirects ads.travelaudience.com	521 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	513 B
1	prmutv.co f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co	455 B
1	googleadservices.com www.googleadservices.com	14 KB
1	t.co t.co	470 B
1	twitter.com analytics.twitter.com	673 B
1	ads-twitter.com static.ads-twitter.com	6 KB
1	zwaar.org clicks.zwaar.org	840 B
1	googleapis.com ajax.googleapis.com	30 KB
1	jubna.com cdn.jubna.com	2 KB
0	netmng.com Failed google2waycm.netmng.com Failed
251	55

	Domain	Requested by
58	www.nawa3em.com	www.nawa3em.com
19	cm.g.doubleclick.net	6 redirects 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com googleads.g.doubleclick.net eb2.3lift.com
12	pagead2.googlesyndication.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com securepubads.g.doubleclick.net www.nawa3em.com
11	api.permutive.com	cdn.permutive.com www.nawa3em.com
10	dt.adsafeprotected.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
10	eb2.3lift.com	2 redirects 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com ib.3lift.com eb2.3lift.com
9	tpc.googlesyndication.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
9	securepubads.g.doubleclick.net	www.nawa3em.com securepubads.g.doubleclick.net www.foxpush.com
7	collector.effectivemeasure.net	1 redirects www.nawa3em.com t.effectivemeasure.net
6	c.evidon.com	www.nawa3em.com c.evidon.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	googleads.g.doubleclick.net	www.googleadservices.com 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com www.nawa3em.com
5	www.google.com	www.nawa3em.com tpc.googlesyndication.com
5	www.facebook.com	www.nawa3em.com
5	www.googletagmanager.com	www.nawa3em.com www.googletagmanager.com
4	ib.3lift.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com ib.3lift.com
4	match.adsrvr.org	2 redirects 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com eb2.3lift.com
4	ib.adnxs.com	2 redirects cdn.permutive.com googleads.g.doubleclick.net
4	www.google.de	www.nawa3em.com
4	ajax.aspnetcdn.com	www.nawa3em.com
3	static.adsafeprotected.com	fw.adsafeprotected.com 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
3	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	l.evidon.com	www.nawa3em.com
3	static.addtoany.com	www.nawa3em.com static.addtoany.com
2	pixel.advertising.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	fw.adsafeprotected.com	1 redirects googleads.g.doubleclick.net
2	s.amazon-adsystem.com	1 redirects eb2.3lift.com
2	pr-bh.ybp.yahoo.com	2 redirects
2	sb.scorecardresearch.com	1 redirects 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
2	sync.targeting.unrulymedia.com	2 redirects
2	sync.1rx.io	2 redirects
2	c1.adform.net	2 redirects
2	www.googletagservices.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	cdn.permutive.com	www.nawa3em.com cdn.permutive.com
2	cdn.foxpush.net	www.nawa3em.com cdn.foxpush.net
2	survey.effectivemeasure.net	t.effectivemeasure.net
2	list.mailigen.com	www.nawa3em.com
2	connect.facebook.net	www.nawa3em.com connect.facebook.net
2	www.google-analytics.com	www.nawa3em.com www.google-analytics.com
2	z.moatads.com	www.nawa3em.com z.moatads.com
2	nawa3em.com	2 redirects
1	ups.analytics.yahoo.com	1 redirects
1	sync.adaptv.advertising.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
1	pixel-sync.sitescout.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
1	s0.2mdn.net	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
1	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
1	ad.turn.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	c.bing.com	eb2.3lift.com
1	x.bidswitch.net	eb2.3lift.com
1	px.ads.linkedin.com	eb2.3lift.com
1	zem.outbrainimg.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
1	b1t-eudc1.zemanta.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	widgets.zemanta.com	ib.3lift.com
1	tlx.3lift.com	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
1	ae-gmtdmp.mookie1.com	www.nawa3em.com
1	db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	mena-gmtdmp.mookie1.com	www.foxpush.com
1	f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co	cdn.permutive.com
1	www.foxpush.com	cdn.foxpush.net
1	json.foxpush.com	cdn.foxpush.net
1	www.googleadservices.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	t.co	www.nawa3em.com
1	analytics.twitter.com	static.ads-twitter.com
1	static.ads-twitter.com	www.nawa3em.com
1	app.jubnaadserve.com	cdn.jubna.com
1	detect-survey.effectivemeasure.net	t.effectivemeasure.net
1	api-js.datadome.co	js.datadome.co
1	cdn.jubnaadserve.com	cdn.jubna.com
1	mb.moatads.com	z.moatads.com
1	clicks.zwaar.org	www.nawa3em.com
1	ajax.googleapis.com	www.nawa3em.com
1	js.datadome.co	www.nawa3em.com
1	cdn.jubna.com	www.nawa3em.com
1	t.effectivemeasure.net	www.nawa3em.com
0	google2waycm.netmng.com Failed	0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
251	83

This site contains links to these domains. Also see Links.

Domain
www.justfood.tv
www.facebook.com
www.instagram.com
twitter.com
www.oln.net
plus.google.com
www.pinterest.com
www.youtube.com
www.dailymotion.com
www.gheir.com
www.addtoany.com
www.mailigen.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-17` - `2022-06-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.effectivemeasure.net Amazon	`2021-02-02` - `2022-03-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-30` - `2021-11-28`	3 months	crt.sh
*.jubna.com Amazon	`2021-09-28` - `2022-10-27`	a year	crt.sh
*.datadome.co Gandi Standard SSL CA 2	`2021-10-12` - `2022-10-21`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
list.bp.mlgn2usa.com R3	`2021-10-18` - `2022-01-16`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
jubnaadserve.com Amazon	`2021-04-29` - `2022-05-28`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
foxpush.net Cloudflare Inc ECC CA-3	`2021-06-06` - `2022-06-05`	a year	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2021-03-02` - `2022-03-01`	a year	crt.sh
*.evidon.com DigiCert SHA2 Secure Server CA	`2021-05-30` - `2022-06-08`	a year	crt.sh
foxpush.com Cloudflare Inc ECC CA-3	`2021-06-06` - `2022-06-05`	a year	crt.sh
*.prmutv.co R3	`2021-10-25` - `2022-01-23`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
api.permutive.com R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.zemanta.com R3	`2021-09-25` - `2021-12-24`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.outbrainimg.com R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-09-16` - `2022-03-16`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://www.nawa3em.com/
Frame ID: 6AD7D582853E24534B551201754D2F0A
Requests: 162 HTTP requests in this frame

Frame: https://z.moatads.com/hd09824092/iframe.html
Frame ID: 54EB1A66114DCEDEF6B7DC8B7EB77D13
Requests: 1 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: D8E09B5BF5EDDB8266487AD76CCF46C5
Requests: 1 HTTP requests in this frame

Frame: https://www.foxpush.com/source/index.html?fox_domain=nawa3emcom.foxpush.net&hurl=https%3A%2F%2Fwww.nawa3em.com%2F
Frame ID: F718CBC8036C93166472F4F8468311F5
Requests: 10 HTTP requests in this frame

Frame: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EF3080964B383AC1CE862C225D117803
Requests: 1 HTTP requests in this frame

Frame: https://db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3ECF9779C8F4DF52686A1E8F7AC85641
Requests: 1 HTTP requests in this frame

Frame: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EFBE2D07EAE86A12B537AC18AAE28D0D
Requests: 25 HTTP requests in this frame

Frame: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B8294CD9031C6EB5F1ED8A9CA6DFC266
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQla2PAhiTq9G6ATAB&v=APEucNUe4-7Y5tK224inMkJgSOcVMADBiXWraT22wfdRBzmSKzWf72rUi2lIfJ6nESfJCov6p2FgK-gvw9vzTeRYFFKZ5GMTLNb5VeF1McYOpLKeAPNOdKVad6BbBgkreh4ch9W0GtEe365kEnHx8lRclfWGr5BorxqCAKV-QTnUD1myMkQRmU8
Frame ID: 562264FBFF750CE2E0903BF8D3025DC3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 63447A08762C95B896655B61DA34B440
Requests: 9 HTTP requests in this frame

Frame: data://truncated
Frame ID: 1BB47C4A132313B5BCC2ED7914596540
Requests: 1 HTTP requests in this frame

Frame: https://widgets.zemanta.com/1629452000/widget-300x600.js
Frame ID: CA8B9655882DD9C72A121193A733C743
Requests: 4 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Frame ID: 616E2CF6696E3FCCDE50C139D91C1A4A
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 35668DF4E8C4BA2EC1547AE9D095E2EF
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 21F15C9514F37D4A26FF6F3CDD27FE32
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 74297F80BA992BE5188428C5A4FD6659
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: D9EEA9BD22C81E2C27E7C637B4CD42FF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 39B1DB81F27EB5E015090BC3C1EBB6F3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

موقع ومجلة نواعم للمرأة العربية | نواعم

Page URL History Show full URLs

http://nawa3em.com/ HTTP 301
https://nawa3em.com/ HTTP 301
https://www.nawa3em.com/ Page URL

Page Statistics

251
Requests

89 %
HTTPS

32 %
IPv6

55
Domains

83
Subdomains

66
IPs

8
Countries

3826 kB
Transfer

10529 kB
Size

65
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.justfood.tv/
Title: مطبخ نواعم

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Nawa3emCom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/nawa3emcom/

Search URL Search Domain Scan URL

URL: https://twitter.com/nawa3emcom

Search URL Search Domain Scan URL

URL: http://www.oln.net/
Title: oln.net

Search URL Search Domain Scan URL

URL: https://plus.google.com/108659929025354604015

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/zoyasakr/nawa3em-com-fashion/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC-XWeo7cHGJ_S_4mM3BJvxQ?sub_confirmation=1

Search URL Search Domain Scan URL

URL: http://www.dailymotion.com/nawa3em

Search URL Search Domain Scan URL

URL: https://www.gheir.com/
Title: Gheir.com

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

URL: https://www.mailigen.com/
Title: Email Marketing

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nawa3em.com/ HTTP 301
https://nawa3em.com/ HTTP 301
https://www.nawa3em.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://collector.effectivemeasure.net/beacon/get?cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1637492330753_1 HTTP 302
https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1637492330753_1

Request Chain 102

https://cm.g.doubleclick.net/pixel?client=ddp-dms&google_nid=emi_ddp&google_cm HTTP 302
https://cm.g.doubleclick.net/pixel?client=ddp-dms&google_nid=emi_ddp&google_cm=&google_tc= HTTP 302
https://collector.effectivemeasure.net/sync_webhook/ddp/google_gid?client=ddp-dms&google_gid=CAESEOW15bRRXScyWzxNw57k_Zs&google_cver=1

Request Chain 159

https://match.adsrvr.org/track/cmf/generic?ttd_pid=dbegppc&ttd_tpi=1&ttd_puid=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=dbegppc&ttd_tpi=1&ttd_puid=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087 HTTP 302
https://api.permutive.com/v2.0/px/sync?ku=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087&alias=92f72bed-4457-4294-b747-02ea75e5965d&type=tradedesk

Request Chain 192

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESELtAipaHFyVV3tHxQdGOEgA&google_cver=1&google_push=AYg5qPJmWvhd4Cyw3mDz16TCnyn_ukw6kKBPC2R1TRfriH3XNNDxnkgOBy9wxvscWG8mDD2axvTJlLNhxyrYoWdqrlfKek4hQYGw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJmWvhd4Cyw3mDz16TCnyn_ukw6kKBPC2R1TRfriH3XNNDxnkgOBy9wxvscWG8mDD2axvTJlLNhxyrYoWdqrlfKek4hQYGw&google_hm=2dxAM7INQN6sODPLR74KdKk

Request Chain 193

https://ads.travelaudience.com/google_pixel?google_gid=CAESENjSJGrdndS0rXnoqFjzEDE&google_cver=1&google_push=AYg5qPJHOod62zHd0dwBmFLGRIF99vbX5-3938yLaALv7mX8kIwSkApopMnrGNcptJxXiRi3j9NVhZHYLTh_rOtIJPKa756RFQyb HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=s--pAp-wQ_iAg04HH6NfTg2&google_push=AYg5qPJHOod62zHd0dwBmFLGRIF99vbX5-3938yLaALv7mX8kIwSkApopMnrGNcptJxXiRi3j9NVhZHYLTh_rOtIJPKa756RFQyb

Request Chain 194

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPyXl48KpLUABHhEt1o9184&google_cver=1&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKPwxYljLN90GtXk-p4l_j54 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPyXl48KpLUABHhEt1o9184&google_cver=1&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKPwxYljLN90GtXk-p4l_j54 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg5NzcyMDU5ODY1OTM5ODY3MA&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKPwxYljLN90GtXk-p4l_j54

Request Chain 195

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBefahZIG7W5ubzcjydC5M&google_cver=1&google_push=AYg5qPIJVFNfvAiXf-kige9xropi3U18mxyAm0DSO7T6vUC5qvv9oWUah9nEDaMLgW0MkwcLlGPIIkqAafcU5dzx63g_w1UmTBG4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1c5NE5TNUItSy0yMjMw&google_push=AYg5qPIJVFNfvAiXf-kige9xropi3U18mxyAm0DSO7T6vUC5qvv9oWUah9nEDaMLgW0MkwcLlGPIIkqAafcU5dzx63g_w1UmTBG4

Request Chain 196

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEMeF0waRdNVtq4oE9aoawyU&google_cver=1&google_push=AYg5qPKB9qaOUBr64KUy5ASlRjj-JSpZR8yb67r-yH6PA8YMYQ2LZcZ3oZddGrbNwQzP_HRtNoFQjNnFUl13MKvMXafX2U1K5UFs HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-08baef0b-ff37-4d84-8125-05fc1b4d80ca-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKB9qaOUBr64KUy5ASlRjj-JSpZR8yb67r-yH6PA8YMYQ2LZcZ3oZddGrbNwQzP_HRtNoFQjNnFUl13MKvMXafX2U1K5UFs%26google_hm%3DAwi67wv_N02EgSUF_BtNgMo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKB9qaOUBr64KUy5ASlRjj-JSpZR8yb67r-yH6PA8YMYQ2LZcZ3oZddGrbNwQzP_HRtNoFQjNnFUl13MKvMXafX2U1K5UFs&google_hm=Awi67wv_N02EgSUF_BtNgMo

Request Chain 199

https://sb.scorecardresearch.com/p?c1=7&c2=14320224&c3=123456&cv=2.0&cj=1&cs_ucfr=0 HTTP 302
https://sb.scorecardresearch.com/p2?c1=7&c2=14320224&c3=123456&cv=2.0&cj=1&cs_ucfr=0

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1&C=1

Request Chain 202

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZomdPGotdHf-fcpLZ44xQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1

Request Chain 203

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEL3goc7pVg5zhHj5WBB7YSU&google_cver=1

Request Chain 204

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMzNjk3MjY5NTI2ODcyNDg4Nw%3D%3D

Request Chain 207

https://eb2.3lift.com/sync?max=10&cb=68523 HTTP 302
https://eb2.3lift.com/sync?max=10&cb=68523&ld=1

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDhWv2oW5KXVnWHYMHEL-ZE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1

Request Chain 210

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTczNTY0MDc5NDUzNDE2Njc5MzU%3D

Request Chain 212

https://pr-bh.ybp.yahoo.com/sync/triplelift/17356407945341667935?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-9QpXgDxE2oSbZaCcKZfT6t1eJwhUfo_qZXw2r5IM1w--~A&dongle=0883

Request Chain 215

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=17356407945341667935 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=17356407945341667935&dcc=t

Request Chain 216

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 217

https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=4771&xuid=3985943309443916811&dongle=d407

Request Chain 229

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJmk-fCOVSBF5qKhf4AG1kU&google_cver=1&google_push=AYg5qPKoAxxvD0XhK6MJSasOQnFMleEQ4kRNjZU9-wI1O7rjRIxQrU7zve1lWlE4I_JYHLc7OSb7nw3Wo9y3SXBXxNUPyDUfqaZFSQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKoAxxvD0XhK6MJSasOQnFMleEQ4kRNjZU9-wI1O7rjRIxQrU7zve1lWlE4I_JYHLc7OSb7nw3Wo9y3SXBXxNUPyDUfqaZFSQ&google_hm=NjQwNDEzODI1NzA5OTk0NDMwOQ%3D%3D

Request Chain 230

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENAtuI4TfbQzQCT4lNlMfg4&google_cver=1&google_push=AYg5qPIil3VUP9Wi_U-WaYH3hhH4mECefg1xybNN5uBQ-2XHLdCBKwfyYM-P2QTZ6-d9Lmj80aKUYHlgjZBeNJ6TtpY1p4PVn207zg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENAtuI4TfbQzQCT4lNlMfg4&google_cver=1&google_push=AYg5qPIil3VUP9Wi_U-WaYH3hhH4mECefg1xybNN5uBQ-2XHLdCBKwfyYM-P2QTZ6-d9Lmj80aKUYHlgjZBeNJ6TtpY1p4PVn207zg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fib3qPAFSJehMozQ0C2J0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIil3VUP9Wi_U-WaYH3hhH4mECefg1xybNN5uBQ-2XHLdCBKwfyYM-P2QTZ6-d9Lmj80aKUYHlgjZBeNJ6TtpY1p4PVn207zg

Request Chain 231

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEMeF0waRdNVtq4oE9aoawyU&google_cver=1&google_push=AYg5qPJ_6e2vpRxOhC4z6AGHibmaJSYDO4h-LCt3YbwDPQHk0b62slW9x6eSe2K7W8wY5tIwnPTLpWzXMn3jZLonCJNfcyzBxzEsrw HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-08baef0b-ff37-4d84-8125-05fc1b4d80ca-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ_6e2vpRxOhC4z6AGHibmaJSYDO4h-LCt3YbwDPQHk0b62slW9x6eSe2K7W8wY5tIwnPTLpWzXMn3jZLonCJNfcyzBxzEsrw%26google_hm%3DAwi67wv_N02EgSUF_BtNgMo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ_6e2vpRxOhC4z6AGHibmaJSYDO4h-LCt3YbwDPQHk0b62slW9x6eSe2K7W8wY5tIwnPTLpWzXMn3jZLonCJNfcyzBxzEsrw&google_hm=Awi67wv_N02EgSUF_BtNgMo

Request Chain 232

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESED0SN-0Dk6t04xUFqICjLMc&google_cver=1&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RMfT1edxRzyz87DKr-2PKk4dlqENjA7xIxZTAQ HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESED0SN-0Dk6t04xUFqICjLMc&google_cver=1&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RMfT1edxRzyz87DKr-2PKk4dlqENjA7xIxZTAQ&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESED0SN-0Dk6t04xUFqICjLMc&google_cver=1&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RMfT1edxRzyz87DKr-2PKk4dlqENjA7xIxZTAQ&apid=UP087154bd-4aba-11ec-a99a-06618aa3b3b6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAwODcxNTRiZC00YWJhLTExZWMtYTk5YS0wNjYxOGFhM2IzYjY%3D&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RMfT1edxRzyz87DKr-2PKk4dlqENjA7xIxZTAQ

Request Chain 235

https://fw.adsafeprotected.com/rfw/st/873249/58417267/skeleton.js?adsafe_url=https%3A%2F%2Fwww.nawa3em.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:d5c27e64-9956-7c1d-88ab-15c7b890f922,c:uBacxM,sl:outOfView,em:true,fr:false,thd:1,mn:app28ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:80,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.qs.bi,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:98,oid:086f58e4-4aba-11ec-a4af-0667767c2fb7,v:19.8.267,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

251 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.nawa3em.com/
Redirect Chain

http://nawa3em.com/
https://nawa3em.com/
https://www.nawa3em.com/

292 KB
95 KB

224ms
216ms

Document
text/html

2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6c9dd3a748782828441d959235f547c556ba84b5abf1da7f158f8221162a3f8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
x-datadome: protected
x-aspnet-version: 4.0.30319
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tn2NItBh7%2FpovPZ%2BGWwFZXLTM8yom2REoOt9pZd%2F7Zq4wMlUdeBSkFzr6ObUSVu1uEe%2F0Ytr2RSHUKXoY7qba0NZzum0vwg085Gzq2g1i5PsZqNnqDa2QbmVwcpDVoTkw393Qh%2FiQaWeviggXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b1967b97d3a4eb6-FRA
content-encoding: br

Redirect headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cache-control: max-age=3600
expires: Sun, 21 Nov 2021 11:58:50 GMT
location: https://www.nawa3em.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=comCbxHzpWLLr5LAAwLD5kUVvl5Zna6pYwm3pUZIk7tswuDYE3RLRE4c7ynhgG7NDFMzc3CH%2BWBg7pqjqO3puxeF6RKyblsbVxPeXSR79TzCuEDvtUOmHy5VcsSIvM2MOVD7uC0vUMrV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6b1967b94cd94eb6-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 137ms
48ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

e0d71e9e83d526a320cdee881361d1abcf386a92a21c116a31976690453bc75c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1050 / 271 of 1000 / last-modified: 1637363240"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26883
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 21 Nov 2021 10:58:50 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 1526ms
326ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1000671215

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a36798a5ed130a0c7c380074c244d1043173ff3ffe192b7e092d798accafbfe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39526
x-xss-protection: 0
last-modified: Sun, 21 Nov 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Nov 2021 10:58:51 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/choueirigroupheaderdfp445340272806/ 246 KB
85 KB 38ms
7ms Script
application/x-javascript 2.21.143.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/choueirigroupheaderdfp445340272806/moatheader.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.143.57 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-143-57.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e72f6a91fa6a95334e8a521b46840830bedcbd2f1f619846c518334bda15ad89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: gzip
last-modified: Thu, 18 Nov 2021 10:47:18 GMT
server: AmazonS3
x-amz-request-id: 5NGZS7MW4MQ962EP
etag: "11c1efc624f84c95841575663e7b7d37"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=38208
accept-ranges: bytes
content-length: 86599
x-amz-id-2: 09bBCVFxXulnccOWBxGv4AXl7zaMiTmBa/XQGUiSVZDCv5qC2x8MEIyuV4HquSzCVvzjTV0IxK4=

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 3941ms
134ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7067
date: Sun, 21 Nov 2021 09:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 21 Nov 2021 11:01:07 GMT

GET
H2 200 tag.js Show response
t.effectivemeasure.net/ 22 KB
7 KB 35ms
7ms Script
application/javascript 18.66.97.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.effectivemeasure.net/tag.js?1637
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: be1c4031c965bdf06827008cc018d79cbed689468cd9be0e6810a56a5f6617d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: O3a7WZEATOQUEXh0NtsTxnF269jGh9BQ
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 01:00:17 GMT
server: AmazonS3
age: 341708
etag: W/"93cb9d1cb96864d82a396bd64bd41630"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3f52d342c56014599dee37446f6c9f2f.cloudfront.net (CloudFront)
cache-control: public, max-age=604800
date: Wed, 17 Nov 2021 12:03:43 GMT
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: lzeqFrkuzO4bUWZNkFm7VnyX2QDQRZUIaPGlEa-L7i8mrvFsQtf1wg==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 24ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: 5cVI+kDjOrvYHuObQ6q4irFcc+13mjGWixJEXMG9Bj/cSz2XuHB0koOR32pRwKt8n6tqHF1nTOE7cmE0KPxBIQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 21 Nov 2021 10:58:50 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
42 KB 8342ms
7145ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WS55WCG

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3d9e4e2746d43307b86c4c18e6f79cc305d5a9dd770a03fedcb93fb459b8461c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42679
x-xss-protection: 0
last-modified: Sun, 21 Nov 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Nov 2021 10:58:51 GMT

GET
H2 200 jb_cvalidatorv1.js Show response
cdn.jubna.com/adscripts/ 2 KB
2 KB 55ms
6ms Script
application/javascript 2600:9000:225e:d400:1e:aead:3c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jubna.com/adscripts/jb_cvalidatorv1.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:d400:1e:aead:3c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 987a26560f62eec7ac308e5a37f0a8b2374fb9786edf741bfe957201c0320cd3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 07:11:29 GMT
via: 1.1 b1c64361268fcbad3c03abbe37eb5cfb.cloudfront.net (CloudFront)
last-modified: Thu, 16 Sep 2021 08:51:09 GMT
server: AmazonS3
age: 2260042
etag: "eaee1a66c010818ede412c71a51bba1d"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-length: 1548
x-amz-cf-id: JFbmUx-6AuPLO-04BOWLsnK8EuAc0L2_xirQV5QHV8uZ1AH9YoYZ_Q==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 134 KB
44 KB 4838ms
3642ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N8V4SDN

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd2ea5a3645dee759e55979c80220d2a18c5607ff56aa999635e5987b832bead

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45354
x-xss-protection: 0
last-modified: Sun, 21 Nov 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Nov 2021 10:58:51 GMT

GET
H2 200 tags.js Show response
js.datadome.co/ 222 KB
41 KB 44ms
7ms Script
text/javascript 18.66.122.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.datadome.co/tags.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

140c5b1fb28786a8b50e9c454b6897fb52efc2829dce042156a445123a4d868a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:38:53 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 1197
x-cache: Hit from cloudfront
content-length: 41335
access-control-allow-origin: *
last-modified: Thu, 18 Nov 2021 15:38:29 GMT
server: Apache
etag: "377d3-5d111f34a6d9a-gzip"
strict-transport-security: max-age=15768000
content-type: text/javascript
via: 1.1 8ac93eaf91328abbc6951d3fbab21e81.cloudfront.net (CloudFront)
cache-control: max-age=3600, public
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
x-amz-cf-id: E6ayJ73PtS4dyWRjuejUtQnAcTyb1rWO_ewFi2qTnlzqhXseJL3DPQ==
expires: Sun, 21 Nov 2021 11:38:53 GMT

GET
H2 200 WebForms.js Show response
ajax.aspnetcdn.com/ajax/4.6/1/ 23 KB
5 KB 48ms
12ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/4.6/1/WebForms.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

20ce63d9edc1c2aee134c440cfba7d0705d1c6c3c20461964b9310da22c2a5f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12813886
x-cache: HIT
content-length: 4612
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:05:29 GMT
server: ECAcc (frc/8FC6)
etag: "802d345cb33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 WebUIValidation.js Show response
ajax.aspnetcdn.com/ajax/4.6/1/ 26 KB
5 KB 50ms
14ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/4.6/1/WebUIValidation.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F1B) /

Resource Hash

54f4013748dd2ffead8e438f96340d290f51bd3b3c6af2a6c4b8f68eb58ffd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10746520
x-cache: HIT
content-length: 5435
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:05:30 GMT
server: ECAcc (frc/8F1B)
etag: "0996b46cb33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 MicrosoftAjax.js Show response
ajax.aspnetcdn.com/ajax/4.5.1/1/ 97 KB
24 KB 44ms
8ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F24) /

Resource Hash

b6b2a6b0ecb3218b2f5da2dd045e7e5ebd1c4152a443b5642d9351a8e0a59d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8420272
x-cache: HIT
content-length: 24367
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:05:00 GMT
server: ECAcc (frc/8F24)
etag: "0f68934cb33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 MicrosoftAjaxWebForms.js Show response
ajax.aspnetcdn.com/ajax/4.5.1/1/ 39 KB
9 KB 50ms
14ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjaxWebForms.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FF0) /

Resource Hash

75ff9ed4493b32310094826e703a8be5bce10d31eaa682c182adde38f9366bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4613233
x-cache: HIT
content-length: 9627
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:05:02 GMT
server: ECAcc (frc/8FF0)
etag: "023bb35cb33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 img-211121095635-92-eyes-makeup-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 31 KB
31 KB 17ms
17ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121095635-92-eyes-makeup-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b34970e47adc81fdf317468ef9fb8244e5eeb6584ceb9d647d466678859d6647

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10885
content-length: 31389
last-modified: Sun, 21 Nov 2021 07:56:35 GMT
server: cloudflare
etag: "222b844eadded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2Bj4EdDo%2BWylHJ9TsfZmoQCPLVAvLyrJ5yc%2FWlQRCKAQ7kvPRkDdr%2FAYGwx60Bm8ke%2Be8cHXdd1%2BIMm2lZQbH8UhzzbxM5pr7Y%2FynCIsvJi05Yw47BzU5okrS1m3IHDsmjmbEF9xpxJAe9widw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bbf9fb4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121093527-33-Buccellati-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 19 KB
19 KB 26ms
25ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121093527-33-Buccellati-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aeb062b3d5f8c2b1b1d5f090a3072340f89c4514b611199f9ced35b294e45188

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11828
content-length: 19105
last-modified: Sun, 21 Nov 2021 07:35:27 GMT
server: cloudflare
etag: "db48895aaaded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qct5AS2TEwCtLVkpuTZZzKFkugiG7XUwli6591TKW%2FI4KupyhBZHoNYMsbpo8Wd5RqyJLSLrHJZM2G%2BRb9qwlitL6fZ105g9XuJ88EyQqkaF7rC1vG%2BEGiBReePip7dzAd1on88vqpALZmwcsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc09fe4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121081400-52-solafa-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 65 KB
65 KB 17ms
17ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121081400-52-solafa-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4647ae2ed92911dbccb4bd3315ff0ff0aa811eab801986deabe98c6b31db8c73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16429
content-length: 66219
last-modified: Sun, 21 Nov 2021 06:14:00 GMT
server: cloudflare
etag: "1e84ddf99eded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JuDCosrMF4E8fPBOwjvu0kLi91o0pBjcaOt3z%2FjegELiSIlMJJ8%2FCBVXRyBhQL61ofd7%2F%2BgapolYYp%2B%2Bu4MdKDYtZZOOySFD8Tgs1uyJCbuTnYpFkC0Kw4u5m4iP%2Fssf%2F4BaauFg54e6NuVhAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc0a1a4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121073626-93-skin--main-21-11-2021.jpg
www.nawa3em.com/img/big/ 26 KB
26 KB 26ms
24ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121073626-93-skin--main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 047e41bc55cae6d1679bbdfee65a5262ce073b3bd1ff4929057c4d8c31a0ff56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17960
content-length: 26272
last-modified: Sun, 21 Nov 2021 05:36:26 GMT
server: cloudflare
etag: "404b2dba99ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lq5tpkZuwvf5Sn19OdlLzExpWEaIEou4fRgiuFKM4sZXGQ1a7P1ZA9Tq0gx5CEHx1Tz0gdllNqcq8xyqXQymheES8SEfv3P4SCWb8gb5VzXPamhArpzzE0KqSlwznh09ITfye1omHcp42Rstdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc1a414eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121072718-71-rmadan-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 49 KB
49 KB 21ms
20ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121072718-71-rmadan-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d0b9ab0eeb58961e0d9dd621f2fef39fdaf3a319985b62842125fd3b15cde9a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19625
content-length: 49728
last-modified: Sun, 21 Nov 2021 05:27:18 GMT
server: cloudflare
etag: "1a34cd7398ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoTNI7Obhw3G7lN64%2BAaE9JIpdsPvGiF3QGev0GV8XQBUPdTQN3hHoFbwFPhKNGbOcBhEjxp6hWik9Indz4JpG456FzcZMkK2kK8hx5ME7EVAeX6lPjTiiNAQiVsvMidTgWO9LYn8JsUdyGTBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc1a424eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121070938-57-asalah-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 44 KB
45 KB 22ms
22ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121070938-57-asalah-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c12b98655d7840631715602d6afa9c2c57c2b2f345a9f015f8af456b76f5a59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20446
content-length: 45187
last-modified: Sun, 21 Nov 2021 05:09:38 GMT
server: cloudflare
etag: "7ecb73fb95ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVpNtnDCZ79zR3%2FlIFGZXFh2qafJ5JRMeCn6Ojpuldr1Lf5MTJFi0o6rXzVW1WQGjDZo6gwqGQdZSpRaQ8E4IKVoGESwti0GM1QloaK3NqxbBgnJj3WzH2yaOanewBeDdjiS%2FP7wcLDWJn9YEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc1a434eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211120065535-33-ghada-main-20-11-2021.jpg
www.nawa3em.com/img/big/ 66 KB
67 KB 18ms
18ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211120065535-33-ghada-main-20-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0dada58a803b8b0a332f5c4b4056bb7174d0091afb4ba20c4aaea7220222d75

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 100250
content-length: 67735
last-modified: Sat, 20 Nov 2021 04:55:35 GMT
server: cloudflare
etag: "8411e6dacaddd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0vd5qSeHxmlt078C0v%2BmCc69%2BIzZIWACYpjkTFEeJyIozitQACTkPBZlBMpzqzNcBKfKNDV1lahX5ArQ5J1ETRdwfNbsrVcOo5Lroraga8I%2F6M3r0OvF2q%2FxGegazQXJ8uEL6jDYFh99f8aVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc2a694eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211120065124-13-megan-main-20-11-2021.jpg
www.nawa3em.com/img/big/ 55 KB
56 KB 20ms
20ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211120065124-13-megan-main-20-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a79c458c1be2a5198a44e1d659d425aaae9b0dc25a8692606e5a366e476949ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 100250
content-length: 56458
last-modified: Sat, 20 Nov 2021 04:51:24 GMT
server: cloudflare
etag: "7281945caddd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtV09AY2UEK%2BNzwNiyJIAhSCmhwwlPUUEZ0X16hQaggN%2BdPHdy%2BU3wrp8WuLonkRo7xJCGJ%2B3fTnk1B24siKYNu83f9oS9V0zmwxmtK6buOsf0kNyo5KmvDYlq8WuMn%2FUcK%2Ft7OWLsocr7KbkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc2a6c4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211120064333-58-reta-main-20-11-2021.jpg
www.nawa3em.com/img/big/ 18 KB
18 KB 21ms
21ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211120064333-58-reta-main-20-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2abc465f6cdac0dcdbcb3bc00dbee78b2aa4ef7459c734d056cfd585ced0e5f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 100250
content-length: 18505
last-modified: Sat, 20 Nov 2021 04:43:33 GMT
server: cloudflare
etag: "c4a8f2cc9ddd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cP8jebqsGUpS6nHys%2Fs5a0lxP3YThoLAszYh%2B%2Bzo4G06KNo5tdkTiFbnbeNVRSqOPeuXVlSWiY2KKaMo%2Fgx%2BxWfBl%2FpLxE2e8L8hvJVOBBbQWC7Yr3GDlJJkRqwLXOk2pTRjqyXgXuva%2F2sIOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc4a8d4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211119103513-95-Rossano-Ferretti-new.jpg
www.nawa3em.com/img/big/ 29 KB
30 KB 23ms
23ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211119103513-95-Rossano-Ferretti-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1018685a8936df063d55f19f0398c76706bdd2dae6474bb01a3525f6a9d6f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 180698
content-length: 30173
last-modified: Fri, 19 Nov 2021 08:35:13 GMT
server: cloudflare
etag: "a8c51c5f20ddd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5TU7B3fP6IqKlf%2FCVtx7nfeoCB2fCRO8MfHOZIY4NC57%2BmR9MAU%2F22wi%2Fl6Y1uoA3Hf8V20QC7Q47RO1hmJS3E8Vd%2Fgik1qR7ptZoMlPN3%2F2GYWcHpfufKjYy1025rD2mfwllMzcIUmkA3QWeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc4a8f4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121120448-94-A926F877-9CE9-4986-ADA8-303596F81D0B.jpeg
www.nawa3em.com/img/big/ 51 KB
51 KB 20ms
20ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121120448-94-A926F877-9CE9-4986-ADA8-303596F81D0B.jpeg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4839563ab2e13a71b3687fd4c80038104836c90f277772aa448474418169f121

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2990
content-length: 51842
last-modified: Sun, 21 Nov 2021 10:04:48 GMT
server: cloudflare
etag: "4fe0de37bfded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zB%2B4Nt8wzvsMJNyL%2BP2TS3tq%2BybaY7F%2BYIWZXq1%2B%2B%2F0FIO1DNAZ0vsGlRV8P2F3YanT3G%2FqmSjTtdxOJqCZO73uAn7D2GhAr47EAzs2n8%2BoWIukyfc9jb5Y79daHQoiFATf%2BZj1yqvyBk4tRPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc4a974eb6-FRA
cf-bgj: h2pri

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 53ms
26ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbdbf1dd472c6ee81a9f63ab83f0ad5578277a97a515accea566f136a15ecc49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19593
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 17 Nov 2021 02:24:48 GMT
server: cloudflare
etag: W/"11f0f-5d0f2befec061"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6b1967bc7903dfd7-FRA
cf-bgj: minify

GET
H2 200 img-211121105721-55-dana-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 35 KB
36 KB 18ms
18ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121105721-55-dana-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99a0f877d68ef4239566c67e6afb147b70132a432660e246b2f6034deb8e5b89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5913
content-length: 36304
last-modified: Sun, 21 Nov 2021 08:57:21 GMT
server: cloudflare
etag: "e3f3a6cbb5ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uFWIWomnvscKq1hYMnWXHs9W0cnwGoG7Lfcox6qT%2F8YlNy0AhaPfPPnYoZUb1BO1PMY8Jf1Ao9i9fBTglAyp0JvEFpw37PsGzepB%2BZnmATWQKzd53tCPZ3qR7xOTkuwFXLPefaFRRZmSYOR4oA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc4aa34eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121102704-24-news-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 33 KB
34 KB 23ms
19ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121102704-24-news-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec80b7fe0fd4117bf415a6de42868a5c50d8af6152ee41610cb43afb266d83fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5913
content-length: 34168
last-modified: Sun, 21 Nov 2021 08:27:04 GMT
server: cloudflare
etag: "ebd26b90b1ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jL7pxeVLB6KqHnBykQpGb80B38FtsOQFNZ9LzC3xtfbVQvhMk%2BbusTqo7t8fJa6NfxHTxmtbCcWDJVNIY9IXtkuUaPYcCCF1viXs5kGHblXhrUcKisdDgZuNkcKg0C5Po3%2Fjh1CqsHK8JW0jOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc6ad74eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121101828-10-asel-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 43 KB
43 KB 19ms
17ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121101828-10-asel-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c76e8205972210803277061869444661d43286435145bacbf077000fd1a5e401

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5912
content-length: 43827
last-modified: Sun, 21 Nov 2021 08:18:28 GMT
server: cloudflare
etag: "9deed5cb0ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a5KDjPdQ%2B6HcJfzXM%2BVndBK4MP8msU19akw%2FfgZCWTCUgO2NCEOQOE2PZixxbK9bu%2Ba5sq%2BC0e4fmkmEuhIQWJtvI%2BH6hQNb0%2FXxdIIx1MP2KSeC2tLJopwURMyJl2U46t77n5U77idYu1BdSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc6adb4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121095635-92-eyes-makeup-main-21-11-2021.jpg
www.nawa3em.com/img/org/ 100 KB
100 KB 21ms
20ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/org/img-211121095635-92-eyes-makeup-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a21a1e7b26164842ced539a86ceea506931c4a6c511a18e35bb2b356508d572e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2676
content-length: 102181
last-modified: Sun, 21 Nov 2021 07:56:35 GMT
server: cloudflare
etag: "46707f4eadded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GrIXkkBTpOQrzAF1LOGbsAsIaxvNpkpSIH60JcZIef0RIKltzSaJT6bfUEiv%2BQkJWnTMFHus%2Bt9ebZ48dr1Yk4Erf10w2lgsyB1fBAJJQKqtEXZ%2F2y6kvzWUaWO%2BE%2FZQN4aw5kGzTIXRNu7Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc6adc4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210831084743-89-mail-helmy-new.jpg
www.nawa3em.com/img/big/ 54 KB
54 KB 18ms
18ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210831084743-89-mail-helmy-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6c77aedeb6e532c85b27b54d9a43f92525b8e8de98b82ddbc15448f995c8fbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 354609
content-length: 55231
last-modified: Tue, 31 Aug 2021 05:47:43 GMT
server: cloudflare
etag: "e48ea7b72b9ed71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Su6nweUHBWP%2FBegFJ%2BXS3MZG%2BQaxeXnLjx36wlCZQfUG0KjE0x1%2BkMx2uxjzfJWn0Ue2YBE4dQRYj9hWlkcoxcjdurKEgcUH6cCQZe987wdaYToVMiVs5HuA8e1Rleay1G9ged20QemcXDKwCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc6ade4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210830025227-97-img-210801081942-30-nancy-main-1-8-2021.jpg
www.nawa3em.com/img/big/ 23 KB
24 KB 18ms
16ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210830025227-97-img-210801081942-30-nancy-main-1-8-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb1b02f4dda8e8e64c28534fb8bd8c55fa3c69614d31ad13d39b05955cbb42b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 412295
content-length: 23892
last-modified: Mon, 30 Aug 2021 11:52:27 GMT
server: cloudflare
etag: "73a63381959dd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovDs4q8H%2BEfMb1uOzrQe5NUYwyLa396TChisWBFTO271kyl7uFMauGdORXZpESMuiKoYIJcn6%2Bb6eSeQX5j6NmK70jMEY1%2FpssbFlZbHSf%2Bl%2F9u5RmAzsGKV3MbAcqs1BAtZZay3T8fIEJj9jg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc8b054eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210822035947-46-2.jpeg
www.nawa3em.com/img/big/ 52 KB
52 KB 33ms
32ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210822035947-46-2.jpeg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03feacd7610b1b550455a96ac82373d52df3870f0db37af75aca953e68443d86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 176410
content-length: 52932
last-modified: Sun, 22 Aug 2021 12:59:47 GMT
server: cloudflare
etag: "db551e965597d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duRmST7HdCvjdaf3VuG6nlrXvZSuNXzCum7WG7tufaaSVr2rUad%2FNofh%2BM5rEjAAIHjJU2sS1gtX4KJFja5FkkyBgZdubFxoAwa668Ph1ssLxOva4MgP1vhf5sR7e4yjxYj%2BryqoSJnbTf4aOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc8b0a4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210728080526-39-najwa-new.jpg
www.nawa3em.com/img/big/ 46 KB
47 KB 17ms
16ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210728080526-39-najwa-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2099c6c8aa2834919e75ee868046957309e7cb0d7e8f6ae124c16147144af37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 405302
content-length: 47447
last-modified: Wed, 28 Jul 2021 05:05:27 GMT
server: cloudflare
etag: "34c8e32d6e83d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=21hdS6gd%2F95Yv3KKXRlPadjeh%2BDXinD%2F8HiG3sftDRsWMVRWFdpmPmXAdp%2FCSwqzGPY25RHjDrIaWh6nDYpDIcwoitBnK9bMUO6nzhHSJygi%2FZglnYNpupCiBXXOb6ZETxKNs0LoRw5r68S2%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc8b0e4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210713080503-69-dark-circles-new.jpg
www.nawa3em.com/img/big/ 32 KB
33 KB 17ms
17ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210713080503-69-dark-circles-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a67926c92697ffe5532c6ac849a60c5cbef91563fc95bc622d662dcdf200942

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 405301
content-length: 32985
last-modified: Tue, 13 Jul 2021 05:05:04 GMT
server: cloudflare
etag: "9320fba3a477d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QTDpgaffxoMB8m4Mj11ivzwAVA3RWj2Qqtsb47dgI6EAUcFeOXeIOJzluLBfUJ%2FKEo2ztsdlXwR9%2BRIS9xCkHhpsUPxdIRKpmi7bAe6YKKD6K81OE%2FJIrCvoDwNyB4PVci57byrCauZWSEGNmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bc8b114eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210712092630-25-fashion-new.jpg
www.nawa3em.com/img/big/ 51 KB
51 KB 20ms
19ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210712092630-25-fashion-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 150030e97cca47ade7f9048d75bef6629a7b0c338f9b462ba74296fff38061a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 614822
content-length: 52180
last-modified: Mon, 12 Jul 2021 06:26:30 GMT
server: cloudflare
etag: "5abf2bdae676d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cZd6GrXJFIn4deYB5AxO5DwoNBeQWKHJf12tDABLanoQV7tbYAwSqMQQu5rzMSc4n9hVoUvL836Bf0knZjC33xlnEY1BLkmNdKQ9P9rWiIQf5NszX823wjWdmkF4OicKmwN66NaKa6z%2F21PKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bcab314eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210707083034-59-malda-new.jpg
www.nawa3em.com/img/big/ 32 KB
33 KB 21ms
19ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210707083034-59-malda-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87f713056c81aba30f92daf6a8f9ee0f658c543e38b8e691b84bd2734b4660af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 412295
content-length: 33251
last-modified: Wed, 07 Jul 2021 05:30:34 GMT
server: cloudflare
etag: "a930f535f172d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o47Y75NOTwG6tt9VcJbFNTFJqUoZyNVdwCb7HMWOiYo3BOLBFr5XbWPjLc%2Boi%2BgCl5dHMC9YQXBdrlmXaRBeFZ8ibwrJ1FbBEnFCsKUk6go882WmNEiYsy8l8TNdCASrPlIJzp6b3cKg8ZSSxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bcab394eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210630111447-34-shirine-hussam-vidoe.jpg
www.nawa3em.com/img/big/ 29 KB
30 KB 25ms
25ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210630111447-34-shirine-hussam-vidoe.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99e662be938c04bbb89a28971e86e5cc882e88d78f01631b1f1d5a8c90d0bc0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 412294
content-length: 30003
last-modified: Wed, 30 Jun 2021 08:14:47 GMT
server: cloudflare
etag: "ff3e3fd876dd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QS55k%2BsqKEgOtxq%2FS2qM7UgRIH3b7oI8C7SU1Ii68Z0LqwWrH4Nb%2Bdu0LsTOM3UiTzHcQiiNS2CT%2B9UpNv3DtitZpC6ZvI52AGrmtCb5MOUbspCyyQUnkNs3cABLeWhBZMRe6v2SfOqZIT53gA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bcab3a4eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-210618064922-41-rahma-shaa-new.jpg
www.nawa3em.com/img/big/ 39 KB
40 KB 25ms
25ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-210618064922-41-rahma-shaa-new.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41d33852216a10659978fc9fb51ee96c64e0749dab92a60dbb0a44e99fbe552c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 412295
content-length: 40039
last-modified: Fri, 18 Jun 2021 03:49:22 GMT
server: cloudflare
etag: "e0d4f7ecf463d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NUmvuzxfqCSSL4krW%2FFFMMhtRhHD%2FfxpASyFcVUgylORAN%2B3QoJv3Jn7SBq%2BYog60fKcWHnrkUFXgS22m%2FcO8pbH58j1lCmIdmxuhyAygSppRJ7nnkTROLdpKQ%2BsCQZpNx8sZ53UEHKpk0Rl7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bcab404eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121091915-69-chef-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 73 KB
74 KB 21ms
20ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121091915-69-chef-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a335f5eeedb6ae6da2c9f072bf4b00f5cbb93b0962a405ed5583d1490650474

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13016
content-length: 75105
last-modified: Sun, 21 Nov 2021 07:19:15 GMT
server: cloudflare
etag: "14695a17a8ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5AVIEkaDb7yuJp31522m4xCdJpDk%2BeZOMSk0C%2FM1OBp5Vin5Q0ElhtMHeALhcIEqUF2u3gSDYFzWUoE1SniscFPMfXlZk10RQSLZiKGCfrdtqtF%2BTQmb3%2BpyYtUfDuK1u9h%2B2RfUNW3K2DymZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bccb714eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121085246-70-MENA-main-21-11-2021.jpg
www.nawa3em.com/img/big/ 67 KB
68 KB 17ms
16ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/big/img-211121085246-70-MENA-main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77c43ff0f810dd809416be5f1142eef6d512ef4ac4bae656df1d7cea5fe4c72f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13910
content-length: 68918
last-modified: Sun, 21 Nov 2021 06:52:46 GMT
server: cloudflare
etag: "6ed9f64a4ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NK767WUcaeOhuLgCH2F%2FlbjyBih4iKwiGhNoFQpxMO8ZDZIToRGAIYz2AHyzqSU%2BcD4VDF1EcyyAhgdPgZ3RwaJP4U1Rj48NYhWJovuF%2B1ZIhvcvWfRkKGseCvLRen3TbN2Sqh7WMTLoauzhmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bccb724eb6-FRA
cf-bgj: h2pri

GET
H2 200 img-211121073626-93-skin--main-21-11-2021.jpg
www.nawa3em.com/img/org/ 47 KB
47 KB 19ms
18ms Image
image/jpeg 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/img/org/img-211121073626-93-skin--main-21-11-2021.jpg
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 597c79019b8022a3d09e62b23c65a544c95300bab1e68e9b5f85084a32670d88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11829
content-length: 47842
last-modified: Sun, 21 Nov 2021 05:36:26 GMT
server: cloudflare
etag: "22df28ba99ded71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvP5szSoZydppKQJLAe5olFk4lqEi7x7lfo5134WKt5SZ3kIZegeRlzA6r7PP9oVaoXo5mgTc9DfhHHKYxl%2FULScOQ5z%2F3zVzE3tij%2F2B7IcLct7sSwZKuq9puvYdF1H9WAta%2B4NXFn4BBnBTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967bccb734eb6-FRA
cf-bgj: h2pri

GET
H2 200 bootstrap-minified.min.ar.css
www.nawa3em.com/css/ 14 KB
3 KB 28ms
28ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/bootstrap-minified.min.ar.css?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bdacad60e7453946469c03609e6bf586bf7a08479c6e2cf7568749f85fe8045

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181867
cf-polished: origSize=20351
last-modified: Wed, 12 Jun 2019 06:10:01 GMT
server: cloudflare
etag: W/"8082fd77e520d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aItwqkR%2Bu%2BRuKj6Lf%2BH04uCkjMv9gOqP9PCq%2FysScBtgGmJu1v9eIowl3WPBN%2BTZ9FZwWVXQIc1voSRpf2qrxEFw76awIbnC92YhQcBLRLz5w5tlZ%2FifrFJUqfI91IHdlIf1jNzpbAXA5c44Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb18574eb6-FRA
cf-bgj: minify

GET
H2 200 slick-theme.css
www.nawa3em.com/css/ 2 KB
1 KB 24ms
22ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/slick-theme.css
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a3016f9ee0cee1007d6ad8314f6ddf25f86cc9e0a906fd328f8dfc6e37c498

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12708
cf-polished: origSize=3193
last-modified: Wed, 28 Mar 2018 07:41:05 GMT
server: cloudflare
etag: W/"9d8ea32068c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNs%2BCsOpVr1jcDq8YZ%2BxDxH%2BZCvxlQ0j0hqGLObhP14G2YHXC9a6RYPg5mtK6qPuDFosPyVYY3DfizQopZr08RHqv4iRj%2Ffu5PjH3RZXcxhTksx0vjVC8vnivvvo82gJAHg2vm4O85LwuQYb2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb286a4eb6-FRA
cf-bgj: minify

GET
H2 200 slick.css
www.nawa3em.com/css/ 1 KB
734 B 20ms
20ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/slick.css
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00a269606af95f52ce213e5096cc3a079d73522bc4e3c398789038666bb1454a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 418228
cf-polished: origSize=1729
last-modified: Wed, 28 Mar 2018 07:41:05 GMT
server: cloudflare
etag: W/"b4e2bc2068c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXhky3uUbpLWU%2BMmc0ZS7tD6TqHanvAamE1zO6A8fo16Hw1Q4PfFEw7coobOWk6Z2HpfWZ0Go70qc%2Bdu6LLbRFxON86tNNEMfZ248fwHh3Ij%2BphIXhEGQ58YZfnTP5fiI%2FHnOkRAl7ecrFSGew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb48a14eb6-FRA
cf-bgj: minify

GET
H2 200 font-awesome.min.css
www.nawa3em.com/css/ 28 KB
7 KB 22ms
21ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/font-awesome.min.css
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 792d4a70e724f416b1adf19a79d8602ad32bcd45f255a6937b131b3c5377981a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Mar 2018 07:41:04 GMT
server: cloudflare
age: 183847
etag: W/"d3212f2068c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VLIDg%2BHbVFxxd8gXtatzUK4EwruwwglawsLLdNguMFB8UKV1LfL0%2BDLtn4AnY8M5v4AdK2Ke%2FI2363ToAfAgaTQkT8RO5M5bMqDLyBsjZrPzK4S98nXoZFSThqNh%2FLKfU5E%2BOGEV7acrLAEhTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bb48a24eb6-FRA

GET
H2 200 font.css
www.nawa3em.com/css/ 3 KB
854 B 40ms
39ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/font.css?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799da33d2330a2e521d149ccdda293077c0807e63ee21b9366dfc7da80909b0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181867
cf-polished: origSize=3993
last-modified: Tue, 26 Oct 2021 14:19:37 GMT
server: cloudflare
etag: W/"cebc8274cad71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPScKnGRLNLMUQynqZtILhGSHdbpAh1mb2GYpolaZEKgnOu3svrN%2F1hvhWB%2BaOPByLHQAIqKLVcCgZFHZqBs8TD%2FYTdrem6gbElpHwnP91uH6Zuv5Mu15o4nHIGlI6uiKeDnoP0JgoVA8p0Rng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb48aa4eb6-FRA
cf-bgj: minify

GET
H2 200 common.css
www.nawa3em.com/css/ 49 KB
11 KB 24ms
23ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/common.css?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4847310e5634ac24ce4f5cacdcb4819f47092a6d4a8836944569c8e9360ae75

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181867
cf-polished: origSize=59547
last-modified: Fri, 19 Nov 2021 08:27:10 GMT
server: cloudflare
etag: W/"083ea3e1fddd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6PDybH2BPXVgpfPDQYKdmRtYe%2BeqOEuMCW8I%2Fi0UZQxSwHhTyfd0Ss%2FyQ2B%2FUgRFZQ9dRC9DVlxqfL9AD9AvVMqRSuoPwoKu3T0rxjeUyJRY%2BYaLpWgLfr%2BFNFd4Ik6NhTukmPRc8auy036pzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb48bc4eb6-FRA
cf-bgj: minify

GET
H2 200 leads-generation-registration.css
www.nawa3em.com/css/ 4 KB
1 KB 18ms
18ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/leads-generation-registration.css?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f34decfbbd16daf934f121db07e115382dac6178794ade8067719df99decf0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181867
cf-polished: origSize=5475
last-modified: Fri, 12 Jun 2020 09:45:15 GMT
server: cloudflare
etag: W/"7eb7c72c9e40d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hSQuhY56eyz7JDiSANqcvDEl%2BSCcsfxzXKn9Q3ulYwQbS9kU6l1gtx%2FjgSdNRXRlZD3mtwE0gzF921sIW2jyw1zpA5Fyxx1tZHaijxQk%2BEIODrn%2BdsQscpLIggKvlolsRE8aV95Vf4%2BW29b7YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb48c54eb6-FRA
cf-bgj: minify

GET
H2 200 home.css
www.nawa3em.com/css/home/ 6 KB
4 KB 27ms
27ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/home/home.css?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18621a54a00c2aaef42d06bc0681fac7fe4bad29e5bd8994ed4a0ae41e4b6653

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 178567
cf-polished: origSize=7175
last-modified: Wed, 30 May 2018 11:43:37 GMT
server: cloudflare
etag: W/"76325472bf8d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35L5hALZfDeAzR%2Bmz%2FJD79b8DiRUl0d7QaLOPIF1sNU3iQmTcmVmK5i91%2Fmxy5CnsaYYDJIYhb9xgrxHqZnn%2BSbQ3GnRjf%2FrOa8K%2FGs7%2BnJxfyQJYeXUcUAaeo80lXTKfrKIURGfc5FRULDTlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb68ea4eb6-FRA
cf-bgj: minify

GET
H2 200 mediaquery.css
www.nawa3em.com/css/ 2 KB
1 KB 20ms
20ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/mediaquery.css?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e81a5fd85ad15cde62256de06f348b516f6b1a45016c31ed8a0081bff9fc206

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181867
cf-polished: origSize=3545
last-modified: Tue, 21 Sep 2021 08:51:11 GMT
server: cloudflare
etag: W/"25951d4c5aed71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fsb1QG2neHU1VpYe6hDFLCnJttXm%2FExX0phgVH80SdVvo3H3jA4UYW3ycqFtx65njjZs1hEnZXpRqNjme6oDXs%2BeYkqWsFzLRjgWphIYDx%2FVzSXne1nSZuh8hDk%2FFbOq1JiX9c6gdRnVyyL3QA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bb68ee4eb6-FRA
cf-bgj: minify

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 341ms
91ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 08:17:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9657
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Nov 2022 08:17:54 GMT

GET
H2 200 bootstrap.min.js Show response
www.nawa3em.com/js/ 36 KB
10 KB 24ms
24ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/bootstrap.min.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Mar 2018 07:41:05 GMT
server: cloudflare
age: 418228
etag: W/"80fe9d2068c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjvyI%2BmzB0UK5YkT7qyqoEb5L6v080BquLdIExfUiYsN5hjBkYeDoe6CsNh4YQfNe9Fgvs6reO7hPy9BMXy1sua2BeXi3P73j7LYJ1hPampO6oD9%2FbVC3U8boOBRDRJdV5j9L%2F5UlEdYxaofOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bb68fa4eb6-FRA

GET
H2 200 ResizeSensor.js Show response
www.nawa3em.com/js/ 6 KB
2 KB 18ms
18ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/ResizeSensor.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f826a947a47c13c4af480b9b7853e9ca12d2873c67a9200f3c7a26f8cacae2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Mar 2018 07:41:07 GMT
server: cloudflare
age: 418228
etag: W/"10fe52168c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Wf2oZrASU3MdSlGsHy4l4DTJrw1OqIIB%2BYdI0473mwwGF7SzDfJKMR%2FqgixmA1RsRvIFsEAym74CdLbkMa2EglVmDSNzZO0WD%2F3xgFUs4Dq3PKU1Q8E%2F7rKO6pN9fbIJvGmgC76B6CpuFmaTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bb892c4eb6-FRA

GET
H2 200 theia-sticky-sidebar.js Show response
www.nawa3em.com/js/ 16 KB
4 KB 19ms
18ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/theia-sticky-sidebar.js?v=1.0.1
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cf19f6cc925894c0ea1b468ecc3b91995cd99aeaae784662e3d1f2defcf9a77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Nov 2018 11:49:58 GMT
server: cloudflare
age: 418228
etag: W/"546f46524786d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f44QNd8UJnhC8HBwD8dcoVNDrcZ3bbTMO%2FOKjyRqScSVPhAzPuypAVFOmouVSznffsihqjIhscjYFNHRQLTah62Zu86QO%2F2tDzfoDOIhww6l893Fp%2FMpepqNPpWryEOxuxucyEsLmdMUlVsxGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bb892d4eb6-FRA

GET
H2 200 common.js Show response
www.nawa3em.com/js/ 24 KB
6 KB 18ms
17ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/common.js?v=319
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52e7c726d9751065d7911b3188b95b0b7a873fae3b5d93cf54f9b0368d916b49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Dec 2020 13:02:24 GMT
server: cloudflare
age: 418228
etag: W/"030c6d9e2ddd61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3EMd8KuEVoTz2DfZEAk8hAbC8z%2B64th2j1gBREyMuc4IUi4m9CjS2xDfgz7uZl0k5xfVnALK3Wpxrw8DO58a2dFyitup0Hov32WcxYluotj%2FktfojBExhIz67TOaS3EinPOxqwrZ9NKjbMfhTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bb893c4eb6-FRA

GET
H2 200 moment.min.js Show response
www.nawa3em.com/js/ 50 KB
18 KB 27ms
26ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/moment.min.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0aeb4ecf1091b9c52c9fa0ba4dc118b1abafbd88a51278935e574f6baff0bb49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 05 Jul 2018 11:29:39 GMT
server: cloudflare
age: 418228
etag: W/"8093b1755314d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bzntioQ2tx%2FtEMVz4n%2Bd7Qw4co%2FA5im%2B%2BHeUxjBfmdOLWdWUWO45nTWb3%2BQzZkaBThIk3hovyIRZNB9YrfaQw9fdjFygESXBVpaO%2F%2B77ovwca%2FUc%2FELPWqpxlnfdJLD4T0j9mYSz9pVU1tjxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bb99474eb6-FRA

GET
H2 200 intelligence.js Show response
www.nawa3em.com/js/intelligence/ 2 KB
1 KB 40ms
39ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/intelligence/intelligence.js?v=319
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8713f00ac018d68aee92c7379c1f29d309d918ab5f4d51194327c22b060262d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 05 Jul 2018 11:29:40 GMT
server: cloudflare
age: 418228
etag: W/"3dd5c5765314d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGYA%2FqtrXKkuocxmP9xXrwk4z1kSZ4Ov8JLfPsVdLqL001E7mjCwURk01rs17XkxOnYgWZXYfGcCFwdhB95mcrkR2tiMWVwr%2Be66iMtrFqNDiy%2Fg8UriIe4aoxO5K%2FjEP9qVybk77LNItuh8Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bba9604eb6-FRA

GET
H2 200 leads-generation-registration.js Show response
www.nawa3em.com/js/ 6 KB
2 KB 21ms
21ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/leads-generation-registration.js?v=338
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3eceff69f5a80c3b4ab190ba9551834eb47ce4219b348a01fb0e05eb562eefb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Jul 2020 13:34:39 GMT
server: cloudflare
age: 181867
etag: W/"3aa59ad1a64d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dR1hawrMp8Lp%2F%2BLRhbqZxwKcsYCYktwIMxfZAkZe%2FlcJY5srPG5B4VdM6Q4S5AQ9fY73xOf03cHUfqQkEdjQnV%2BF8kcGSCUtStuFh65yxbkalLIAKnP7KJ6FIhEj8ay82m6bifIFjxOtn21e0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bba9624eb6-FRA

GET
H2 200 slick.min.js Show response
www.nawa3em.com/js/ 41 KB
11 KB 21ms
20ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/slick.min.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e02af7df9a190d88380e2dcec2050ecaa493ae2d23526dbeec67f6907df3a752

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Mar 2018 07:41:07 GMT
server: cloudflare
age: 418228
etag: W/"802bcf2168c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8S3sp0ZLx6aILfZz8fJ5n2ot3ltGfILsYhjCtH0gwfeMC8i255LMhuMLvphBV8nbLVo6Pgpan8NKX8eA4E93J1%2F2cLImKgRBGPOy8f9IKmkWQ%2F3M8zTJoj%2BIF2yMOYqNICDUgdbTlP5WZ90jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bba96d4eb6-FRA

GET
H2 200 jquery.lazy.min.js Show response
www.nawa3em.com/js/ 5 KB
3 KB 22ms
22ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/jquery.lazy.min.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 657789d4c08945ff9f19b40ae8f7b9077fb296c8201725aa82ae9ba861d1e1b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Mar 2018 07:41:06 GMT
server: cloudflare
age: 416361
etag: W/"28d5a2168c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOZW1%2B2uzk6jYzYD6O5QDimfVOjdrmA6v9PddeibGdkcONJWBGwEJw%2BMah3OSP3NX1knCmVDtEg4m2r8XgdAkWMShNbqRb6kpjrXsUeFeZTHN1eivPfORt62X3Pyy2Ox8E8dnko8bTUGw9FC8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bbc9984eb6-FRA

GET
H2 200 isInViewport.min.js Show response
www.nawa3em.com/js/ 2 KB
1 KB 17ms
16ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/isInViewport.min.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5c9e4a8e5518916b730e9fd83efe48ef42ced31b3f721bb94f966e8896af966

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Mar 2018 07:41:05 GMT
server: cloudflare
age: 418228
etag: W/"68462c2168c6d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3x7GFldPyaWe4BTS%2BToF2RWKSG1eqZn8VV9BHkVv4oBVLxRO7d6MnYgWubWo3uUgPJDRw3jeyGuZCrjWvJh%2Fd1Y70TpUdLw0zME8d%2BKh0awhS0muiUpf0yW4SFSscIA1fGDXHwigCU%2BCPyA7kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bbc99b4eb6-FRA

GET
H2 200 home.js Show response
www.nawa3em.com/js/home/ 23 KB
9 KB 19ms
19ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/home/home.js?v=319
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79bfa87e26a3f2c23967ec0c41a696316f760922c35cbea46c70fd50b51460f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 14 Mar 2019 09:54:01 GMT
server: cloudflare
age: 412294
etag: W/"1e3debd94bdad41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Br6wMJw%2BnwTt0PwwrnxdKz%2F%2FUb%2F4jhG0v5UxAd71kJOro5R5oLAsVsHv4ld%2Fw8tthbzmdkdoZcgb13rY6z725VH6NVWTiaY8mIlI42zVrRnDtgRlegsIMO4MQYfX0xjRSYOOVDDj4JSaldpTcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bbc9a84eb6-FRA

GET
H2 200 install.js Show response
www.nawa3em.com/js/ 292 B
515 B 16ms
16ms Script
application/javascript 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/js/install.js?v=319
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e5f390f3c6fdfbc8f3d113d198210ca633424907ed786d2ddcb67056376e806

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 03 Jun 2020 09:28:30 GMT
server: cloudflare
age: 361596
etag: W/"fafa22588939d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bGEoBhlsmOwo4JvYUtxO4lNinhVRE8bKoMVagJ2FIqqenYpewkUnDPDen2BptRb21VffXpppQpio0kTRr8rlz90Lmi7cXFElrhAvbhRNhM%2FDvKVV8MzL2i4ZnaX7ITSP8QpueS%2F3yzV641CEqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bbe9cd4eb6-FRA

GET
H2 200 scripts.js Show response
list.mailigen.com/js/ 2 KB
2 KB 34ms
6ms Script
application/javascript 159.135.137.162
DE-RACKSPACE Fran...

General

Check archive.org

Show headers Download Go to

Full URL: https://list.mailigen.com/js/scripts.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.135.137.162 , Germany, ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6b350bcd4ef036388aa7bd9bc43eccb48ea9d1d350a69f9d98c551c68b1608b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
last-modified: Tue, 07 Sep 2021 03:38:29 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "6136deb5-7a7"
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1959
expires: Tue, 21 Dec 2021 10:58:50 GMT

GET
H2 200 subscribe3.0.js Show response
list.mailigen.com/js/ 11 KB
12 KB 33ms
7ms Script
application/javascript 159.135.137.162
DE-RACKSPACE Fran...

General

Check archive.org

Show headers Download Go to

Full URL: https://list.mailigen.com/js/subscribe3.0.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.135.137.162 , Germany, ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b3994c7cdb21eed1d8497fb7bd77befba6ad86f3c7d445a83f7fd840ed0ff70c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
last-modified: Tue, 07 Sep 2021 03:38:29 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "6136deb5-2d90"
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 11664
expires: Tue, 21 Dec 2021 10:58:50 GMT

GET
H2 200 newsletter.css
www.nawa3em.com/css/newsletter/ 2 KB
1012 B 19ms
19ms Stylesheet
text/css 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/css/newsletter/newsletter.css?v=268
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 719406378d73a2b1efbb74125cc24d19c7f8df4a4031ebc3908ca250ebdfcd5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 418228
cf-polished: origSize=2040
last-modified: Thu, 02 Aug 2018 13:40:13 GMT
server: cloudflare
etag: W/"8ca8457662ad41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8iPzBzLyPLWlVX%2FEo8waYpPCvYIt2ucbtO7n8g3jeHNGKP6wzDlqFYyd7RZxUyzqgi2FxFB1SFrPj8bFP6SkRgYFiJW9vdWSJZErVMrSHqOPvIXKAxfc5WebFBeLtGDhyObccTugrIN0tuMtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bbe9e14eb6-FRA
cf-bgj: minify

GET
H2 200 tracking-pixel.php
clicks.zwaar.org/public/ 95 B
840 B 2672ms
2625ms Image
image/png 172.67.142.218
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks.zwaar.org/public/tracking-pixel.php?campid=54362
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.142.218 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELLXhxKoanI%2BVkwA%2BSeUNNPc3L%2FYmUgiNm2oC7b9X86no%2BQU3ApcWYyXQgZt7xWfViUKhsKAoun%2BGNelZWB0V8Rg%2FvVQrzp4iMyCV7uwIkmH%2FKUgzQrju6cJYLBD0TmQqVaY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cf-ray: 6b1967bd2edf775f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 175394759729483 Show response
connect.facebook.net/signals/config/ 305 KB
88 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/175394759729483?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50f6de6fee9df0dec65171f6a4a5811dca944b048e0b779ba31ca1b766c16298

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89171
x-xss-protection: 0
pragma: public
x-fb-debug: Ja1FPcmKoDyYeIGi/QbYul2I+Fz7QgZRGHyEujNBnRl7gqhcTyaY5zMEejLQM41V8zFxykRzpTEqUPNJU+1Keg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Sun, 21 Nov 2021 10:58:50 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

get Show response
collector.effectivemeasure.net/beacon/
Redirect Chain

https://collector.effectivemeasure.net/beacon/get?cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1637492330753_1
https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1637492330753_1

143 B
740 B

27ms
27ms

Script
text/javascript

3.250.255.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1637492330753_1

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

HTTP/1.1

Server

3.250.255.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-250-255-173.eu-west-1.compute.amazonaws.com

Software

nginx/1.20.0 / Express

Resource Hash

25bcb3102605abdd4ef3fa54c2d2b30daaa54a4642a2c114a738844012d5ce49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 134
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Server: nginx/1.20.0
X-Powered-By: Express
Vary: Accept
Content-Type: text/plain; charset=utf-8
Location: https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1637492330753_1
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 160
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 287 B
461 B 230ms
25ms Script
text/html 18.169.85.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xSErBeoFGpG4fz6GF1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-dCAW7OXurwpsfw%3D%3D&sc=1&os=1-jA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&pcode=choueirigroupheaderdfp445340272806&rx=149965749125&callback=MoatNadoAllJsonpRequest_27703290
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/choueirigroupheaderdfp445340272806/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.85.185 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-85-185.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: f39bb6e06431ad5a852e5ad4754729e9aabdddcfaced175e465697da352eec35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "f0c9a9c3daf23d34301ec0f5e3d90e1e512fc2d1"
content-length: 287
content-type: text/html; charset=UTF-8

GET
H2 200 iframe.html Show response
z.moatads.com/hd09824092/ Frame 54EB 1 KB
2 KB 7ms
6ms Document
text/html 2.21.143.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/hd09824092/iframe.html
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/choueirigroupheaderdfp445340272806/moatheader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.143.57 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-143-57.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/

Response headers

x-amz-id-2: cMTMm/T5i/x+FajcHkVdFOSmWAZag3PGFBeFtprKDfuotZYacHPbNTZ9It13lKcp9wxjAAroOng=
x-amz-request-id: 3AF06B645285EDE5
last-modified: Tue, 26 Jan 2021 22:41:39 GMT
etag: "4a9cbc2e5bc164313dace42a58bef141"
accept-ranges: bytes
content-type: text/html
content-length: 1374
server: AmazonS3
cache-control: max-age=2298
date: Sun, 21 Nov 2021 10:58:50 GMT

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66ba74f053fcee3ab5bfe60d5f4d3c62cee01535ce88be5521542da16771b553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 053e7af5899b13dbe6f3bb67381668ccf15373402c805ece14b05d6a12edf92f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3254a1540922353e9b81877b82ff7d9a9b5680bb32c28611f6d42f058032ca1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cb8216505769e9fdf2fe5d83a903f2c7ccf9b9f239639a3e5609aa6e51b19af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3dcd51fa67a98db134b48dd71d42e72d52f7ee818741264e34327d8f40ebd2a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da94f33e6c7ec821c6b230b7de55cb0d6abb4819ae2179734f2dfccdd22caae0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 jbi.min.js Show response
cdn.jubnaadserve.com/adscripts/ 29 KB
29 KB 41ms
10ms Script
application/javascript 2600:9000:225e:d400:1e:aead:3c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jubnaadserve.com/adscripts/jbi.min.js
Requested by: Host: cdn.jubna.com
URL: https://cdn.jubna.com/adscripts/jb_cvalidatorv1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:d400:1e:aead:3c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f283e059317edafc4c3597769c4a55c9715d45d33e2d682e41b374d616593ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 07:49:09 GMT
via: 1.1 b1c64361268fcbad3c03abbe37eb5cfb.cloudfront.net (CloudFront)
last-modified: Tue, 01 Jun 2021 08:48:53 GMT
server: AmazonS3
age: 3294583
etag: "e9da1d338ac48344036e70dc213762b5"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-length: 29606
x-amz-cf-id: qKRGrdMBNo3h6cAx08gcMfmc_Bi9Z-5yBwGEIMzg0I8GHs4C9TKvKQ==

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 25ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=175394759729483&ev=PageView&dl=https%3A%2F%2Fwww.nawa3em.com%2F&rl=&if=false&ts=1637492330908&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637492330907.678563057&it=1637492330746&coo=false&exp=p0&rqm=GET

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sun, 21 Nov 2021 10:58:51 GMT

POST
H2 200 / Show response
api-js.datadome.co/js/ 210 B
388 B 83ms
11ms XHR
application/json 18.196.167.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-js.datadome.co/js/
Requested by: Host: js.datadome.co
URL: https://js.datadome.co/tags.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.167.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-167-61.eu-central-1.compute.amazonaws.com
Software: DataDome /
Resource Hash: 59696ce2bd0bc9942cd8a9be9aa7540323402c77a28d79c7ae093245335857b9

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:51 GMT
server: DataDome
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 210
expires: 0

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 102ms
51ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 21 Nov 2021 10:58:51 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 63 B
93 B 93ms
46ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.nawa3em.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

dbdb174509d539355797461afe5dc2f86964ee8b3e959aa804f491a763b7816d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68
x-xss-protection: 0
expires: Sun, 21 Nov 2021 10:58:51 GMT

GET
H3 200 sm.23.html Show response
static.addtoany.com/menu/ Frame D8E0 741 B
822 B 45ms
33ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-type: text/html; charset=utf-8
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
etag: W/"2e5-5cc9e128a4c38"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
via: e2s
cf-cache-status: HIT
age: 290981
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6b1967bd4f1868f2-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 19ms
18ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 962483
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6b1967bd5f2a68f2-FRA
cf-bgj: minify

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7bede5d544a81280e6518ca955c7530731a1f7b959f6a2285c7afe3a0e8372

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ge_flow_bold.woff
www.nawa3em.com/fonts/GEFlow/ 12 KB
13 KB 31ms
30ms Font
font/x-woff 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/GEFlow/ge_flow_bold.woff
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font.css?v=338
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4655ad4daa9e24e23165d03f03d375117839d30560d57a6c4e28d09b39bf2971

Request headers

Referer: https://www.nawa3em.com/css/font.css?v=338
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Feb 2018 13:11:06 GMT
server: cloudflare
age: 418223
etag: W/"5b4d36dccafd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6tA93G2L1P8G8HdR2l9nvNlkF1OpBTjfpbFNMzBCkgAtLuAMOvGDmEPN2vwGJ6aYMmZZJS%2FINJLvc%2FH%2BGG8f5Jd0kU9eWg1aziltYORqT2IfH20s3lo1vmvuCrc873XlASi7TOPKefvHykYRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/x-woff
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bd8ca24eb6-FRA

GET
H2 200 NotoNaskhArabicUI-Bold.woff
www.nawa3em.com/fonts/notonaskharabic/ 122 KB
122 KB 18ms
17ms Font
font/x-woff 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/notonaskharabic/NotoNaskhArabicUI-Bold.woff
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font.css?v=338
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 075c0d13785dfbc7aa1e938bcfe59a87d9ee00f5f9e40ee51bb65cfc3efb0cfd

Request headers

Referer: https://www.nawa3em.com/css/font.css?v=338
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Feb 2018 13:11:13 GMT
server: cloudflare
age: 418184
etag: W/"c43a2a71ccafd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PgCvzITMoRHqpd%2BzvGVF%2FwXJjZCU%2FZJhnoPHwv%2Br00P7EwGmbRg1AArmCqzvn6DHp4Uq9%2B4gcIg9OY%2FBDn9vmNGDtdkFRycV7lz0yZ2mH5LOmHApiUe45m%2BheWUsjUWdYkA3rAE90jngLsjFjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/x-woff
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bd8cb34eb6-FRA

GET
H2 200 RobotoCondensed-Bold.woff
www.nawa3em.com/fonts/roboto/ 65 KB
65 KB 39ms
38ms Font
font/x-woff 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/roboto/RobotoCondensed-Bold.woff
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font.css?v=338
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8d0e12bcee46c653f9bb941aea0691800e42cf7cb8e43d178215312a0240008

Request headers

Referer: https://www.nawa3em.com/css/font.css?v=338
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Feb 2018 13:11:24 GMT
server: cloudflare
age: 410291
etag: W/"1d54178ccafd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qj5osl5Prhqp07IbBP2hHrQAjVZ2m3AL024x%2FD2nqT3CLUlQSbt%2B2NKMyjkJUWjuchtAsM15LdnP4uIicr83SIOwWMdGcXM8pUYuWcfipz8CkfEV0yDq3armc9U8Yprs1AZzvmSArjYfPnCy0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/x-woff
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bd8cbe4eb6-FRA

GET
H2 200 NotoNaskhArabic.woff
www.nawa3em.com/fonts/notonaskharabicregular/ 121 KB
121 KB 26ms
24ms Font
font/x-woff 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/notonaskharabicregular/NotoNaskhArabic.woff
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font.css?v=338
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff9a7ca9b3edd93a56ac906a12a3c829730e6feb85d0483b48646258e0f0edc3

Request headers

Referer: https://www.nawa3em.com/css/font.css?v=338
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Feb 2018 06:20:13 GMT
server: cloudflare
age: 418199
etag: W/"4c1178315cb0d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsi6K2Pv%2FR%2BiYm3ecdyRgH77toRsQkyHQ6AAuooo1c7XIbtCxB25m%2B1LrfnO3HxdHeu7A7RbsE60UFiDJ1ArmLUMIZ1WF8EmiX7IcQMGfizhPp03WhUiktrmq0urQlwI5d%2FsnOX%2F1E95qAEiDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/x-woff
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bd8cbf4eb6-FRA

GET
DATA 200
OK truncated
/ 17 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32d7bc682354e1e70a6dd30feccc783263c13821038d67cf4805b94a2793d2f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Quarto-Regular.woff
www.nawa3em.com/fonts/quarto/ 32 KB
32 KB 21ms
20ms Font
font/x-woff 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/quarto/Quarto-Regular.woff
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font.css?v=338
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5df3d35ff73222056b2477304de4598f2f2dfe72b8c405eae06cf51113608179

Request headers

Referer: https://www.nawa3em.com/css/font.css?v=338
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Feb 2018 13:11:17 GMT
server: cloudflare
age: 409055
etag: W/"e57ac773ccafd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qyk8Q3M6wcH5fpTe5fu0heyLxy9Oca1tFpRJI%2BXvhqPUeaN0OaiP4xAq6QHyvcnYcsX7hJCYwrvYuBGW9x5nzfS8mrN%2FJXNBX979Nb4uc8%2Fo59tjvlN6neqhtrsmUZVvETjVoJpEuUoWcJfIVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/x-woff
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967bd8cc14eb6-FRA

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0cc14154271d55d8c50e737c295a52997941695688aa7b0b1b708d16bd3b1fef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 404 fontawesome-webfont.woff2
www.nawa3em.com/fonts/font-awesome/ 0
0 20ms
20ms Font
text/html 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/font-awesome/fontawesome-webfont.woff2?v=4.6.3
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.nawa3em.com/css/font-awesome.min.css
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 418218
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoVjQz1VM9whCw5JtuOpF5mVIO2yYkFHYB9QPzi%2F6gG6aT5hWXDuE0j7PE722M23Udy6YEDNfWw3voCl0pm1j9N94rKxe2D9utmCMLLyQjkCP0tOknYdN8jrYNzEO0bWLa8q%2FpQXDRZnW8dXYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: *
cache-control: max-age=691200
cf-ray: 6b1967bd8cc34eb6-FRA

GET
H2 200 fontawesome-webfont.woff
www.nawa3em.com/fonts/font-awesome/ 82 KB
82 KB 23ms
23ms Font
font/x-woff 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nawa3em.com/fonts/font-awesome/fontawesome-webfont.woff?v=4.6.3
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c812ddc9e475d3e65d68a6b3b589ce598a2a5babb7afc55477d59215c4a38a40

Request headers

Referer: https://www.nawa3em.com/css/font-awesome.min.css
Origin: https://www.nawa3em.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Feb 2018 13:11:03 GMT
server: cloudflare
age: 418218
etag: W/"a8dd406bccafd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q75pZq8fhEROHWROLk18SQdfqUf%2BBwbi%2FputljqwOMkSvR5LnPsLhM3RXnFZHQq9ZaY72mZwSRuAEas2vlbI3ojn8lUz0n9XG9zxhwpV1bYUMnqYxbFSCJPhqaqcn%2FOYYSVP3FPyxS7DztvOFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/x-woff
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b1967be1dc64eb6-FRA

GET
H/1.1 200
OK detect Show response
detect-survey.effectivemeasure.net/ 19 B
461 B 77ms
7ms XHR
application/json 2600:9000:2251:1000:1f:612c:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://detect-survey.effectivemeasure.net/detect?
Requested by: Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1637
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:1000:1f:612c:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: 438da1276d1d3eda0a0ad7c3a798065015b616021e05b332c0a12c73b0d1de34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Thu, 18 Nov 2021 02:30:42 GMT
Via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
Connection: keep-alive
Age: 289689
X-Powered-By: Express
X-Cache: Hit from cloudfront
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
X-Amz-Cf-Pop: FRA60-P3
Content-Length: 19
X-Amz-Cf-Id: XwLkJQ48QQVysRXSJbnY8t_fdaF2_xKTcUirXQUkAX3qsujtbFTAmQ==

GET
H/1.1 200
OK sync_pixels Show response
collector.effectivemeasure.net/ 76 B
418 B 115ms
29ms XHR
application/json 3.250.255.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.effectivemeasure.net/sync_pixels?pageURL=https%3A%2F%2Fwww.nawa3em.com%2F&vt=467a7f41-e720-4397-93a6-c04f142524e4-17d422612da-df02f7ce
Requested by: Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1637
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.255.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-255-173.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 / Express
Resource Hash: a9e9ce0f2fe232bf31c9f446a35568c225e8027eee116261a16fdc33170641cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Content-Encoding: gzip
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 87
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK pixel
collector.effectivemeasure.net/ 35 B
288 B 28ms
27ms Image
image/gif 3.250.255.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector.effectivemeasure.net/pixel?et=pageview&ed=&br=t&vn=b21b8ec&tz=0&pu=https%3A%2F%2Fwww.nawa3em.com%2F&vt=467a7f41-e720-4397-93a6-c04f142524e4-17d422612da-df02f7ce&vi=b5f13180-2fb2-417f-9667-65b160382c95-17d42261328-797b70ab&du=0&dt=0&c1=1&c3=1&pc=1&db=0&pr=&tt=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&te=552&sh=1200&sw=1600
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.255.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-255-173.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 35
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK set Show response
collector.effectivemeasure.net/beacon/ 97 B
653 B 28ms
28ms Script
text/javascript 3.250.255.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://collector.effectivemeasure.net/beacon/set?cookies=%7B%22gc%22%3A%22DE%22%2C%22mb%22%3A%220%22%7D&callback=cb1637492330753_2

Requested by

Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1637

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.250.255.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-250-255-173.eu-west-1.compute.amazonaws.com

Software

nginx/1.20.0 / Express

Resource Hash

124a6df2b8fa004112f86d3e1faa7a84487aa50c744411375063001b4a99f295

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 97
Expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 launchConfigs Show response
survey.effectivemeasure.net/ 2 B
122 B 96ms
96ms XHR
application/json 52.202.90.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://survey.effectivemeasure.net/launchConfigs
Requested by: Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1637
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.90.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-90-208.compute-1.amazonaws.com
Software: / Express
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/json

Response headers

access-control-allow-origin: *
date: Sun, 21 Nov 2021 10:58:51 GMT
x-powered-by: Express
content-length: 2
content-type: application/json; charset=utf-8

OPTIONS
H2 204 launchConfigs
survey.effectivemeasure.net/ Frame 0
0 324ms
96ms Preflight 52.202.90.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://survey.effectivemeasure.net/launchConfigs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.90.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-90-208.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.nawa3em.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type

GET
H/1.1

200
OK

google_gid
collector.effectivemeasure.net/sync_webhook/ddp/
Redirect Chain

https://cm.g.doubleclick.net/pixel?client=ddp-dms&google_nid=emi_ddp&google_cm
https://cm.g.doubleclick.net/pixel?client=ddp-dms&google_nid=emi_ddp&google_cm=&google_tc=
https://collector.effectivemeasure.net/sync_webhook/ddp/google_gid?client=ddp-dms&google_gid=CAESEOW15bRRXScyWzxNw57k_Zs&google_cver=1

35 B
288 B

28ms
28ms

Image
image/gif

3.250.255.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector.effectivemeasure.net/sync_webhook/ddp/google_gid?client=ddp-dms&google_gid=CAESEOW15bRRXScyWzxNw57k_Zs&google_cver=1
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: HTTP/1.1
Server: 3.250.255.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-255-173.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 35
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://collector.effectivemeasure.net/sync_webhook/ddp/google_gid?client=ddp-dms&google_gid=CAESEOW15bRRXScyWzxNw57k_Zs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 339
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK set Show response
collector.effectivemeasure.net/beacon/ 100 B
552 B 27ms
27ms Script
text/javascript 3.250.255.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://collector.effectivemeasure.net/beacon/set?cookies=%7B%22dmp%22%3A%221637492331423%22%7D&callback=cb1637492330753_3

Requested by

Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1637

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.250.255.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-250-255-173.eu-west-1.compute.amazonaws.com

Software

nginx/1.20.0 / Express

Resource Hash

7c449ee2320f6402f4637e49dec0bc7dffee49c606e86a2eab5553a4a3695171

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 96
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 / Show response
app.jubnaadserve.com/api/click/validate/ 0
144 B 102ms
46ms Script
application/javascript 52.56.247.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.jubnaadserve.com/api/click/validate/?dname=d3d3Lm5hd2EzZW0uY29t&jbVId=75f67d020a6c2c4561d1ca4670345b0a
Requested by: Host: cdn.jubna.com
URL: https://cdn.jubna.com/adscripts/jb_cvalidatorv1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.247.114 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-56-247-114.eu-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 21 Nov 2021 10:58:51 GMT
cache-control: no-cache, private
server: nginx/1.18.0 (Ubuntu)
content-type: application/javascript; charset=utf-8

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 17ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=175394759729483&ev=Category&dl=https%3A%2F%2Fwww.nawa3em.com%2F&rl=&if=false&ts=1637492331774&cd[Category]=Home&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637492330907.678563057&it=1637492330746&coo=false&exp=p0&rqm=GET

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sun, 21 Nov 2021 10:58:51 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 38ms
6ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200093-IAD, cache-fra19142-FRA

GET
H2 200 ajax-loader.gif
www.nawa3em.com/fonts/slick/ 32 KB
32 KB 19ms
19ms Image
image/gif 2606:4700:20::681a:aa2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nawa3em.com/fonts/slick/ajax-loader.gif
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/css/slick-theme.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:aa2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 098977b123570b0826c2b3bea107a8dbd7b5e78d96c198be6cb51cd4a10dd6a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/css/slick-theme.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 418221
content-length: 32742
last-modified: Tue, 27 Feb 2018 13:11:25 GMT
server: cloudflare
etag: "fbf97f78ccafd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQ2A2WUzrndV%2F4XGtFB%2FuGqQfFerelFMzD77yaxh0ExgOwkc1U2%2Bv9J1b5VuqXCmIZbjDnesF6WzjtYWofFZoPiO6ru8WYEHCSuHFEaayy3pP2jGGtJ9eKcOyCsfsWuiXvEUD4m7NpE8S8ObYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6b1967c1cd0e4eb6-FRA

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
673 B 182ms
121ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2595&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=39397b3f-3959-4adb-9f23-a5c9a74721cc&tw_document_href=https%3A%2F%2Fwww.nawa3em.com%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 114
pragma: no-cache
last-modified: Sun, 21 Nov 2021 10:58:51 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 4015a673b1973acd29e395ef8273ca66d80eae5b04ec50ff6a2e9242a6b62c31
x-transaction: 29e81981065c70e8
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
470 B 144ms
117ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2595&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=39397b3f-3959-4adb-9f23-a5c9a74721cc&tw_document_href=https%3A%2F%2Fwww.nawa3em.com%2F

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 111
pragma: no-cache
last-modified: Sun, 21 Nov 2021 10:58:51 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d5f728b31e92e314857f9a2bb2250121d09a7875de9cb4aaf10a8960fe59671c
x-transaction: 447889e56b07eae2
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=175394759729483&ev=Microdata&dl=https%3A%2F%2Fwww.nawa3em.com%2F&rl=&if=false&ts=1637492332413&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5Ct%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%5Cn%22%2C%22meta%3Adescription%22%3A%22%D8%AA%D9%82%D8%AF%D9%85%20%D9%84%D9%83%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%83%D9%84%20%D9%85%D8%A7%20%D9%8A%D9%87%D9%85%20%D8%A7%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%B2%D9%8A%D8%A7%D8%A1%D8%8C%20%D8%AC%D9%85%D8%A7%D9%84%D8%8C%20%D8%A3%D8%A8%D8%B1%D8%A7%D8%AC%20%D9%88%D8%B1%D9%88%D9%85%D8%A7%D9%86%D8%B3%D9%8A%D8%A9%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1637492330907.678563057&it=1637492330746&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sun, 21 Nov 2021 10:58:52 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 99ms
49ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=993438354&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nawa3em.com%2F&ul=en-us&de=UTF-8&dt=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBACEABBAAAAC~&jid=287022245&gjid=195888963&cid=8495737.1637492335&tid=UA-25102817-1&_gid=1922737688.1637492335&_r=1&_slc=1&z=1015574065

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nawa3em.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 58ms
19ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-25102817-1&cid=8495737.1637492335&jid=287022245&gjid=195888963&_gid=1922737688.1637492335&_u=IGBACEAABAAAAC~&z=1329386666

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 21 Nov 2021 10:58:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.nawa3em.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 625ms
118ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25102817-1&cid=8495737.1637492335&jid=287022245&_u=IGBACEAABAAAAC~&z=180961693

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 446ms
62ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25102817-1&cid=8495737.1637492335&jid=287022245&_u=IGBACEAABAAAAC~&z=180961693

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
14 KB 78ms
77ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1000671215

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 21 Nov 2021 10:58:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 238ms
48ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-996524147&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1000671215

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9289d76f5985fd2891823972cc3b101c27d1e1f5824254a29653a5affeae79fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39579
x-xss-protection: 0
last-modified: Sun, 21 Nov 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Nov 2021 10:58:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 718ms
528ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-987341042&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1000671215

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bad365573e1343d90b629df69f42bc09a643a4cb12a56f6294ae97a8f7ae04cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39578
x-xss-protection: 0
last-modified: Sun, 21 Nov 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 21 Nov 2021 10:58:56 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1000671215/ 3 KB
2 KB 1329ms
96ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1000671215/?random=1637492336597&cv=9&fst=1637492336597&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

359e8d3584f81abbd87e602643b6c03954b30d62c76b163eb74b1553d2992711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/996524147/ 3 KB
1 KB 102ms
102ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/996524147/?random=1637492337863&cv=9&fst=1637492337863&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e101c459921e95be83e16839a6e4e3ee26b76928ba3faef8397c8fbeadda7c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1083
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1000671215/ 42 B
154 B 4078ms
3777ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1000671215/?random=1637492336597&cv=9&fst=1637488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&async=1&fmt=3&is_vtc=1&random=4252523095&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1000671215/ 42 B
154 B 352ms
51ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1000671215/?random=1637492336597&cv=9&fst=1637488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&async=1&fmt=3&is_vtc=1&random=4252523095&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/987341042/ 3 KB
1 KB 595ms
328ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/987341042/?random=1637492338050&cv=9&fst=1637492338050&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c74a0076a5d70f4786a08e1b2679844ab333213bbfe5e943607571c9f7519cf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/996524147/ 42 B
64 B 109ms
50ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/996524147/?random=1637492337863&cv=9&fst=1637488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&async=1&fmt=3&is_vtc=1&random=903558452&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/996524147/ 42 B
64 B 455ms
455ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/996524147/?random=1637492337863&cv=9&fst=1637488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&async=1&fmt=3&is_vtc=1&random=903558452&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/987341042/ 42 B
64 B 52ms
51ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/987341042/?random=1637492338050&cv=9&fst=1637488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&async=1&fmt=3&is_vtc=1&random=651336922&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/987341042/ 42 B
64 B 307ms
307ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/987341042/?random=1637492338050&cv=9&fst=1637488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&tiba=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&async=1&fmt=3&is_vtc=1&random=651336922&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 foxpush_SDK_min.js Show response
cdn.foxpush.net/sdk/ 39 KB
11 KB 45ms
19ms Script
application/javascript 2606:4700:3032::ac43:d706
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.foxpush.net/sdk/foxpush_SDK_min.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:d706 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae541ac1f906334afea0ed870a8680217d869f184a12d5e40a9712ab74cee403

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 06 Jul 2021 20:40:07 GMT
server: cloudflare
etag: W/"9dc9-17a7d8ca7be"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKBv4zYkA5hvBNMZqrCfow7apWq5Xqr09tDU0YcFwMy9Zu3q1Ujun7lHMaB%2FNOkvQqc5KSdW36hpIJwcruaRzjUFO4cqFjH%2Bcb9QGsg19vN1jvhR9gFOKCzQU62NJ%2F7OE3IKeAQVuM1ZbS%2BC%2ByI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cf-ray: 6b1967ef4d011f11-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js Show response
cdn.permutive.com/ 2 MB
336 KB 73ms
38ms Script
application/javascript 104.19.149.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.149.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 087506310fc8e766ae44e78dbf85c00634c089e1bfd077f767fd8797f5f362f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: f3a06674-ebb9-4b9d-ba8f-0052018c0687
age: 251
x-guploader-uploadid: ADPycdt3o-p-RARql85YB5INpKOex2S64JMohXpzUBNNZMjxUS9z7Ja3SF-6jCo3XcuV3vkIwDNOgmslGU8dcVQ4zN0
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
last-modified: Sun, 21 Nov 2021 10:54:47 GMT
server: cloudflare
etag: W/"1028bcba61c61e1731172c616b1c3b82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=tl+FUA==, md5=ECi8umHGHhcxFyxhaxw7gg==
x-goog-generation: 1637492087423486
cache-control: public, max-age=300
x-goog-stored-content-length: 370315
cf-ray: 6b1967ef5c2c5c56-FRA
expires: Sun, 21 Nov 2021 11:03:59 GMT

GET
H2 200 evidon-sitenotice-tag.js Show response
c.evidon.com/sitenotice/ 63 KB
17 KB 23ms
7ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 938c77a89e7d38efbff80ca2324b5191f90c6d790c247e0aabaae93bd62a7763

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
last-modified: Tue, 26 Oct 2021 20:19:58 GMT
server: AkamaiNetStorage
etag: "bb570c03cfa8a9909bf9644a3e5f5d80:1635279598.00544"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=172800, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 16600
expires: Tue, 23 Nov 2021 10:58:59 GMT

GET
H2 200 country.js Show response
c.evidon.com/geo/ 252 B
459 B 24ms
8ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/country.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: fd6321a73fa53c24f5ac39432a3eaf12305d410b415349e19278548b8a4deb75

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
last-modified: Fri, 13 Mar 2020 23:46:45 GMT
server: AkamaiNetStorage
etag: "61397050076da6e6062ac7b53a8ef498:1584143205.714402"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 174

GET
H2 200 snthemes.js Show response
c.evidon.com/sitenotice/5406/ 276 KB
6 KB 26ms
10ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/5406/snthemes.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4e39db78d9e511e7f911894ed7b9cd4947de43a35fc4491e153faf7569968454

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
last-modified: Thu, 18 Nov 2021 08:42:13 GMT
server: AkamaiNetStorage
etag: "d83b3eb9f6e2d469798968d90312fcde:1637224932.964839"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=172800, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 6148
expires: Tue, 23 Nov 2021 10:58:59 GMT

GET
H2 200 settings.js Show response
c.evidon.com/sitenotice/5406/nawa3em/ 10 KB
2 KB 28ms
13ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/5406/nawa3em/settings.js
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cb6ebd24bfa362f3ef3eb542e0b3d37784f0f6551be4eed626ab9958f8513c52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
last-modified: Wed, 17 Nov 2021 06:41:54 GMT
server: AkamaiNetStorage
etag: "6e061e6faf529a2fd3f896862c4bd129:1637131314.989482"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=172800, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1466
expires: Tue, 23 Nov 2021 10:58:59 GMT

GET
H2 200 en.js Show response
c.evidon.com/sitenotice/5406/translations/ 60 KB
6 KB 7ms
7ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/5406/translations/en.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a88904ba415012e49b6bc2643b713ed88a92eb0dea74a172b39c821072387a4a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
last-modified: Thu, 18 Nov 2021 08:42:09 GMT
server: AkamaiNetStorage
etag: "61b0bda5ec85fbfd3a3d5ab32406b907:1637224929.230979"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=172800, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 6149
expires: Tue, 23 Nov 2021 10:58:59 GMT

GET
H2 200 evidon-banner.js Show response
c.evidon.com/sitenotice/ 12 KB
4 KB 8ms
7ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-banner.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 90e96b8ddeddfd57732f5a8da1654a24c24e10692703d3cbaa203ba9164b1c0f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
last-modified: Tue, 26 Oct 2021 20:19:58 GMT
server: AkamaiNetStorage
etag: "d3cae5c9f2de37800cf22ffd4777e27c:1635279598.624818"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=172800, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 3311
expires: Tue, 23 Nov 2021 10:58:59 GMT

GET
H2 204 2
l.evidon.com/site/v3/5406/13303/3/1/2/ 0
120 B 291ms
96ms Image
text/plain 34.227.252.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.evidon.com/site/v3/5406/13303/3/1/2/2?consent=0&regulationid=2&regulationconsenttypeid=1
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.252.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-252-121.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 204 84363
l.evidon.com/site/v3/5406/13303/3/1/2/2/ 0
121 B 284ms
96ms Image
text/plain 34.227.252.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.evidon.com/site/v3/5406/13303/3/1/2/2/84363?consent=0&regulationid=2&regulationconsenttypeid=1
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.252.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-252-121.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 204 84363
l.evidon.com/site/v3/5406/13303/3/4/2/2/ 0
120 B 278ms
97ms Image
text/plain 34.227.252.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.evidon.com/site/v3/5406/13303/3/4/2/2/84363?consent=0&regulationid=2&regulationconsenttypeid=1
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.252.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-252-121.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 200 nawa3emcom.json Show response
json.foxpush.com/ 994 B
1 KB 49ms
22ms XHR
application/json 2606:4700:3034::6815:648
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://json.foxpush.com/nawa3emcom.json?v=0.5975183684960963
Requested by: Host: cdn.foxpush.net
URL: https://cdn.foxpush.net/sdk/foxpush_SDK_min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:648 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be7482fe76c6cf5f35a2cfff447360b8c0625f3c51a78826db2070834aa6c383

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 19 Nov 2021 11:16:46 GMT
server: cloudflare
etag: W/"3e2-17d37e9c27c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ivs2bcvVbZre7Mpu2nqtBqyxxN7FtfK2gDmctrWMhDpD3fnk0HrR5afMyK4QF5h5ac3fqqbIcabrvf9fQubB1ZotG2tTe9ajMU9rZaP60qw8i9VU5HIg7uEE%2FKxZX6Va2zPzi8W3ipzlUr0%2BUF1E"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1800
cf-ray: 6b1967efa9574de2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 index.html Show response
www.foxpush.com/source/ Frame F718 1 KB
1 KB 51ms
25ms Document
text/html 2606:4700:3034::6815:648
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foxpush.com/source/index.html?fox_domain=nawa3emcom.foxpush.net&hurl=https%3A%2F%2Fwww.nawa3em.com%2F
Requested by: Host: cdn.foxpush.net
URL: https://cdn.foxpush.net/sdk/foxpush_SDK_min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:648 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e62ca1eaa5187d6f70762cc4871ff7412cb4b5c8d63aa8dff42329f4dba15657

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-type: text/html
last-modified: Wed, 28 Jul 2021 19:37:19 GMT
x-amz-version-id: 7U79eS3jd6XVrFzX627aKt8THwzOWR.n
x-cache: Hit from cloudfront
via: 1.1 8a6f67a9421de326f43e9107751b580f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: m8vu74alnbyZ1QthUIoSc50N-GE8gvqRgryTO-QokcuqogRyfHtYlQ==
age: 80749
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sevGIKUfRZlj%2B0hkSlqV%2FhyQrKJ%2FjtMb%2BCEcqzwQH6UZRQppREJfcFRnQwremHyibBQXe1N7KVGhKhrLC6hdbgeCN102wUNf5F2tSUD5rbG9n7GA%2FxXRQ9kzG1jwqxWycL0mOfx0ct0xxUWykL0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b1967effa6d699f-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 pxid Show response
f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co/v2.0/ 46 B
455 B 72ms
20ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co/v2.0/pxid?k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: d35f2b11af796bb5f5dbf368451a503a34d7bc85f2580c0f7735758f19a6b839

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 66
via: 1.1 google

GET
H/1.1 200
OK getuidj Show response
ib.adnxs.com/ 11 B
693 B 54ms
20ms XHR
application/json 185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:58:59 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3faff2d7-4317-405d-a699-fb9ca7ec3ab3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.nawa3em.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 f3a06674-ebb9-4b9d-ba8f-0052018c0687-models.bin Show response
cdn.permutive.com/models/v2/ 130 KB
91 KB 38ms
21ms XHR
application/x-binary 104.19.149.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/models/v2/f3a06674-ebb9-4b9d-ba8f-0052018c0687-models.bin
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.149.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd3ae658d92764786ba0806af5af69a9de6edbfea5cb9296ee509eff0c7ec999

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-oid: f3a06674-ebb9-4b9d-ba8f-0052018c0687
age: 2756
x-guploader-uploadid: ADPycduTH5qbk3keVgT2AiD3JB986pf5_04qmv-UuhUvUgf0Sqo0aFmGW2q7iQPOlMPYzrd1Zs1UKg4kLmYE9m8G6ssLMh1P1g
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/x-binary
content-length: 92206
last-modified: Sun, 21 Nov 2021 06:03:20 GMT
server: cloudflare
etag: "3df49594240d152f5d35c6c2a1a114b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=cmnvrg==, md5=PfSVlCQNFS9dNcbCoaEUtg==
x-goog-generation: 1637474600039627
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=300, no-transform
x-goog-stored-content-length: 92206
accept-ranges: bytes
cf-ray: 6b1967f059b95b44-FRA
expires: Sun, 21 Nov 2021 10:13:03 GMT

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 261 B
430 B 93ms
20ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 39c5031fa5e04352d50fff0f766f4c5f77f2e30a45fcf73d0470bd41cd041394

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 174
via: 1.1 google

POST
H2 200 watson Show response
api.permutive.com/v2.0/ 130 B
202 B 96ms
23ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 89ebb26a12f061e1e9df4728a22d9aab5c9141e47e3a594a1d7f179e02f5be4f

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 128
via: 1.1 google

GET
H3 200 foxpush_SDK_min.css
cdn.foxpush.net/sdk/ 21 KB
6 KB 32ms
20ms Stylesheet
text/css 2606:4700:3032::ac43:d706
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.foxpush.net/sdk/foxpush_SDK_min.css?v=1544652719
Requested by: Host: cdn.foxpush.net
URL: https://cdn.foxpush.net/sdk/foxpush_SDK_min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:d706 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e7a602e420b13bf0ec8bc909755748532f62765968b211fc33c1b15f5b12a8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 06 Jul 2021 20:47:38 GMT
server: cloudflare
etag: W/"5581-17a7d938997"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmQBKen2ZpGqKQH3KfmDcrX2ZRrEYVFCvCf522AMaXWA4clrQxy64i1HP7cLMbrtQHaEkUWtf3zCKVF51YSfO03S1pnNd0zGd3qfY13ybAzRrIQmg076KbT82EiHAnyeNak5FVs9f2N%2Fpj5hDNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cf-ray: 6b1967f08f444a85-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
BLOB 200
OK 1157ccec-f90f-4f28-a137-f0b3c518ad00
https://www.nawa3em.com/ 2 MB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nawa3em.com/1157ccec-f90f-4f28-a137-f0b3c518ad00
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 383207adb12fd1158865ed6a9d442e80799766b8616f866656e62d9842381cf8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length: 1607623

GET
BLOB 200
OK a544e131-7a8b-4ddd-bd94-14870a3bdead
https://www.nawa3em.com/ 22 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nawa3em.com/a544e131-7a8b-4ddd-bd94-14870a3bdead
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e297a19022cb164977e46e2cce4b9df5d0e5ed37d81239fc0581efe60a77234

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length: 22489

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 2052ms
1780ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nawa3em.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 435ms
48ms Script
application/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nawa3em.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
19 KB 441ms
441ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2420083087348925&correlator=2435740387536728&output=ldjh&impl=fifs&eid=21068767&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211121&iu_parts=7229%3A12215557%2CNawa3em%2CHomepage%2Cwebinterstitial&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90%7C728x90%2C1x1%2C300x250%7C300x600%2C1326x154%7C1x1%2C1x1&ists=9&fas=0%2C8%2C0%2C0%2C0&prev_scp=pos%3DLeaderboard%26adslot%3DLeaderboard%26m_mv%3DslotNoSlotData%26m_gv%3DslotNoSlotData%7Cpos%3Dwebinterstitial%7Cpos%3DMPU%2CN_W_Homepage%26adslot%3DMPU%26m_mv%3DslotNoSlotData%26m_gv%3DslotNoSlotData%7Cpos%3DSkinning%2Cjustpremium%7Cpos%3DOOP&cust_params=m_data%3D1%26m_safety%3Dsafe%26m_categories%3Dmoat_safe%26m_mv%3DdataAvailable%26m_gv%3DdataAvailable%26permutive%3D%26pt%3Dhomepage%26platform%3Dweb%26Topic%3D%25D8%25A7%25D9%2584%25D8%25B1%25D8%25A6%25D9%258A%25D8%25B3%25D9%258A%25D8%25A9%26puid%3D5017c06f-c0c8-49af-9bd1-00093b88e087%26ptime%3D1637492339244&cookie_enabled=1&bc=31&abxe=1&lmt=1637492339&dt=1637492339302&dlt=1637492330686&idt=582&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C-9%2C241%2C137%2C0&adys=234%2C-9%2C709%2C0%2C0&adks=4272098727%2C2747748132%2C3284825077%2C3066390315%2C1376437543&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nawa3em.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x94%7C0x-1%7C349x251%7C1600x5178%7C1600x5178&msz=970x90%7C0x-1%7C349x250%7C1600x-1%7C1600x-1&ga_vid=8495737.1637492335&ga_sid=1637492339&ga_hid=993438354&ga_fc=true&fws=4%2C2%2C4%2C4%2C4&ohw=1600%2C0%2C1600%2C1600%2C1600&btvi=0%7C-1%7C0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ce36fdea89e7aa0108703f38747e4b389fe5d30c2170ff9eda14790cc489e06c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,126229,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19584
x-xss-protection: 0
google-lineitem-id: -1,-2,-1,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2,-1,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nawa3em.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EF30 6 KB
4 KB 474ms
47ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 21 Nov 2021 10:58:59 GMT
expires: Mon, 21 Nov 2022 10:58:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 50ms
49ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

5130eb2b26589edc79df541561e0c40469fdb05a7a75566a61e580e1d473254e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13503
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 21 Nov 2021 10:58:59 GMT

POST
H2 200 identify Show response
api.permutive.com/v2.0/ 50 B
326 B 58ms
30ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: fbbe1611164e2a7bd0f2df1277fa74cf163d0408bb5bdeea9aaf1f0e1262ee9b

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 70
via: 1.1 google

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F718 77 KB
26 KB 54ms
54ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.foxpush.com
URL: https://www.foxpush.com/source/index.html?fox_domain=nawa3emcom.foxpush.net&hurl=https%3A%2F%2Fwww.nawa3em.com%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

e0d71e9e83d526a320cdee881361d1abcf386a92a21c116a31976690453bc75c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1050 / 205 of 1000 / last-modified: 1637363240"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26883
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 21 Nov 2021 10:58:59 GMT

GET
H2 200 learn
mena-gmtdmp.mookie1.com/t/v2/ Frame F718 43 B
324 B 99ms
20ms Image
image/gif 35.186.238.175
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mena-gmtdmp.mookie1.com/t/v2/learn?tagid=V2_961593&src.rand=0.41033290256705834
Requested by: Host: www.foxpush.com
URL: https://www.foxpush.com/source/index.html?fox_domain=nawa3emcom.foxpush.net&hurl=https%3A%2F%2Fwww.nawa3em.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.175 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 175.238.186.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F718 344 KB
116 KB 50ms
50ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 21 Nov 2021 10:58:59 GMT

POST
H2 200 tpd Show response
api.permutive.com/v2.0/ 2 B
90 B 21ms
21ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/tpd?k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 22
via: 1.1 google

POST
H2 200 segment Show response
api.permutive.com/adv/v2/ 14 B
78 B 28ms
28ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=true&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Sun, 21 Nov 2021 10:58:59 GMT
via: 1.1 google
server: Permutive
alt-svc: clear
content-length: 14
content-type: application/json

GET
H2

201

sync
api.permutive.com/v2.0/px/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=dbegppc&ttd_tpi=1&ttd_puid=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087
https://match.adsrvr.org/track/cmb/generic?ttd_pid=dbegppc&ttd_tpi=1&ttd_puid=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087
https://api.permutive.com/v2.0/px/sync?ku=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087&alias=92f72bed-4457-4294-b747-02ea75e5965d&type=tradedesk

35 B
107 B

21ms
21ms

Image
image/gif

34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.permutive.com/v2.0/px/sync?ku=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087&alias=92f72bed-4457-4294-b747-02ea75e5965d&type=tradedesk
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
via: 1.1 google
server: Permutive
alt-svc: clear
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://api.permutive.com/v2.0/px/sync?ku=40da2992-202e-46c3-bd6d-d27455ebb9ca,5017c06f-c0c8-49af-9bd1-00093b88e087&alias=92f72bed-4457-4294-b747-02ea75e5965d&type=tradedesk
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 377

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame F718 107 B
165 B 1878ms
1817ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.foxpush.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame F718 107 B
549 B 222ms
44ms Script
application/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.foxpush.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F718 347 B
177 B 169ms
168ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=6665606854018&correlator=2022986967849801&output=ldjh&impl=fifs&eid=31060437%2C44752585&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211121&iu_parts=21795300705%2CDSP_interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x480&cdm=www.foxpush.com&bc=31&abxe=1&lmt=1627501039&dt=1637492339506&dlt=1637492339279&idt=221&ea=0&frm=24&biw=-12245933&bih=-12245933&oid=2&adxs=-12245933&adys=-12245933&adks=665474176&ucis=i73ks4qzb6o0&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.foxpush.com%2Fsource%2Findex.html%3Ffox_domain%3Dnawa3emcom.foxpush.net%26hurl%3Dhttps%253A%252F%252Fwww.nawa3em.com%252F&ref=https%3A%2F%2Fwww.nawa3em.com%2F&top=https%3A%2F%2Fwww.nawa3em.com%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x0&ga_vid=1528502382.1637492340&ga_sid=1637492340&ga_hid=706439841&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

79c60a7febfc66e04d2ef222f332640ff1bcbc70a77f5c02f6517b1f546336aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foxpush.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3ECF 6 KB
4 KB 2130ms
1814ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 21 Nov 2021 10:58:59 GMT
expires: Mon, 21 Nov 2022 10:58:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 201 events Show response
api.permutive.com/v2.0/ 1 KB
814 B 26ms
26ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/events?enrich=true&sdkp=true&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 7b2ce0d77d6fe403e31483d94913f5f153d228ceefcea8c167edf1cf6eded0e2

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 742
via: 1.1 google

GET
H2 200 learn
ae-gmtdmp.mookie1.com/t/v2/ 43 B
106 B 77ms
22ms Image
image/gif 35.186.238.175
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ae-gmtdmp.mookie1.com/t/v2/learn?tagid=V2_969251&src.rand=%5Btimestamp%5D
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.175 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 175.238.186.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 container.html Show response
0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EFBE 6 KB
3 KB 37ms
36ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 21 Nov 2021 10:58:59 GMT
expires: Mon, 21 Nov 2022 10:58:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B829 6 KB
3 KB 36ms
36ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 21 Nov 2021 10:58:59 GMT
expires: Mon, 21 Nov 2022 10:58:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5622 624 B
297 B 218ms
217ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQla2PAhiTq9G6ATAB&v=APEucNUe4-7Y5tK224inMkJgSOcVMADBiXWraT22wfdRBzmSKzWf72rUi2lIfJ6nESfJCov6p2FgK-gvw9vzTeRYFFKZ5GMTLNb5VeF1McYOpLKeAPNOdKVad6BbBgkreh4ch9W0GtEe365kEnHx8lRclfWGr5BorxqCAKV-QTnUD1myMkQRmU8

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 21 Nov 2021 10:58:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EFBE 63 KB
29 KB 217ms
217ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BkB-NnIw_L5aNh_Aqb7CxE7Qfw0GyjwoduSAS-NZRG0jNIYAdIk6A5ZmFcSiZOh7H8FMJUncfcAIhMclCSgR_VXCzjqs7VeqO5ex-31RGKswBQjeZnEL_5vr-cYR8J_w4UIPQ6Kw9H8aDIAaA3IcVk2dukRA&dbm_d=AKAmf-DPe0nIcQTzya5Phsp6oXoxXO4vrXWL3JhObRqgFrH7LOFsnoiwWGic1H7eSUda2pDDxlCiJJisDrHYcoXk6OuUGS-cX-H0B0khqKIgwF1eerp4lQyq-rOrE1gyfjYej6oHFIh9i4I1gedliqLzkifqHbr73LjodTySpTHxz-mJxU4mGOI8XAYwhiYasioeKusb_M28DnZFYjdKamLrRcMVQDJEgMXh5-zVG894xYpd5rhBmqazyfncU9PVVA659qQr28eqBvnmecp8D7joSytO1GGB6120_RDTNVNiqWmoggM3Vu4djPLW-yKil60Z7KZ7RPgCtsHnK-T-bYJ4ivf5BFPnP08Hyl0XLhOV2vg3ZI8sjXeHupjO5BFZlGMz-I8tHBFzCKuRiJ5Fs4xQE0Uw809XYNRHDCLGoKvo1miIOtji5-tPVr4I0CBMMrIdl6D6a8re7C4Vnwfsd5RS3o-68mvHYx5KfcMYtgrVYMqmC58NkznWv2UYzawBGCEgkUbFnUBdhdDTW4hIWeNlC4TCdymJ8FptvVNsZaqqgK89w0KawBm5aDA0TM5hNpL96GKPl_s0cRJcL04ySM90A7KgH_dC_h65dbUoJJlAezLLZxBfUBHGS_nFX-XyWN-iZStNy6jvoMKNfTlDPNaJIPWkXsUbdzGAGPu67NOma9dxK8vxn43TiiHqzvQIaxmeqTPk1T22HwotmKy6u9vIul3Ggg1DgJPmXb2kinwNiOyBRjMe2SaiAzK1YpaLTlHxpDFi4UBmJnWvJ7iUXYmJHek6CCkdd1iHvwUsrInLiF4RPDVk0yaM2MHczXR8fJEaf8ndrgA0l2JdfnUxiNlho0rrhkEN41mnNwDxrZIB-77wvkXug7vGNkNgxhpymvNqYedfOWXSkrBAmUJlo624NExJ4whWBg7e6IErEolxtARnR3AdLAJtGA64vcSpj8hJ8o9qu8HsT4TbxYEkrjwKD5JDrgIO2zY1lMrJ7gIAqX6SmoY4K2JyYxN-nYasIHjPbuF14HiKbFyucDiSQOoDNz2RGnbmqkH5eHSPLPZKgO9cFZdZ2-ZeNJjfc4nIPQx-h6S7SCqqkk19nfugJlScRTZaEGRLgdbOG4cryqtkNUjkEt_QL68pd2NJJV736uRZHjoMXXKd-MSED5yRcnGi2eMObsmvB2YXrh5g0Yvr5zF8DegWlEaIRu4dpQoJwI5oAfOyRrPYTT-W3b4LqZKHVAl4QqTGEZob0QZhe0leGXxHyHjk4mZaWGuaxcdJ9dXZOoEL32wEUulpCtQ8kcw93ucwepWC2cNoVW90w3KnfjCachw4ygQ1vjC5R12d52Lkwjz3SMMAVn4WYBhLs9O5-1Vsp7XZds1iInpKAIgU97f16DjxWdNlUKxmvKouE9OE_8qAPUed4U4NgHTih7yxCAmgG8pW09K6tHRoO3qBbW_C03acogPHxhDfx6hGpQHCKqOLS6HDHcbaAectst2hPuZksgH71keXd_L7fUyDWzgmzfyC6MNiCfmxHY_8vFPD0BQfqF--35fXoNnlReAwf0iKaytHe6yufIiCnutmLJot4M1Fw5DjIQnpBJabxAUgSDxLsQS0bDXbvco13c9PfeOShtfCMAVdtq2H1Ewy5kHDyuHfC-zG4g89xigIZ884i9XM_YSe9drnkF2chPJ-Rfz87SI2tVV2PVLFlJ4BlXCla6Bro8mp-naoK0pMhtpLFq0dIfm6BBWg4nhe2ZPW89hubLAAAwvy8YIqpXS2wqd-f5A8pZqT6NwD1Y2ye2iHXRTxQOhk4MNBMy35QAID6jw-hz8iryY8hFoS1Fj7LnB6rokte25ITy3MC9nwisPag0TY8EKQ3e817z_R7sKeLRJ5GuAZ0ORayI9Nyi7iJfKWU4S_ehQd9gBpF_Mtgfm_XTAbzmKMN1ED24dFCtESJmHl06G4wkc2B4cgxcD9RO7LoWTaoQHmgwNOVyJmM3f0IODoS4U7_s9qRlwcBiM24sA1XG1kNRIvqx51qES-Pr9KKMgPULE3wadmGV7PIQe2XyAsycMJlwPCODgraqfA7-6SarLhgHTFyDh-fKKGy_NZ-o9cLDXwSdfiIVit6jEtPaRmn1gJXfGmtX9-XMtwJVMVD3avPxyKk7cDGDZCvF8U---1oEJU_09qXXbi4Wp6W29B3Dzl-OCUlnKTKfg8H3o6VEg3o8z58-Mdz_j-Dh7_nJOwcx_hD1ZGb-zOC-hJjqg9YMO8HZf2eoV7JHZSWYZ8mXDcKZ-KU7UiJQsglB-8-iF2FfOe-Nn3FhG8XUQjNsYzL5fK-ZWRIDZdPxXumooBWOQXqn2KTgOIs_w_ugb2i6FBThgV-geI_R7dIkozHPAMOtj0_KAGA0DbFyM4X7JgOlz-YyWHaypd8i_zU-LcPQE9VusV9OhSmsZtYdFzSRuCK7VC2rODjQuj1LHz5EgPDTlt_4DRIlVzaLrIxXv3dDuqsAahS85gxebhVq_zWuYZCSXNe_KeQvjDtPtVU6INJxR2nScP5LNj6mZfq95lx4UxFdrYRCiK81CiFyOed9IuJguYfAhfA0bR_rcHfDWNHBphkaBly63nW_YtGWrePyFDDur9L7qV_E_piY4_1TVyTBZcIEvgTBveAHveJu2EhMOh6Q3ji25AqFFJRxl8U11vw2qXY_FASlR-g0I-19tLa60df4OUwHw217LBGYkcAuw-4UlI7GfGW59QJt_7TTa9WujmfpeolEHOO02Kd-QtTDnQ60EH8zuWkwJu4nHy0PX5YuNSGF7w2NxAYWwqGqkkoFJhJuaeSmGUdV4rgcE0n5_OLtp8H-tbMkjCNcaQd8uuQUSkcMXwqe7jl6bygFdpCa67XepJtHUVNmv1qEtdYjA3UsuWD5wfbi235f_kPGIeoWtZNFnAKutTSzpxLJMz_eYd_otNSGLzchrz5NuOEuOTDRsyivIbxqJfmcpLh1sAMuyx0plqyIiCwZGl5Z1uVuQs9mHB7lLUSBTZmXafWCR7dtlQYImFDtY5zcG6mDx_qWzr2LXqDMf8oaVcSOx0YnhGOmf-BKXawvSj2qZWVALINKzrQX9lLu7ljd1odqsgx-Rje1o3sHuuYe2WDymwi47ioztXnmtL7qANd-bEdnLz&cid=CAASEuRovThEs7tPYbYZ9Dg4z-EwVQ&rfl=1%2Chttps%253A%252F%252Fwww.nawa3em.com%252F%240

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a062dc5d11b8c7eec19cbd0d3c1d2b7c6064e0493bf8b73f73aa956a357a7a52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29993
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EFBE 42 B
173 B 70ms
69ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DOZdIUewHPkkq6oLWVAic3xrMY559CbP98qRpw02mU27sg5tSrccYX44NgxRWeadrssYoxGvrYkEEet4woSzbvAc6bPjMPq2c7mbxfDjg21InpM-s

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EFBE 2 KB
1 KB 464ms
80ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:55:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Dec 2021 10:55:04 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EFBE 15 KB
7 KB 423ms
39ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:39:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Dec 2021 10:39:45 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EFBE 119 KB
37 KB 443ms
56ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 21 Nov 2021 10:59:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B829 0
0 79ms
79ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2KbKcyaaYazWFvnZ-gaEhqm4CO6StZNcv6KFx-QFwI23ARABIABgleKQgqAHggEXY2EtcHViLTI1NzcyMTk4NDA0MzUzNzHIAQngAgCoAwGqBOUBT9AKJre90vQNpmx7XGgICaL6Gpr-S7teAiPJN0hCfNwlIE7OwpILr7W3WVVK6cheQ3SRV4EKti70BBfkeELMbbMFvz7SUepTO5zV8cRPBkYTto5QxJM-rwCYwbsIErdPUcVewWOTvX-vOSiZmp0xM4o2OlP1inpz6ArAAJ5Oifc8r_bEAD7505GU6dl1EVq8jTBB7bJe9507-8PAivYw4cCVbntzti6IlFPWAPEdF4-Wm1V7HspGhnqdhMkxKbr_v1iWiNZJi9t4jLna0vJln470LXhBKSd73QE5RuFLrZhEp0ghNuAEAYAGnvmiupHOooF4oAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTYzOTc2MzA5MTk5MjMwOTKACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMjU3NzIxOTg0MDQzNTM3MRjPshI&sigh=XLkdRy9Qguk&uach_m=[UACH]&cid=CAQSOwCNIrLMdakKhARkix3QlbsCByrgzxtV8sptEp1OskLjRD5mBEmI44QxcmVFtqj4XP1CcVWecIT_wtWdGAE
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 ttj Show response
ib.3lift.com/ Frame B829 4 KB
2 KB 45ms
8ms Script
application/javascript 18.66.97.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/ttj?inv_code=ChoueiriGroup_RON_HDX
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c23aeace07f5e5962e24a5b7f2b7ac9ac9792345708b820d55c6b897edc0b22c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:56:58 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
age: 141
etag: "7a1ec53b2d2ffc5ebd0dd63edbd0300a"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P2
content-encoding: gzip
content-length: 2064
x-amz-cf-id: 5uQgoc0o0C9ZaTiLqm4bulGbfOhL9A0LBsj8hiqLld4DWJJ9TFXghA==

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame B829 2 KB
1 KB 461ms
80ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:55:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Dec 2021 10:55:04 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame B829 15 KB
6 KB 429ms
48ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:39:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Dec 2021 10:39:45 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B829 22 KB
7 KB 422ms
41ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 12:34:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 167056
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 19 Nov 2022 12:34:44 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B829 119 KB
36 KB 489ms
105ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 21 Nov 2021 10:59:00 GMT

GET
H2 200 notify
tlx.3lift.com/s2s/ Frame B829 37 B
184 B 31ms
8ms Image
image/gif 18.157.172.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tlx.3lift.com/s2s/notify?px=1&pr=YZomcwAFqywK3qz5AApDBJctfiITY_T1Wg5bWA&ts=1637492339&aid=61298537921973506210&ec=2460_122103_57959957&n=GqcEaHR0cDovL2IxLWV1ZGMxLnplbWFudGEuY29tL2JpZGRlci93aW4vdHJpcGxlbGlmdF9kaXNwbGF5LzA3YjNmYThiLTRhYmEtMTFlYy1hY2EzLWQ5NzhkN2QzYTkyNC8wLjAzMi9aTVJaTFlHNzVEVzZQNUlSUExOSzRFRUVKNUtVSVI0WEVOSURMVEFJUUZKVUgyVUFIUDNTSU4zVU41UVZSM0xPMjdQUkhMVFk2NUlKUjY3T0xLQVBPR00yQkxTSDdRNDU1N1BaSFNNTkNWVllDV0tGVDJBVFU2RkQ2TTNRMldYTVJKNFVHWEZaVlZQVzVYVkpJNUJSWko1WFY0SVA1TDQ0VTJYNlVaRUFWQzJLV0FST1BRQjVMTk1BQlczU1JJS1dPRVFET1kzN0RCM1VETkVOWUVINTdJQkJGVUtURFdNMzVJS0dCVVBXUlgyWEY2Nk9SU1pEUjZTSzRZR0cyRlNMVUE3UlFaQUpOSldRVU9RN0FFUlZXWDJKMlk0N1ROU05HUkhDSVJaSE1YWEtIS1BaWFpQSkpNSllPRDI2SDY1UzJPTjRGQUY0RzNWSTJSQkI1SUFYNTNOQkNLN0ZDMkhERUpMVDdXWkdEN0RJUlNFN0RaWFFRN0w0RDVYWEFVU01DV1NVRUdSRVRYNDRSVk83TEUzUjQzQ1FFNlVPT1I1T1JaRkRGMlhSRVBXM1UzMlJTQlVWT0VIVTZRWUo1RFZQLz%2FyArQBCAASFDYxMjk4NTM3OTIxOTczNTA2MjEwGAAgASicEzD3uQdAAUgAUABgCmgAcMHBIpABAJgBAKgBALABILgBCcABGcgBIOABF%2FABAPgBIIACGYgCF5ECAAAAAAAA8D%2BZAs3MzMzMzMw%2FoQIAAAAAAADwP6gCALACAMgCBNgCAPECZmZmZmZm5j%2F4Ar8xgAOsAogD2ASQAwCYAwCgAwC4A5XMBsADAMgDANIDCDU3OTU5OTU3%2BAIFiAMAkgMEZGJhOA%3D%3D
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.172.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-172-39.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 pe
eb2.3lift.com/ Frame B829 37 B
140 B 27ms
9ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/pe?fid=10&peid=0&aid=61298537921973506210
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 bundle.js Show response
ib.3lift.com/rev/7f5a3da7c5d0d0b6642ecf7669e5ce2d6ac891dc/dist/ Frame B829 243 KB
78 KB 7ms
7ms Script
text/javascript 18.66.97.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/rev/7f5a3da7c5d0d0b6642ecf7669e5ce2d6ac891dc/dist/bundle.js
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/ttj?inv_code=ChoueiriGroup_RON_HDX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a73d090d53ab980bddb3411be0853cfd976b978b77130ff3615fd812a93db2d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 19:59:04 GMT
content-encoding: gzip
last-modified: Thu, 18 Nov 2021 19:58:54 GMT
server: AmazonS3
age: 226796
etag: "576896d4b32e3186ec12324a624696a8"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
cache-control: max-age=31536000, immutable
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 79101
x-amz-cf-id: vmGVHX_ioJDeIrExLmp9ndviNEPvJtGO28mZjn7RHjDDqokc5zDTZg==

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6344 1 KB
864 B 36ms
36ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Nov 2021 13:26:12 GMT
expires: Sun, 21 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77567
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 r
eb2.3lift.com/ Frame B829 37 B
139 B 9ms
8ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/r?inv_code=ChoueiriGroup_RON_HDX&aid=61298537921973506210&rev=7f5a3da&ss=5&bc=0.032&pr=can%27t%2520access%2520top%2520document&brid=565441&bmid=2460&biid=6335&bcud=32&sid=122103&ts=1637492339&caid=0&unid=0&domain=0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com&ref=https%253A%252F%252Fwww.nawa3em.com%252F&rr=creative&fid=10&rb=0&g=0&cb=83338
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
DATA 200
OK truncated Show response
/ Frame 1BB4 26 B
0 Script
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame B829 3 KB
3 KB 7ms
6ms Image
image/png 18.66.97.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 10:50:16 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:36 GMT
server: AmazonS3
age: 518924
etag: "ddf020e069f1706b72b7698b28fede09"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 3125
x-amz-cf-id: 0dxCl8cAxlWx738rlwUq3eJoDfwP_N3vdl3NzOwqcJ5YJrEFED-sQw==

GET
H2 200 OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame B829 3 KB
4 KB 8ms
7ms Image
image/png 18.66.97.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 17:25:46 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:31 GMT
server: AmazonS3
age: 583446
etag: "7ceab27af00fa466072a3c3360041755"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 3518
x-amz-cf-id: avnrCjd0fIG6lkLhOBMLMDAk5ul83JtKKG64p3-dAx7372MqDk79pQ==

GET
H2 200 widget-300x600.js Show response
widgets.zemanta.com/1629452000/ Frame CA8B 5 KB
3 KB 44ms
6ms Script
application/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.zemanta.com/1629452000/widget-300x600.js
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/rev/7f5a3da7c5d0d0b6642ecf7669e5ce2d6ac891dc/dist/bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e567b34778c84cbb82c8f3f13939bdfc2ed41adac580133ad66ac5dc0ef2c341

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 04SgvfeNIpOY9aQQAN2GvtPr_bH0Uuoe
content-encoding: gzip
etag: "fd325418236fb5058ce4e29bbea639c8"
age: 3442
x-cache: HIT
content-length: 2201
x-amz-id-2: VALcVDvBgatpIJgFMurn+0R9JkDK9vGiqb9j6n2eySZMqgRSiw8w3txKltDmOYogbEp1ZkbZUTQ=
x-served-by: cache-hhn4036-HHN
last-modified: Fri, 20 Aug 2021 09:35:27 GMT
server: AmazonS3
x-timer: S1637492340.985200,VS0,VE0
date: Sun, 21 Nov 2021 10:58:59 GMT
vary: Accept-Encoding
x-amz-request-id: VZAHDH1K102B69FG
via: 1.1 varnish
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 745

GET
H2 200 aop
eb2.3lift.com/ Frame B829 37 B
139 B 9ms
9ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/aop?inv_code=ChoueiriGroup_RON_HDX&aid=61298537921973506210&rev=7f5a3da&ss=5&bc=0.032&pr=can%27t%2520access%2520top%2520document&brid=565441&bmid=2460&biid=6335&bcud=32&sid=122103&ts=1637492339&caid=0&unid=0&domain=0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com&ref=https%253A%252F%252Fwww.nawa3em.com%252F&rr=creative&fid=10&rb=0&g=0&cb=67161
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET /
google2waycm.netmng.com/cm/ Frame 6344 0
0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 6344 70 B
264 B 33ms
32ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEL4mo_TeHL769cJBHquHD88&google_cver=1&google_push=AYg5qPLnO6uCL6SUJ1LYYClN4HKISL0a5sCltbFYGMf9IodIGxmhx66pXtN6tHN-O6Bq1pbfG22HrYCXWQHFNJvvdtVQnA-_7dQ
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6344
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESELtAipaHFyVV3tHxQdGOEgA&google_cver=1&google_push=AYg5qPJmWvhd4Cyw3mDz16TCnyn_ukw6kKBPC2R1TRfriH3XNNDxnkgOBy9wxvscWG8mDD2axvTJlLNhxyr...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJmWvhd4Cyw3mDz16TCnyn_ukw6kKBPC2R1TRfriH3XNNDxnkgOBy9wxvscWG8mDD2axvTJlLNhxyrYoWdqrlfKek4hQYGw&google_hm=2dxAM7INQN6sODPLR74KdKk

170 B
188 B

52ms
52ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJmWvhd4Cyw3mDz16TCnyn_ukw6kKBPC2R1TRfriH3XNNDxnkgOBy9wxvscWG8mDD2axvTJlLNhxyrYoWdqrlfKek4hQYGw&google_hm=2dxAM7INQN6sODPLR74KdKk

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:58:59 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJmWvhd4Cyw3mDz16TCnyn_ukw6kKBPC2R1TRfriH3XNNDxnkgOBy9wxvscWG8mDD2axvTJlLNhxyrYoWdqrlfKek4hQYGw&google_hm=2dxAM7INQN6sODPLR74KdKk
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6344
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENjSJGrdndS0rXnoqFjzEDE&google_cver=1&google_push=AYg5qPJHOod62zHd0dwBmFLGRIF99vbX5-3938yLaALv7mX8kIwSkApopMnrGNcptJxXiRi3j9NVhZHYLTh_rOtI...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=s--pAp-wQ_iAg04HH6NfTg2&google_push=AYg5qPJHOod62zHd0dwBmFLGRIF99vbX5-3938yLaALv7mX8kIwSkApopMnrGNcptJxXiRi3j9NVhZHYLTh_rOtIJPKa756RFQyb

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=s--pAp-wQ_iAg04HH6NfTg2&google_push=AYg5qPJHOod62zHd0dwBmFLGRIF99vbX5-3938yLaALv7mX8kIwSkApopMnrGNcptJxXiRi3j9NVhZHYLTh_rOtIJPKa756RFQyb

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 21 Nov 2021 10:59:00 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=s--pAp-wQ_iAg04HH6NfTg2&google_push=AYg5qPJHOod62zHd0dwBmFLGRIF99vbX5-3938yLaALv7mX8kIwSkApopMnrGNcptJxXiRi3j9NVhZHYLTh_rOtIJPKa756RFQyb
x-host: tde-deliveryengine-production-d7b5884bf-6xk76
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6344
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPyXl48KpLUABHhEt1o9184&google_cver=1&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKPwx...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPyXl48KpLUABHhEt1o9184&google_cver=1&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEz...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg5NzcyMDU5ODY1OTM5ODY3MA&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKP...

170 B
188 B

45ms
45ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg5NzcyMDU5ODY1OTM5ODY3MA&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKPwxYljLN90GtXk-p4l_j54

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTg5NzcyMDU5ODY1OTM5ODY3MA&google_push=AYg5qPK1fAdLXJSaJtbHWz_Wa0QtDsrOwsu2WU0dxXdHAyepK4TBa9ZBetio2ta2KnwSJI7HNEzcKPwxYljLN90GtXk-p4l_j54
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6344
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHBefahZIG7W5ubzcjydC5M&google_cver=1&google_push=AYg5qPIJVFNfvAiXf-kige9xropi3U18mxyAm0DSO7T6vUC5qvv9oWUah9nEDaMLgW0MkwcLlGP...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1c5NE5TNUItSy0yMjMw&google_push=AYg5qPIJVFNfvAiXf-kige9xropi3U18mxyAm0DSO7T6vUC5qvv9oWUah9nEDaMLgW0MkwcLlGPIIkqAafcU5dzx63g_w1UmTBG4

170 B
188 B

45ms
44ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1c5NE5TNUItSy0yMjMw&google_push=AYg5qPIJVFNfvAiXf-kige9xropi3U18mxyAm0DSO7T6vUC5qvv9oWUah9nEDaMLgW0MkwcLlGPIIkqAafcU5dzx63g_w1UmTBG4

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1c5NE5TNUItSy0yMjMw&google_push=AYg5qPIJVFNfvAiXf-kige9xropi3U18mxyAm0DSO7T6vUC5qvv9oWUah9nEDaMLgW0MkwcLlGPIIkqAafcU5dzx63g_w1UmTBG4
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: c52bde874ac36e8646ae455e9e84952e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6344
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEM...
https://sync.targeting.unrulymedia.com/csync/RX-08baef0b-ff37-4d84-8125-05fc1b4d80ca-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKB9qaOUBr64KUy5ASlR...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKB9qaOUBr64KUy5ASlRjj-JSpZR8yb67r-yH6PA8YMYQ2LZcZ3oZddGrbNwQzP_HRtNoFQjNnFUl13MKvMXafX2U1K5UFs&google_hm=Awi67wv_N02EgSUF_BtNgMo

170 B
188 B

45ms
45ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKB9qaOUBr64KUy5ASlRjj-JSpZR8yb67r-yH6PA8YMYQ2LZcZ3oZddGrbNwQzP_HRtNoFQjNnFUl13MKvMXafX2U1K5UFs&google_hm=Awi67wv_N02EgSUF_BtNgMo

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKB9qaOUBr64KUy5ASlRjj-JSpZR8yb67r-yH6PA8YMYQ2LZcZ3oZddGrbNwQzP_HRtNoFQjNnFUl13MKvMXafX2U1K5UFs&google_hm=Awi67wv_N02EgSUF_BtNgMo
date: Sun, 21 Nov 2021 10:59:00 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX08baef0bff374d84812505fc1b4d80ca003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6344 0
12 B 44ms
43ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LQANPWic6svdxGyaK8ie7TVPyABPmDZ60Kgs3HILssQ1BRdINEoqoby7CHlR3b3K7j7qtG

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK /
b1t-eudc1.zemanta.com/t/imp/impression/4I7QK4HDIOEGESO5BEITO7VUSX44EL2GL3RHU5HZ25ALSVH3A4MQ6JKJIIH36A5IWTJSKWFFJQZANOAUVCEKJXIOA7SASQBSJZUT3WKBJMACCMYT5ZY7I5I2XXCPW65H5FRIIYOXGQ5W3NARBAD65NEL44PRJG... Frame CA8B 26 B
151 B 69ms
14ms Image
image/gif 213.227.153.220
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1t-eudc1.zemanta.com/t/imp/impression/4I7QK4HDIOEGESO5BEITO7VUSX44EL2GL3RHU5HZ25ALSVH3A4MQ6JKJIIH36A5IWTJSKWFFJQZANOAUVCEKJXIOA7SASQBSJZUT3WKBJMACCMYT5ZY7I5I2XXCPW65H5FRIIYOXGQ5W3NARBAD65NEL44PRJGEVPBEBIZNZTEZLQMR3JTF4MTT7CJGCKKPNKICPD25XGDSZISIZTTTD523CK52IADKKVZDGI4DEUVWDV76KVLPPKTJ7YXDCIBRKYNXUTZDTLT5LQURGMS64KQGMYCQMACWNNKDNNFMCSBAGELH64YF4XIWPXX7TPF3UFY3OPXWGSFQNJZKTKM4NH6P7BN3BI6GIXCCMCSWKO7EPUHYQD3VQ/?
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.227.153.220 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: v182.ce13.ams-01.nl.leaseweb.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 21 Nov 2021 10:59:00 GMT
Connection: keep-alive
Content-Length: 26
Content-Type: image/gif

GET
H2

200

p2
sb.scorecardresearch.com/ Frame CA8B
Redirect Chain

https://sb.scorecardresearch.com/p?c1=7&c2=14320224&c3=123456&cv=2.0&cj=1&cs_ucfr=0
https://sb.scorecardresearch.com/p2?c1=7&c2=14320224&c3=123456&cv=2.0&cj=1&cs_ucfr=0

64 B
330 B

9ms
9ms

Image
image/gif

13.32.121.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=7&c2=14320224&c3=123456&cv=2.0&cj=1&cs_ucfr=0
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 13.32.121.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-37.fra60.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f63.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: 39M7Z_W4wc5KvWlJK2YH3eQDoForeXrJaCZqB2zSuxbfE-SsAWiKEw==

Redirect headers

date: Sun, 21 Nov 2021 10:59:00 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f63.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=7&c2=14320224&c3=123456&cv=2.0&cj=1&cs_ucfr=0
content-length: 106
x-amz-cf-id: cSn6dKIjcPEyarB0DKop0RvKq4KA47zrXURZJYWoE6TjBrtxtBDxmw==

GET
H2 200 41f5d46703235c07c0c8c1411b5820a87f.jpg
zem.outbrainimg.com/p/srv/sha/d5/f9/35/ Frame CA8B 36 KB
37 KB 47ms
7ms Image
image/jpeg 151.101.14.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zem.outbrainimg.com/p/srv/sha/d5/f9/35/41f5d46703235c07c0c8c1411b5820a87f.jpg?w=298&h=374&fit=crop&crop=center&fm=jpg

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

1dd5319df9a79d0e71f7a1cc27b0b9609bb8e8c5296fc2f322864cb9e47dc44a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 429111
x-cache: MISS, MISS, HIT
x-imgix-id: c5b1d0913a42b4b0fe5a32613fd8df84b6b16142
content-length: 37288
x-served-by: cache-sjc10073-SJC, cache-fra19120-FRA, cache-fra19123-FRA
last-modified: Tue, 16 Nov 2021 11:47:09 GMT
server: imgix
x-timer: S1637492340.039587,VS0,VE1
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
x-cache-hits: 1

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5622
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1&C=1

43 B
1014 B

13ms
13ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQla2PAhiTq9G6ATAB&v=APEucNUe4-7Y5tK224inMkJgSOcVMADBiXWraT22wfdRBzmSKzWf72rUi2lIfJ6nESfJCov6p2FgK-gvw9vzTeRYFFKZ5GMTLNb5VeF1McYOpLKeAPNOdKVad6BbBgkreh4ch9W0GtEe365kEnHx8lRclfWGr5BorxqCAKV-QTnUD1myMkQRmU8
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 21 Nov 2021 10:59:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sun, 21 Nov 2021 10:59:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5622
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZomdPGotdHf-fcpLZ44xQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1

43 B
894 B

16ms
15ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQla2PAhiTq9G6ATAB&v=APEucNUe4-7Y5tK224inMkJgSOcVMADBiXWraT22wfdRBzmSKzWf72rUi2lIfJ6nESfJCov6p2FgK-gvw9vzTeRYFFKZ5GMTLNb5VeF1McYOpLKeAPNOdKVad6BbBgkreh4ch9W0GtEe365kEnHx8lRclfWGr5BorxqCAKV-QTnUD1myMkQRmU8
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 21 Nov 2021 10:59:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMvRv8lQyfU6w4McuUP0mAY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5622
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEL3goc7pVg5zhHj5WBB7YSU&google_cver=1

43 B
1008 B

32ms
31ms

Image
image/gif

185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEL3goc7pVg5zhHj5WBB7YSU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQla2PAhiTq9G6ATAB&v=APEucNUe4-7Y5tK224inMkJgSOcVMADBiXWraT22wfdRBzmSKzWf72rUi2lIfJ6nESfJCov6p2FgK-gvw9vzTeRYFFKZ5GMTLNb5VeF1McYOpLKeAPNOdKVad6BbBgkreh4ch9W0GtEe365kEnHx8lRclfWGr5BorxqCAKV-QTnUD1myMkQRmU8

Protocol

HTTP/1.1

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 07e230b9-0515-4f81-b7e1-3c9cb7ea00f0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEL3goc7pVg5zhHj5WBB7YSU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5622
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMzNjk3MjY5NTI2ODcyNDg4Nw%3D%3D

170 B
188 B

46ms
46ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMzNjk3MjY5NTI2ODcyNDg4Nw%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 95023df7-ad8b-4f68-83fc-b46a957589ee
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMzNjk3MjY5NTI2ODcyNDg4Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
180 B 19ms
19ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 746d5b1c29eb5e4f93d30ff972aeade5e6a616348a03055fe2201b333b900c90

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 112
via: 1.1 google

GET
DATA 200
OK truncated
/ Frame B829 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbbc829aa68f15f2e2f3cc36e7b8f05f8290dc8fee1377e1231ce0f90dfae57e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 616E
Redirect Chain

https://eb2.3lift.com/sync?max=10&cb=68523
https://eb2.3lift.com/sync?max=10&cb=68523&ld=1

1 KB
1 KB

9ms
9ms

Document
text/html

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/rev/7f5a3da7c5d0d0b6642ecf7669e5ce2d6ac891dc/dist/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: 84554758a736af6b2db380660060292027ea7eecf19d80f56c0a607b68e35843

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
content-type: text/html; charset=utf-8
content-length: 463
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

date: Sun, 21 Nov 2021 10:59:00 GMT
content-length: 0
location: /sync?max=10&cb=68523&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 616E 70 B
264 B 32ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

xuid
eb2.3lift.com/ Frame 616E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDhWv2oW5KXVnWHYMHEL-ZE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1

37 B
353 B

10ms
10ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDhWv2oW5KXVnWHYMHEL-ZE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDhWv2oW5KXVnWHYMHEL-ZE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 616E
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTczNTY0MDc5NDUzNDE2Njc5MzU%3D

170 B
188 B

45ms
45ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTczNTY0MDc5NDUzNDE2Njc5MzU%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTczNTY0MDc5NDUzNDE2Njc5MzU%3D
date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 616E 0
596 B 524ms
182ms Image
text/plain 2620:119:50e7:101::9002:e05
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=17356407945341667935&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e7:101::9002:e05 San Francisco, United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lor1
content-length: 0
x-li-uuid: unEJspuKuRYgeQeBUisAAA==

GET
H2

200

xuid
eb2.3lift.com/ Frame 616E
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/17356407945341667935?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-9QpXgDxE2oSbZaCcKZfT6t1eJwhUfo_qZXw2r5IM1w--~A&dongle=0883

37 B
353 B

9ms
9ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-9QpXgDxE2oSbZaCcKZfT6t1eJwhUfo_qZXw2r5IM1w--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Sun, 21 Nov 2021 10:59:00 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-9QpXgDxE2oSbZaCcKZfT6t1eJwhUfo_qZXw2r5IM1w--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 616E 43 B
220 B 44ms
7ms Image
image/gif 18.194.231.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=17356407945341667935&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.231.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-231-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 21 Nov 2021 10:59:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 c.gif
c.bing.com/ Frame 616E 42 B
592 B 51ms
32ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=17356407945341667935&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
etag: "f95a3e4769d2d71:0"
last-modified: Fri, 05 Nov 2021 17:19:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 403EC5D29F424F70B8F8D59F83DC56AF Ref B: FRAEDGE1206 Ref C: 2021-11-21T10:59:00Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 616E
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=17356407945341667935
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=17356407945341667935&dcc=t

0
0

102ms
102ms

Image
text/html

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=17356407945341667935&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: HTTP/1.1
Server: 52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: RK8754NA8FTEFR2GN857
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=17356407945341667935&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 616E
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

9ms
8ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Sun, 21 Nov 2021 10:59:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H2

200

xuid
eb2.3lift.com/ Frame 616E
Redirect Chain

https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=4771&xuid=3985943309443916811&dongle=d407

37 B
353 B

10ms
10ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=4771&xuid=3985943309443916811&dongle=d407
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=68523&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://eb2.3lift.com/xuid?mid=4771&xuid=3985943309443916811&dongle=d407
pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/873249/58417267/ Frame EFBE 46 KB
13 KB 162ms
56ms Script
application/javascript 52.50.243.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/873249/58417267/skeleton.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BkB-NnIw_L5aNh_Aqb7CxE7Qfw0GyjwoduSAS-NZRG0jNIYAdIk6A5ZmFcSiZOh7H8FMJUncfcAIhMclCSgR_VXCzjqs7VeqO5ex-31RGKswBQjeZnEL_5vr-cYR8J_w4UIPQ6Kw9H8aDIAaA3IcVk2dukRA&dbm_d=AKAmf-DPe0nIcQTzya5Phsp6oXoxXO4vrXWL3JhObRqgFrH7LOFsnoiwWGic1H7eSUda2pDDxlCiJJisDrHYcoXk6OuUGS-cX-H0B0khqKIgwF1eerp4lQyq-rOrE1gyfjYej6oHFIh9i4I1gedliqLzkifqHbr73LjodTySpTHxz-mJxU4mGOI8XAYwhiYasioeKusb_M28DnZFYjdKamLrRcMVQDJEgMXh5-zVG894xYpd5rhBmqazyfncU9PVVA659qQr28eqBvnmecp8D7joSytO1GGB6120_RDTNVNiqWmoggM3Vu4djPLW-yKil60Z7KZ7RPgCtsHnK-T-bYJ4ivf5BFPnP08Hyl0XLhOV2vg3ZI8sjXeHupjO5BFZlGMz-I8tHBFzCKuRiJ5Fs4xQE0Uw809XYNRHDCLGoKvo1miIOtji5-tPVr4I0CBMMrIdl6D6a8re7C4Vnwfsd5RS3o-68mvHYx5KfcMYtgrVYMqmC58NkznWv2UYzawBGCEgkUbFnUBdhdDTW4hIWeNlC4TCdymJ8FptvVNsZaqqgK89w0KawBm5aDA0TM5hNpL96GKPl_s0cRJcL04ySM90A7KgH_dC_h65dbUoJJlAezLLZxBfUBHGS_nFX-XyWN-iZStNy6jvoMKNfTlDPNaJIPWkXsUbdzGAGPu67NOma9dxK8vxn43TiiHqzvQIaxmeqTPk1T22HwotmKy6u9vIul3Ggg1DgJPmXb2kinwNiOyBRjMe2SaiAzK1YpaLTlHxpDFi4UBmJnWvJ7iUXYmJHek6CCkdd1iHvwUsrInLiF4RPDVk0yaM2MHczXR8fJEaf8ndrgA0l2JdfnUxiNlho0rrhkEN41mnNwDxrZIB-77wvkXug7vGNkNgxhpymvNqYedfOWXSkrBAmUJlo624NExJ4whWBg7e6IErEolxtARnR3AdLAJtGA64vcSpj8hJ8o9qu8HsT4TbxYEkrjwKD5JDrgIO2zY1lMrJ7gIAqX6SmoY4K2JyYxN-nYasIHjPbuF14HiKbFyucDiSQOoDNz2RGnbmqkH5eHSPLPZKgO9cFZdZ2-ZeNJjfc4nIPQx-h6S7SCqqkk19nfugJlScRTZaEGRLgdbOG4cryqtkNUjkEt_QL68pd2NJJV736uRZHjoMXXKd-MSED5yRcnGi2eMObsmvB2YXrh5g0Yvr5zF8DegWlEaIRu4dpQoJwI5oAfOyRrPYTT-W3b4LqZKHVAl4QqTGEZob0QZhe0leGXxHyHjk4mZaWGuaxcdJ9dXZOoEL32wEUulpCtQ8kcw93ucwepWC2cNoVW90w3KnfjCachw4ygQ1vjC5R12d52Lkwjz3SMMAVn4WYBhLs9O5-1Vsp7XZds1iInpKAIgU97f16DjxWdNlUKxmvKouE9OE_8qAPUed4U4NgHTih7yxCAmgG8pW09K6tHRoO3qBbW_C03acogPHxhDfx6hGpQHCKqOLS6HDHcbaAectst2hPuZksgH71keXd_L7fUyDWzgmzfyC6MNiCfmxHY_8vFPD0BQfqF--35fXoNnlReAwf0iKaytHe6yufIiCnutmLJot4M1Fw5DjIQnpBJabxAUgSDxLsQS0bDXbvco13c9PfeOShtfCMAVdtq2H1Ewy5kHDyuHfC-zG4g89xigIZ884i9XM_YSe9drnkF2chPJ-Rfz87SI2tVV2PVLFlJ4BlXCla6Bro8mp-naoK0pMhtpLFq0dIfm6BBWg4nhe2ZPW89hubLAAAwvy8YIqpXS2wqd-f5A8pZqT6NwD1Y2ye2iHXRTxQOhk4MNBMy35QAID6jw-hz8iryY8hFoS1Fj7LnB6rokte25ITy3MC9nwisPag0TY8EKQ3e817z_R7sKeLRJ5GuAZ0ORayI9Nyi7iJfKWU4S_ehQd9gBpF_Mtgfm_XTAbzmKMN1ED24dFCtESJmHl06G4wkc2B4cgxcD9RO7LoWTaoQHmgwNOVyJmM3f0IODoS4U7_s9qRlwcBiM24sA1XG1kNRIvqx51qES-Pr9KKMgPULE3wadmGV7PIQe2XyAsycMJlwPCODgraqfA7-6SarLhgHTFyDh-fKKGy_NZ-o9cLDXwSdfiIVit6jEtPaRmn1gJXfGmtX9-XMtwJVMVD3avPxyKk7cDGDZCvF8U---1oEJU_09qXXbi4Wp6W29B3Dzl-OCUlnKTKfg8H3o6VEg3o8z58-Mdz_j-Dh7_nJOwcx_hD1ZGb-zOC-hJjqg9YMO8HZf2eoV7JHZSWYZ8mXDcKZ-KU7UiJQsglB-8-iF2FfOe-Nn3FhG8XUQjNsYzL5fK-ZWRIDZdPxXumooBWOQXqn2KTgOIs_w_ugb2i6FBThgV-geI_R7dIkozHPAMOtj0_KAGA0DbFyM4X7JgOlz-YyWHaypd8i_zU-LcPQE9VusV9OhSmsZtYdFzSRuCK7VC2rODjQuj1LHz5EgPDTlt_4DRIlVzaLrIxXv3dDuqsAahS85gxebhVq_zWuYZCSXNe_KeQvjDtPtVU6INJxR2nScP5LNj6mZfq95lx4UxFdrYRCiK81CiFyOed9IuJguYfAhfA0bR_rcHfDWNHBphkaBly63nW_YtGWrePyFDDur9L7qV_E_piY4_1TVyTBZcIEvgTBveAHveJu2EhMOh6Q3ji25AqFFJRxl8U11vw2qXY_FASlR-g0I-19tLa60df4OUwHw217LBGYkcAuw-4UlI7GfGW59QJt_7TTa9WujmfpeolEHOO02Kd-QtTDnQ60EH8zuWkwJu4nHy0PX5YuNSGF7w2NxAYWwqGqkkoFJhJuaeSmGUdV4rgcE0n5_OLtp8H-tbMkjCNcaQd8uuQUSkcMXwqe7jl6bygFdpCa67XepJtHUVNmv1qEtdYjA3UsuWD5wfbi235f_kPGIeoWtZNFnAKutTSzpxLJMz_eYd_otNSGLzchrz5NuOEuOTDRsyivIbxqJfmcpLh1sAMuyx0plqyIiCwZGl5Z1uVuQs9mHB7lLUSBTZmXafWCR7dtlQYImFDtY5zcG6mDx_qWzr2LXqDMf8oaVcSOx0YnhGOmf-BKXawvSj2qZWVALINKzrQX9lLu7ljd1odqsgx-Rje1o3sHuuYe2WDymwi47ioztXnmtL7qANd-bEdnLz&cid=CAASEuRovThEs7tPYbYZ9Dg4z-EwVQ&rfl=1%2Chttps%253A%252F%252Fwww.nawa3em.com%252F%240
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.243.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 82c3e66a9735ac8dbf6535f5fa081814361c223d028c8495b25d6cf28f42a851

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
content-encoding: gzip
x-server-name: app28.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame EFBE 24 KB
9 KB 38ms
38ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BkB-NnIw_L5aNh_Aqb7CxE7Qfw0GyjwoduSAS-NZRG0jNIYAdIk6A5ZmFcSiZOh7H8FMJUncfcAIhMclCSgR_VXCzjqs7VeqO5ex-31RGKswBQjeZnEL_5vr-cYR8J_w4UIPQ6Kw9H8aDIAaA3IcVk2dukRA&dbm_d=AKAmf-DPe0nIcQTzya5Phsp6oXoxXO4vrXWL3JhObRqgFrH7LOFsnoiwWGic1H7eSUda2pDDxlCiJJisDrHYcoXk6OuUGS-cX-H0B0khqKIgwF1eerp4lQyq-rOrE1gyfjYej6oHFIh9i4I1gedliqLzkifqHbr73LjodTySpTHxz-mJxU4mGOI8XAYwhiYasioeKusb_M28DnZFYjdKamLrRcMVQDJEgMXh5-zVG894xYpd5rhBmqazyfncU9PVVA659qQr28eqBvnmecp8D7joSytO1GGB6120_RDTNVNiqWmoggM3Vu4djPLW-yKil60Z7KZ7RPgCtsHnK-T-bYJ4ivf5BFPnP08Hyl0XLhOV2vg3ZI8sjXeHupjO5BFZlGMz-I8tHBFzCKuRiJ5Fs4xQE0Uw809XYNRHDCLGoKvo1miIOtji5-tPVr4I0CBMMrIdl6D6a8re7C4Vnwfsd5RS3o-68mvHYx5KfcMYtgrVYMqmC58NkznWv2UYzawBGCEgkUbFnUBdhdDTW4hIWeNlC4TCdymJ8FptvVNsZaqqgK89w0KawBm5aDA0TM5hNpL96GKPl_s0cRJcL04ySM90A7KgH_dC_h65dbUoJJlAezLLZxBfUBHGS_nFX-XyWN-iZStNy6jvoMKNfTlDPNaJIPWkXsUbdzGAGPu67NOma9dxK8vxn43TiiHqzvQIaxmeqTPk1T22HwotmKy6u9vIul3Ggg1DgJPmXb2kinwNiOyBRjMe2SaiAzK1YpaLTlHxpDFi4UBmJnWvJ7iUXYmJHek6CCkdd1iHvwUsrInLiF4RPDVk0yaM2MHczXR8fJEaf8ndrgA0l2JdfnUxiNlho0rrhkEN41mnNwDxrZIB-77wvkXug7vGNkNgxhpymvNqYedfOWXSkrBAmUJlo624NExJ4whWBg7e6IErEolxtARnR3AdLAJtGA64vcSpj8hJ8o9qu8HsT4TbxYEkrjwKD5JDrgIO2zY1lMrJ7gIAqX6SmoY4K2JyYxN-nYasIHjPbuF14HiKbFyucDiSQOoDNz2RGnbmqkH5eHSPLPZKgO9cFZdZ2-ZeNJjfc4nIPQx-h6S7SCqqkk19nfugJlScRTZaEGRLgdbOG4cryqtkNUjkEt_QL68pd2NJJV736uRZHjoMXXKd-MSED5yRcnGi2eMObsmvB2YXrh5g0Yvr5zF8DegWlEaIRu4dpQoJwI5oAfOyRrPYTT-W3b4LqZKHVAl4QqTGEZob0QZhe0leGXxHyHjk4mZaWGuaxcdJ9dXZOoEL32wEUulpCtQ8kcw93ucwepWC2cNoVW90w3KnfjCachw4ygQ1vjC5R12d52Lkwjz3SMMAVn4WYBhLs9O5-1Vsp7XZds1iInpKAIgU97f16DjxWdNlUKxmvKouE9OE_8qAPUed4U4NgHTih7yxCAmgG8pW09K6tHRoO3qBbW_C03acogPHxhDfx6hGpQHCKqOLS6HDHcbaAectst2hPuZksgH71keXd_L7fUyDWzgmzfyC6MNiCfmxHY_8vFPD0BQfqF--35fXoNnlReAwf0iKaytHe6yufIiCnutmLJot4M1Fw5DjIQnpBJabxAUgSDxLsQS0bDXbvco13c9PfeOShtfCMAVdtq2H1Ewy5kHDyuHfC-zG4g89xigIZ884i9XM_YSe9drnkF2chPJ-Rfz87SI2tVV2PVLFlJ4BlXCla6Bro8mp-naoK0pMhtpLFq0dIfm6BBWg4nhe2ZPW89hubLAAAwvy8YIqpXS2wqd-f5A8pZqT6NwD1Y2ye2iHXRTxQOhk4MNBMy35QAID6jw-hz8iryY8hFoS1Fj7LnB6rokte25ITy3MC9nwisPag0TY8EKQ3e817z_R7sKeLRJ5GuAZ0ORayI9Nyi7iJfKWU4S_ehQd9gBpF_Mtgfm_XTAbzmKMN1ED24dFCtESJmHl06G4wkc2B4cgxcD9RO7LoWTaoQHmgwNOVyJmM3f0IODoS4U7_s9qRlwcBiM24sA1XG1kNRIvqx51qES-Pr9KKMgPULE3wadmGV7PIQe2XyAsycMJlwPCODgraqfA7-6SarLhgHTFyDh-fKKGy_NZ-o9cLDXwSdfiIVit6jEtPaRmn1gJXfGmtX9-XMtwJVMVD3avPxyKk7cDGDZCvF8U---1oEJU_09qXXbi4Wp6W29B3Dzl-OCUlnKTKfg8H3o6VEg3o8z58-Mdz_j-Dh7_nJOwcx_hD1ZGb-zOC-hJjqg9YMO8HZf2eoV7JHZSWYZ8mXDcKZ-KU7UiJQsglB-8-iF2FfOe-Nn3FhG8XUQjNsYzL5fK-ZWRIDZdPxXumooBWOQXqn2KTgOIs_w_ugb2i6FBThgV-geI_R7dIkozHPAMOtj0_KAGA0DbFyM4X7JgOlz-YyWHaypd8i_zU-LcPQE9VusV9OhSmsZtYdFzSRuCK7VC2rODjQuj1LHz5EgPDTlt_4DRIlVzaLrIxXv3dDuqsAahS85gxebhVq_zWuYZCSXNe_KeQvjDtPtVU6INJxR2nScP5LNj6mZfq95lx4UxFdrYRCiK81CiFyOed9IuJguYfAhfA0bR_rcHfDWNHBphkaBly63nW_YtGWrePyFDDur9L7qV_E_piY4_1TVyTBZcIEvgTBveAHveJu2EhMOh6Q3ji25AqFFJRxl8U11vw2qXY_FASlR-g0I-19tLa60df4OUwHw217LBGYkcAuw-4UlI7GfGW59QJt_7TTa9WujmfpeolEHOO02Kd-QtTDnQ60EH8zuWkwJu4nHy0PX5YuNSGF7w2NxAYWwqGqkkoFJhJuaeSmGUdV4rgcE0n5_OLtp8H-tbMkjCNcaQd8uuQUSkcMXwqe7jl6bygFdpCa67XepJtHUVNmv1qEtdYjA3UsuWD5wfbi235f_kPGIeoWtZNFnAKutTSzpxLJMz_eYd_otNSGLzchrz5NuOEuOTDRsyivIbxqJfmcpLh1sAMuyx0plqyIiCwZGl5Z1uVuQs9mHB7lLUSBTZmXafWCR7dtlQYImFDtY5zcG6mDx_qWzr2LXqDMf8oaVcSOx0YnhGOmf-BKXawvSj2qZWVALINKzrQX9lLu7ljd1odqsgx-Rje1o3sHuuYe2WDymwi47ioztXnmtL7qANd-bEdnLz&cid=CAASEuRovThEs7tPYbYZ9Dg4z-EwVQ&rfl=1%2Chttps%253A%252F%252Fwww.nawa3em.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:57:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Dec 2021 10:57:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame EFBE 8 KB
3 KB 39ms
39ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:58:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Dec 2021 10:58:33 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EFBE 0
255 B 104ms
83ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstzwPrcAJNkYwVVcDZSw1KtZut3V3_gveTSFY-YsApTP92M5jm05cV5xlBzm-JYqNJ9ehFFq8wh1n4I1tghmGd-og5c1pJuiqkEEu5RUbQb1QRBX0F7FmEmZC7XbNbCygF32gkFzbKfhJPJbGcuOeV-jm1h-ybO0hHLhGw7fgaodrQpTlEahZrdyA2CYuGK6vrB1WNOED7McQ5OPFdhQesAf3f4jFam4NiGOUgq4LvXVCB5NFuK2t34V8gyPQnlYSeDQgmCxrvlqm0aMuRlIJ2wdeM3vSKWEHAdXrfPWIqbjvWbIPT2V0VlrYV53zvbQTAPTx072Eml-I4GuP5R8ScJ7lRu6JghsUNpqqXNxG6hjqRJXCzKVoUgv8PyzynpjN4LYa2eL9wBOMZYyW4ulA82IW3Q6kuaAZjw0wZWjU_QNd1KjY3lqZjAVEpQAQpi_QbiZ7QZWdaQ6qAdBwNIeDqdetMOVlhtQIQ26lqR7rg_uBDX3QbWmYmN54a278hUnQJij_G841LDSaCA3oXUkh_5NZZ2Qp4VIgNIOxadm5VKnx17zwUuiAsKc4d8MwbGsx6sYZrDhBxs3lK7XsKUM3oWoW0DwY8z7sZkqKHZnNEIwkEafQfuGk6DEZu5F-9lg6Msb7FPSvETFvX_sSJCm1R0y_Y_iyabJlCxgVov6_ridcHBOcW0UfdvqlcLqweZ4LOTpjfGFBD6DUAvrjEykdvVB2DRF9b6exr6mvqQAZTCQTBOJ70gK5APMBJ3lpzwubuLX8zpeCeQzfNw-XWdXef95cF74vEc1fFWoprl3hDGNpfun07v__8UDN-Nk-vp076my7r4IN1AauiB5HfELCRh_5KJ1YF0hZ5VHyD-KVkm3eFjerqHsa_nO70mAzXetO0K-KMDNY2MDm_O386M5oZomGnwDD7xan8zKehToE-YsQL7BanqQ9cHVidrUlD8Zzh4vKrctOSutaKWftgfOsjZ_ilT3Pjr3ogaVi7baNrww35OAmgcjqNFsUPs9CF3FV3kGayT-t7QSR7Jwu57oenYxqDeVlwm5WlEyCnxSZH4li7chzOnFJ2gyMe9H5muzvchGT-xqql_Ek0gZgLCVlhBxEqWW_db3opuI12bjdFkj7fgrhbPtpr3rwFXcR_fKB1E6I-2jbhmRoqLISbrrcHiIeXcSXCuO_JhpY40PBrvjFqlFSX24sXO3niApFlOYZcpQtRcTluEs4XBmTs1gCA9KBUTIv6UobcXTY79O30N7KEuxQ&sai=AMfl-YRgFniBrTxqJ0BtDfBDfKVP0rGpBPQM_rkYFVncGf-_bfHlTkRSJnqCEJzc9_wWrkBNLjkRn25LILYCQLOlURgtu99kdzdjqI4tWyqgD5aB-jMQfwxVSM8CC1AMyE4HxxuCltIQuj27s6l3ABpNrbS4yr62kw&sig=Cg0ArKJSzKHVA-Djs9oFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.91429&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 21 Nov 2021 10:59:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EFBE 41 KB
15 KB 319ms
155ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 12:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 167028
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 19 Nov 2022 12:35:12 GMT

GET
H2 200 CK_Black_Friday_Display_LG_Dv360_GIF_728x90.gif
s0.2mdn.net/9329607/ Frame EFBE 10 KB
0 612ms
127ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9329607/CK_Black_Friday_Display_LG_Dv360_GIF_728x90.gif

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 13:11:31 GMT
x-content-type-options: nosniff
age: 78450
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 10:54:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Nov 2021 13:11:31 GMT

POST
H2 200 state Show response
api.permutive.com/v1.0/ 0
87 B 28ms
28ms XHR
text/plain 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
access-control-allow-origin: https://www.nawa3em.com
access-control-max-age: 86400
access-control-allow-credentials: true
alt-svc: clear
content-length: 20
via: 1.1 google
access-control-expose-headers: *

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3566 1 KB
749 B 39ms
39ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Nov 2021 13:26:12 GMT
expires: Sun, 21 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77568
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EFBE 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7663b6ee87260f0e0f8807e000c05acd26fbc4ea3e8981d063d1295f443ea408

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 3566 0
191 B 101ms
24ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEIntB8arfdtUiIc7kaQUl3Y&google_cver=1&google_push=AYg5qPLg9iGChJ7ln7w60ghAemHUrpgaOGkR0CklVlZFByDZdsSTskPR6uuiNW6dg2pDGF_m6bK6viIJxPsKNOIQWRTgrEF-mpNKoQ
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 403
Forbidden gg_pixel
sync.adaptv.advertising.com/ Frame 3566 14 B
14 B 448ms
100ms Image
text/plain 52.2.183.88
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESECRQN3DzAz6H0fcQmQL0Cto&google_cver=1&google_push=AYg5qPKN7TO0ZuSdV01s-HoFYLnXQa13T1yTR_qz6WVHjItZ6ZKXrRx2aJszUXNnw7Uswr6bSyMij6gGvTAjxCjZOwsg747Icqpr7A
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.183.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-183-88.compute-1.amazonaws.com
Software: ribs2.0 /
Resource Hash: 0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Server: ribs2.0
Connection: keep-alive
Content-Length: 14
Content-Type: text/plain

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3566
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJmk-fCOVSBF5qKhf4AG1kU&google_cver=1&google_push=AYg5qPKoAxxvD0XhK6MJSasOQnFMleEQ4kRNjZU9-wI1O7rjRIxQrU7zve1lWlE4I_JYHLc7OSb7nw3Wo9y3SXBXxNUPyDU...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKoAxxvD0XhK6MJSasOQnFMleEQ4kRNjZU9-wI1O7rjRIxQrU7zve1lWlE4I_JYHLc7OSb7nw3Wo9y3SXBXxNUPyDUfqaZFSQ&google_hm=NjQwNDEzODI1NzA5OTk0...

170 B
188 B

47ms
46ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKoAxxvD0XhK6MJSasOQnFMleEQ4kRNjZU9-wI1O7rjRIxQrU7zve1lWlE4I_JYHLc7OSb7nw3Wo9y3SXBXxNUPyDUfqaZFSQ&google_hm=NjQwNDEzODI1NzA5OTk0NDMwOQ%3D%3D

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 21 Nov 2021 10:59:00 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKoAxxvD0XhK6MJSasOQnFMleEQ4kRNjZU9-wI1O7rjRIxQrU7zve1lWlE4I_JYHLc7OSb7nw3Wo9y3SXBXxNUPyDUfqaZFSQ&google_hm=NjQwNDEzODI1NzA5OTk0NDMwOQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3566
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fib3qPAFSJehMozQ0C2J0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fib3qPAFSJehMozQ0C2J0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIil3VUP9Wi_U-WaYH3hhH4mECefg1xybNN5uBQ-2XHLdCBKwfyYM-P2QTZ6-d9Lmj80aKUYHlgjZBeNJ6TtpY1p4PVn207zg

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fib3qPAFSJehMozQ0C2J0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIil3VUP9Wi_U-WaYH3hhH4mECefg1xybNN5uBQ-2XHLdCBKwfyYM-P2QTZ6-d9Lmj80aKUYHlgjZBeNJ6TtpY1p4PVn207zg
date: Sun, 21 Nov 2021 10:59:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3566
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEM...
https://sync.targeting.unrulymedia.com/csync/RX-08baef0b-ff37-4d84-8125-05fc1b4d80ca-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ_6e2vpRxOhC4z6AGHi...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ_6e2vpRxOhC4z6AGHibmaJSYDO4h-LCt3YbwDPQHk0b62slW9x6eSe2K7W8wY5tIwnPTLpWzXMn3jZLonCJNfcyzBxzEsrw&google_hm=Awi67wv_N02EgSUF_BtNgMo

170 B
188 B

45ms
45ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ_6e2vpRxOhC4z6AGHibmaJSYDO4h-LCt3YbwDPQHk0b62slW9x6eSe2K7W8wY5tIwnPTLpWzXMn3jZLonCJNfcyzBxzEsrw&google_hm=Awi67wv_N02EgSUF_BtNgMo

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ_6e2vpRxOhC4z6AGHibmaJSYDO4h-LCt3YbwDPQHk0b62slW9x6eSe2K7W8wY5tIwnPTLpWzXMn3jZLonCJNfcyzBxzEsrw&google_hm=Awi67wv_N02EgSUF_BtNgMo
date: Sun, 21 Nov 2021 10:59:00 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX08baef0bff374d84812505fc1b4d80ca003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3566
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESED0SN-0Dk6t04xUFqICjLMc&google_cver=1&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xc...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESED0SN-0Dk6t04xUFqICjLMc&google_cver=1&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xc...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESED0SN-0Dk6t04xUFqICjLMc&google_cver=1&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAwODcxNTRiZC00YWJhLTExZWMtYTk5YS0wNjYxOGFhM2IzYjY%3D&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RM...

170 B
188 B

46ms
46ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAwODcxNTRiZC00YWJhLTExZWMtYTk5YS0wNjYxOGFhM2IzYjY%3D&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RMfT1edxRzyz87DKr-2PKk4dlqENjA7xIxZTAQ

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAwODcxNTRiZC00YWJhLTExZWMtYTk5YS0wNjYxOGFhM2IzYjY%3D&google_push=AYg5qPKl8-R_P7ZGDj0w7eD1AFcLEfM8Q6KYLsvP8XtXkUBEgsP__8xcia2Khj5-RMfT1edxRzyz87DKr-2PKk4dlqENjA7xIxZTAQ
date: Sun, 21 Nov 2021 10:59:00 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3566 0
12 B 51ms
49ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IuL9x-ZD6jsekVW-kC-PvO4D8ceS56_vHWr1BpOCblkOKBaHRJJ4cHjbI6guilLJ4

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 main.gr.19.8.267.js Show response
static.adsafeprotected.com/ Frame EFBE 187 KB
60 KB 57ms
8ms Script
application/javascript 2600:9000:2156:0:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.267.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/873249/58417267/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 724d5e151b4ba82f7eaf29667bed3a5ae2167a00343cfbcf2ebed5df806d914e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 16:59:44 GMT
content-encoding: gzip
age: 1101557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 08 Nov 2021 16:44:16 GMT
server: AmazonS3
etag: W/"3969d0944eda724d44536ffabb874cbe"
vary: Accept-Encoding
x-amz-version-id: 4WBF5SKEzUvdXUVA6w23d2Sq_.qCUBCq
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: YkELTWyCMEfQot-AiAJLOnJXtYzaII5JUaRHjDeGMZs2LSD44jWokg==

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame EFBE
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/873249/58417267/skeleton.js?adsafe_url=https%3A%2F%2Fwww.nawa3em.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googl...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

7ms
7ms

Script
application/javascript

2600:9000:2156:0:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:2156:0:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:35:57 GMT
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
age: 11845384
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Xl_6GgZACsMvRaIPEXZP-Mxy5Neo5DAbq_fHGjIGoA6WacGo05-Naw==

Redirect headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:00 GMT
x-server-name: app31.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 21F1 80 KB
21 KB 7ms
7ms Script
application/javascript 2600:9000:2156:0:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 08:08:31 GMT
content-encoding: gzip
age: 4416630
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: QuMcnd5zjfKvhLLVJzc4Lt7G9RF6k23cnhSnHAXvmpcntwq4Oq3wGw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 343ms
97ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBacya,pingTime:-3,time:122,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:97%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:122,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B37~0%5D,as:%5B37~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:0,renddet:IMG.qs.bi%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
216 B 338ms
96ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBacyb,pingTime:-6,time:123,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:123,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:0,renddet:IMG.qs.bi%7D&tpiLookup=ao:www.nawa3em.com*&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 334ms
96ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBacyj,pingTime:-2,time:131,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:864,bdZ:1026,beA:1029,beZ:1030,mfA:1109,cmA:1111,inA:1111,inZ:1116,prA:1116,prZ:1122,si:1127,poA:1128,poZ:1143,cmZ:1143,mfZ:1143,loA:1152,loZ:1155,ltA:1159,ltZ:1159%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:97%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:131,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B46~0%5D,as:%5B46~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.qs.bi,sinceFw:32,readyFired:true%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 292ms
100ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBacz2,time:176,type:e,im:%7Bimprf:%7Bttecl:311,ecd:7,tsecr:3%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:176,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:0,renddet:IMG.qs.bi%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 141ms
140ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBacCT,pingTime:-10,time:415,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuNDUgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1637492341211%7C%7C3343fb7a23b6a90ceb485bbc471c1843%7C%7Cb4088f046bf9a570f2964ffc86d258ff%7C%7Caa2651f2b3bee3fb8a1af2fff962eddc%7C%7C5ea9089eb81632c1e646e852986c3c94%7C%7C10173d859ad78076c94da6727ba20594%7C%7C2d60cd7cf5d6565a2436849c5c9b7553%7C%7Caeba5b7da7c1de219a6b55dd84603fb9%7C%7C1629390669%7D
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=175394759729483&ev=PageviewsPerSession&dl=https%3A%2F%2Fwww.nawa3em.com%2F&rl=&if=false&ts=1637492341246&cd[Pages%20Viewed]=1&cd[page]=https%3A%2F%2Fwww.nawa3em.com%2F&sw=1600&sh=1200&v=2.9.48&r=stable&ec=3&o=30&fbp=fb.1.1637492330907.678563057&it=1637492330746&coo=false&exp=p0&rqm=GET

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:01 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sun, 21 Nov 2021 10:59:01 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B829 42 B
64 B 70ms
69ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvK_HS5zKRsh_7DTH4D9yHV7UoqIouEX346O31jXNWzZSC-oL7FNhTPyUESePBNG4xlMJAzaBDp9lDf88KJBnKfZw&sig=Cg0ArKJSzCeJS4xQkB8DEAE&cid=CAASF-Ro2gqdtGezfpvw_eB7BkrA49RvvPFW&id=lidar2&mcvt=1000&p=714,241,1314,541&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=0.81&if=1&app=0&itpl=20&adk=3284825077&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637492339771&rpt=610&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET collect
www.google-analytics.com/ 0
0

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 10ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=175394759729483&ev=Impression&dl=https%3A%2F%2Fwww.nawa3em.com%2F&rl=&if=false&ts=1637492341392&cd[Type]=MPU&sw=1600&sh=1200&v=2.9.48&r=stable&ec=4&o=30&fbp=fb.1.1637492330907.678563057&it=1637492330746&coo=false&exp=p0&rqm=GET

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nawa3em.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:01 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sun, 21 Nov 2021 10:59:01 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 97ms
96ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBacGA,time:644,type:e,im:%7Bpci:%7Btdr:506%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:644,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B559~0%5D,as:%5B559~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:145,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:01 GMT
x-server-name: dt20.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H2 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
179 B 20ms
19ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 9fda28281da23832cb92c60d328c4f881b55fd15778d2eade201ceb04832569e

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:59:01 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.nawa3em.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 111
via: 1.1 google

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7429 22 KB
8 KB 271ms
271ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Nov 2021 12:35:14 GMT
expires: Sat, 19 Nov 2022 12:35:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 167028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 state Show response
api.permutive.com/v1.0/ 0
84 B 30ms
30ms XHR
text/plain 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=false&k=40da2992-202e-46c3-bd6d-d27455ebb9ca
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f3a06674-ebb9-4b9d-ba8f-0052018c0687-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nawa3em.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 21 Nov 2021 10:59:02 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
access-control-allow-origin: https://www.nawa3em.com
access-control-max-age: 86400
access-control-allow-credentials: true
alt-svc: clear
content-length: 20
via: 1.1 google
access-control-expose-headers: *

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 7429 35 KB
13 KB 39ms
38ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:02:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 165418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 19 Nov 2022 13:02:04 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F718 12 KB
9 KB 53ms
53ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

114987371a5d9ff96b210fa7e34e6e3ae463c88396ae3351d7a8b6112a0951f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Nov 2021 10:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9113
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F718 17 KB
6 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 21 Nov 2021 10:59:02 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7429 0
21 B 75ms
75ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCuHycyaaYaXCM73C7_UPiuu30AQAAAAAOAHgBAI&bg=!HR6lHlrNAAZQLpa_UC47ACkAdvg8WvICIHkazpObCsN4SziFvku3ZaeFx9xNY9g1ougF4tC7lEpTngIAAABXUgAAAAhoAQeZAsmpUJ8eeYtdRPwm8QlK7YlFjhl3jUyrtzdxl-peskuko7p7o3B_EdKCKcxWUX-0BZDGC8CFtEDBeFtDFtATSjom8dmgEhqjGDPr50r5NoLapP9Eg7PLYSBOv2S2Hfkz8YYimOrnoaAfNfENYDmZKHkAfE9qrlKVHegLbulv5qPV1BannB_NovJPRqNQDvtehJREvCS0pZJ33YZSSMLS99eAByvYf6L1R6_QeDU2oFM6x-zz0nyBH7kayuBDB-VS2MEDPFbY_T9JtLp-UZxsgEiu4lcRgmiVcSQWZqQZI5pbWIO3rr0-JeHU0W-IsfZdPRB9hyitrWSfKYJU0s6xz17FNLsw-H0kj5MBw_Ci4rVzc9KItwdMaZKt9YIVNivTnafU0V7doxij9Ocm3Jgpa0Ycf5glKtObonPEnW3PpzT62MGXULTekTaygiIxbK0ME3Q8dBaaglKG_CX1lU3KM7XprHcpNpkRszf5Ci4leEKwOVx3m7I6eBnHniBh2Yb5ktf_cfdnDJ_gfShKT9onvZjUScOosTKF7bnujHtDopnaQkrzPuBZji9iqfKxeOvhD_84-RhKoEpdQaqPWpCfuCYxiLvdhlRz8ulfL0AoWT7SXlWb_SJRb15patiZvtC6FTEOTmYPWNHImxCWUZtllqPEmVm0boHChYrRkgErtLG9jmHQr99ZktzOS_XCY-ZJNBI9yYdNDAmmAO40dHtKZESKBsCdHEtexJksVl1rtLEa-tdBUkVsx7Y6is3ZN6M_wzD3hYzOw8EaoNAk4wVbIUteD89-YFYkqKftkFWtqiGaZBiyHmG8R7uOS-oZopvlaGd1PKxVZmHj6ukpjy8Vb5FKPtp_gbC5LUREyjFSzGQYJ1tq3SNlqxLP4L0W6_krknUBG4MV7Y6QNr5r9YS73a4v_3SwjsZeck41pUj5vMNMlBWN_TFOGTUAuQ

Requested by

Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 97ms
97ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBad4y,pingTime:1,time:2130,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:97%7D,%7Bpiv:100,vs:i,r:,t:1129%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1129,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1045~0,0~100%5D,as:%5B1045~728.90%5D%7D%7D,%7Bsl:i,t:1129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:99,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:02 GMT
x-server-name: dt33.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 97ms
96ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBad4z,pingTime:1,time:2131,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:97%7D,%7Bpiv:100,vs:i,r:,t:1129%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:1129,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1045~0,0~100%5D,as:%5B1045~728.90%5D%7D%7D,%7Bsl:i,t:1129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:99,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:02 GMT
x-server-name: dt29.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame D9EE 12 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 20 Nov 2021 20:36:35 GMT
expires: Sun, 20 Nov 2022 20:36:35 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 51748
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 39B1 783 B
535 B 674ms
674ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dfe484e897d3cfddc0f5dd8983f99651ccffa6c0f459a705c2886b7aa208e74f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-M/OmQ68izbVMG7Sw02Oolw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 21 Nov 2021 10:59:03 GMT
date: Sun, 21 Nov 2021 10:59:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-M/OmQ68izbVMG7Sw02Oolw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame D9EE 35 KB
13 KB 40ms
40ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 10:41:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 10:41:23 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F718 0
21 B 73ms
73ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=6665606854018&bg=!JiWlJWHNAAZQLpa_UC47ACkAdvg8WmHjCgPb38F6WbqQVV64KFeWApqxhPrbroKks3fI3cnmeRmQxwIAAABPUgAAAAtoAQeZApoNnolzd1Kqy1p3pBUGOqdCyd4nOzC-KgdJ9VeFiTUfDR0RJBPZctduo1MHLtQ98oociivvYAJPCyBM2RU0LRcvw7LWqsow_oXnL4oi9CoUMJ9PQvFxecV0vLYZsRalbcKw46LwgqpCdTxQroq1VLQPjBJYHHJENHXOO6UEDVWTYpr2OlnJlJMGLToEdBAgz9v1ST74UVoWeloeAZzeojaU9dQYDJ5DDvG0N8vIydD5dl-IgVusyz1tyV99_QBhwsZ2rJnWe1kqvUHicVSodozk16uCrdON1aXBZ98_zYWE0Pv7_RSFhOBaCJc8tZPST61oSrPW17ijwJOVB8m7uHiu3XXVPUt8dHaNJ5k0azepW-qJCwNk6VoUjF20hGsmC7a3Pna83UN5wKScBIFquOPD_rFCMX_cs-IU5uvUdBX-8o9C-ptAq0JqoEU6N5b_p8vsvjKCdJrfFsZdiu6P9x7hP7rhsbVxdYpqd1NqFlKIcuLFfKb59qvBZCjJf8IjhRm9ZItfOasto3Q2r9rwUsAGkzpDdnDuCVDlWrmWnzcNc570T29MSrz6mvEJR23Fk76AFTTyok3s_mw3tHVapD9vTzKatlmXIiE__iprnjnbEog7kzzV7XpO-AYm6slTHl8nOhZqjn7WwMH65rEH93vc2asQK8KdI6MhnixuQteCH6gL3J3AfV7fy7OC2C5F_PqZ8u6g-1ufD0Mu1F-tUUXWPrv6JL9TTPX0Q_b8RT9sRBoreVrZsyXIEJOsC5lRG6zuwxbeS0X4doorQfmWomfi6McChj4yq-jmsaZU33nJlK_7eo_PNoZwUEZFu_12aiOrozGQl-i_crfEEfwtn4qJ5KITGoN7lNeAhelIDbYa7jn8GHHdSqmjIIs

Requested by

Host: www.nawa3em.com
URL: https://www.nawa3em.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.foxpush.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 39B1 0
0 87ms
87ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=6665606854018&rc=
Requested by: Host: www.nawa3em.com
URL: https://www.nawa3em.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 97ms
97ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBae74,pingTime:5,time:6130,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:97%7D,%7Bpiv:100,vs:i,r:,t:1129%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1129,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1045~0,0~100%5D,as:%5B1045~728.90%5D%7D%7D,%7Bsl:i,t:1129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~100%5D,as:%5B5000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:101,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:06 GMT
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame EFBE 43 B
215 B 96ms
96ms Image
image/gif 54.156.215.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=873249&asId=d5c27e64-9956-7c1d-88ab-15c7b890f922&tv=%7Bc:uBae75,pingTime:5,time:6131,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:97%7D,%7Bpiv:100,vs:i,r:,t:1129%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5002,o:1129,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:97,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1045~0,0~100%5D,as:%5B1045~728.90%5D%7D%7D,%7Bsl:i,t:1129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:101,fm:sPoyZ52+11%7C12%7C131%7C14%7C15*.873249-58417267%7C151%7C152%7C161%7C162%7C163%7C164%7C165,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: 0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
URL: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.215.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-215-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Nov 2021 10:59:06 GMT
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEFpt9Zp98PzWFlZssrr4vUo&google_cver=1&google_push=AYg5qPJCiiU-En_tUtNH8XSWpybUYD2Xj4yLDAEReOmEDlB9aRaRInDxx8m_0EODzE7hAn2qjHYFb-f8mA22vvYshxGWUKYV0Adr

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/collect?v=1&_v=j96&a=993438354&t=event&_s=2&dl=https%3A%2F%2Fwww.nawa3em.com%2F&ul=en-us&de=UTF-8&dt=%D9%85%D9%88%D9%82%D8%B9%20%D9%88%D9%85%D8%AC%D9%84%D8%A9%20%D9%86%D9%88%D8%A7%D8%B9%D9%85%20%D9%84%D9%84%D9%85%D8%B1%D8%A3%D8%A9%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9%20%7C%20%D9%86%D9%88%D8%A7%D8%B9%D9%85&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Ad%20Display%20Impression&ea=MPU&_u=KGBACEABBAAAAC~&jid=&gjid=&cid=8495737.1637492335&tid=UA-25102817-1&_gid=1922737688.1637492335&z=1506591779

Verdicts & Comments Add Verdict or Comment

294 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
collector.effectivemeasure.net/beacon	1970-01-20 07:29:56	Name: c3 Value: 1
collector.effectivemeasure.net/beacon	1970-01-20 07:29:56	Name: gc Value: DE
collector.effectivemeasure.net/beacon	1970-01-20 07:29:56	Name: mb Value: 0
collector.effectivemeasure.net/beacon	1970-01-20 07:29:56	Name: dmp Value: 1637492331423
.3lift.com/sync	1970-01-20 01:01:08	Name: sync Value: CgoIgQIQr-2YkdQvCgoI4gEQr-2YkdQvCgoI5gEQr-2YkdQvCgoIhwIQr-2YkdQvCgkICRCv7ZiR1C8KCQg6EK_tmJHULwoJCAsQr-2YkdQvCgoIjAIQr-2YkdQvCgoIzgEQr-2YkdQvCgkIXxCv7ZiR1C8=
www.nawa3em.com/	1970-01-20 07:37:08	Name: UserIdCookieHttponly Value: dc4a58b6-f4b0-4c34-872c-0210a994a83e
www.nawa3em.com/	1970-01-20 07:37:08	Name: UserIdCookieHttponlyExpDate Value: 11/21/2022 12:58:49 PM
www.nawa3em.com/	1970-01-20 01:01:08	Name: NpsCreateDate Value: 1637492329
www.nawa3em.com/	1970-01-20 01:01:08	Name: NpsGuid Value: 3a458421-1e2f-4cd1-97b4-2d5af7c8ec93
.nawa3em.com/	1970-01-20 01:01:08	Name: _fbp Value: fb.1.1637492330907.678563057
.nawa3em.com/	1970-01-20 07:37:08	Name: datadome Value: W-Vpv-gt2UBFZy7Vh.jTYit_lCh.WNzNd-gjUI7Ja5J9nxto0PdNGvoUMosgua8QpzkdpSmsIpDsNsmNQ2WPc7brHpfagoVAILcuhiMUJ9
collector.effectivemeasure.net/	1970-01-20 07:29:56	Name: vt Value: 467a7f41-e720-4397-93a6-c04f142524e4-17d422612da-df02f7ce
.nawa3em.com/	1970-01-20 07:29:56	Name: _em_vt Value: 467a7f41-e720-4397-93a6-c04f142524e4-17d422612da-df02f7ce
.nawa3em.com/	1970-01-19 22:51:34	Name: _em_c3 Value: 1
.nawa3em.com/	1970-01-19 22:51:34	Name: _em_vi Value: b5f13180-2fb2-417f-9667-65b160382c95-17d42261328-797b70ab
.nawa3em.com/	1970-01-19 22:51:34	Name: _em_lt Value: 1637492331304
.nawa3em.com/	1970-01-19 22:51:34	Name: _em_ft Value: 1637492331304
.nawa3em.com/	1970-01-19 22:51:34	Name: _em_pc Value: 1
.nawa3em.com/	1970-01-20 07:29:56	Name: _em_gc Value: DE
.nawa3em.com/	1970-01-20 07:29:56	Name: _em_mb Value: 0
.nawa3em.com/	1970-01-20 07:29:56	Name: _em_dmp Value: 1637492331423
.doubleclick.net/	1970-01-20 08:13:08	Name: IDE Value: AHWqTUlWsgG6havqOfqFNHXxOWcoS3t0ug7sh9TIybFrCfa8-j6bmyNl7SUzDdFjXxA
www.nawa3em.com/	1970-01-20 07:29:56	Name: newsletter_start_date Value: 1637492331840
.nawa3em.com/	1970-01-19 22:51:34	Name: _em_scf Value: []
.twitter.com/	1970-01-20 16:22:44	Name: personalization_id Value: "v1_pGkwKevct3VYhtGO3d9eJQ=="
.zwaar.org/	1970-01-19 22:51:34	Name: __cf_bm Value: 4u5n.W0PFsIKp8w9j2DXAVw3OHV_8NYvCFA_QiD3hws-1637492333-0-AUJ/drblgvM5SozNsjYLdJ7J0VlP4PWEaUBCGZ75MI7p/9pjNinvnQl7Db46gYkxt88sCHBuqnBu17lQW+jvP6c=
.nawa3em.com/	1970-01-20 16:22:44	Name: _ga Value: GA1.2.8495737.1637492335
.nawa3em.com/	1970-01-19 22:52:58	Name: _gid Value: GA1.2.1922737688.1637492335
.nawa3em.com/	1970-01-19 22:51:32	Name: _gat Value: 1
.nawa3em.com/	1970-01-20 01:01:08	Name: _gcl_au Value: 1.1.1122441469.1637492337
.nawa3em.com/	1970-01-21 01:09:46	Name: permutive-id Value: 5017c06f-c0c8-49af-9bd1-00093b88e087
.nawa3em.com/	1970-01-21 01:09:46	Name: permutive-session Value: %7B%22session_id%22%3A%220cd67f3f-99ca-429f-881d-867ae5a2c1e3%22%2C%22last_updated%22%3A%222021-11-21T10%3A58%3A59.234Z%22%7D
.f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co/	1970-01-20 01:04:01	Name: pxid Value: 642b98ae-586d-45cb-a5f1-a25433e88412
.adsrvr.org/	1970-01-20 07:37:08	Name: TDID Value: 92f72bed-4457-4294-b747-02ea75e5965d
.adsrvr.org/	1970-01-20 07:37:08	Name: TDCPM Value: CAEYBSABKAIyCwiEts_wlLqWOhAFOAE.
.nawa3em.com/	1970-01-20 08:13:08	Name: __gads Value: ID=6db7ec57f94feb35:T=1637492339:S=ALNI_MaxQSlQpO6liJ_vlIVmbFJiA4JlwQ
.1rx.io/	1970-01-20 07:37:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-08baef0b-ff37-4d84-8125-05fc1b4d80ca-003%22%7D
.travelaudience.com/	1970-01-20 08:20:20	Name: _tracker Value: %7B%22UUID%22%3A%22B3EFA902-9FB0-43F8-8083-4E071FA35F4E%22%7D
.scorecardresearch.com/	1970-01-20 16:08:20	Name: UID Value: 1CSN6DKIJCPEYARB0DKOP0g1637492340
.ctnsnet.com/	1970-01-20 07:37:08	Name: cid_d9dc4033b20d40deac3833cb47be0a74 Value: 1
.adform.net/	1970-01-19 23:34:44	Name: C Value: 1
.adnxs.com/	1970-01-20 01:01:08	Name: uuid2 Value: 3336972695268724887
.targeting.unrulymedia.com/	1970-01-20 07:37:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-08baef0b-ff37-4d84-8125-05fc1b4d80ca-003%22%7D
.adform.net/	1970-01-20 00:17:56	Name: uid Value: 1897720598659398670
.casalemedia.com/	1970-01-20 01:01:08	Name: CMPS Value: 3274
.adnxs.com/	1970-01-20 01:01:08	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il_p2IeR!]tbPl1M>e)ZlrFUfJ+tGXxp$IM-+BKxTUHFnXr]UB-orTFla][8.eY3:+:wbpRzqF1`b_gi3*B:
.casalemedia.com/	1970-01-19 22:52:58	Name: CMST Value: YZomdGGaJnQA
.casalemedia.com/	1970-01-20 07:37:08	Name: CMID Value: YZomdIxJxXi0vmqkNJiXDAAA
.casalemedia.com/	1970-01-20 01:01:08	Name: CMPRO Value: 1184
.casalemedia.com/	1970-01-20 07:37:08	Name: CMRUM3 Value: 2d619a26742760CAESEMvRv8lQyfU6w4McuUP0mAY
.3lift.com/	1970-01-20 01:01:08	Name: tluid Value: 17356407945341667935
.bing.com/	1970-01-20 08:13:08	Name: MUID Value: 0A4705AE73F16EFE1214155872236FE7
.turn.com/	1970-01-20 03:10:44	Name: uid Value: 3985943309443916811
.advertising.com/	1970-01-20 07:38:34	Name: APID Value: UP087154bd-4aba-11ec-a99a-06618aa3b3b6
.pubmatic.com/	1970-01-19 22:52:58	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 01:01:08	Name: KADUSERCOOKIE Value: 7E26F7A8-F005-4897-A132-8CD0D02D89D3
.analytics.yahoo.com/	1970-01-20 07:38:34	Name: IDSYNC Value: 18wq~21nm
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UP087154bd-4aba-11ec-a99a-06618aa3b3b6
.yahoo.com/	1970-01-19 22:52:58	Name: APIDTS Value: 1637492340
.yahoo.com/	1970-01-20 07:37:29	Name: A3 Value: d=AQABBHQmmmECEIGRKnOxi6eFlfrrgGuQ6ZMFEgEBAQF3m2GkYQAAAAAA_eMAAA&S=AQAAAsZAEREAbGtYQsNp6PhYthI
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:23:26	Name: bcookie Value: "v=2&a95f9d5c-2bb3-4806-8177-e18a7503fb65"
.linkedin.com/	1970-01-20 16:18:54	Name: li_gc Value: MTswOzE2Mzc0OTIzNDA7MjswMjEne5Jz52HULYCNenLBgiWaq0/RAnrogjSEP9qpxpTOIQ==
.linkedin.com/	1970-01-19 22:52:58	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2177:u=1:x=1:i=1637492340:t=1637578740:v=2:sig=AQHqBVngBuD0Dl8mZf0HLF22TBkM2J8y"
www.nawa3em.com/	1969-12-31 23:59:59	Name: pv_per_sess Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.nawa3em.com/fonts/font-awesome/fontawesome-webfont.woff2?v=4.6.3 Message: Failed to load resource: the server responded with a status of 404 ()
other	error	URL: https://www.nawa3em.com/ Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network	error	URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESECRQN3DzAz6H0fcQmQL0Cto&google_cver=1&google_push=AYg5qPKN7TO0ZuSdV01s-HoFYLnXQa13T1yTR_qz6WVHjItZ6ZKXrRx2aJszUXNnw7Uswr6bSyMij6gGvTAjxCjZOwsg747Icqpr7A Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0b933c32cfaa7e4af05ad40386a79b9a.safeframe.googlesyndication.com
ad.turn.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ae-gmtdmp.mookie1.com
ajax.aspnetcdn.com
ajax.googleapis.com
analytics.twitter.com
api-js.datadome.co
api.permutive.com
app.jubnaadserve.com
b1sync.zemanta.com
b1t-eudc1.zemanta.com
c.bing.com
c.evidon.com
c1.adform.net
cdn.foxpush.net
cdn.jubna.com
cdn.jubnaadserve.com
cdn.permutive.com
clicks.zwaar.org
cm.g.doubleclick.net
collector.effectivemeasure.net
connect.facebook.net
db419a540064ae9752e96da4b89d3bc5.safeframe.googlesyndication.com
detect-survey.effectivemeasure.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
f3a06674-ebb9-4b9d-ba8f-0052018c0687.prmutv.co
fw.adsafeprotected.com
gcm.ctnsnet.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.3lift.com
ib.adnxs.com
image6.pubmatic.com
js.datadome.co
json.foxpush.com
l.evidon.com
list.mailigen.com
match.adsrvr.org
mb.moatads.com
mena-gmtdmp.mookie1.com
nawa3em.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.addtoany.com
static.ads-twitter.com
static.adsafeprotected.com
stats.g.doubleclick.net
survey.effectivemeasure.net
sync.1rx.io
sync.adaptv.advertising.com
sync.targeting.unrulymedia.com
t.co
t.effectivemeasure.net
tlx.3lift.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
widgets.zemanta.com
www.facebook.com
www.foxpush.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.nawa3em.com
x.bidswitch.net
z.moatads.com
zem.outbrainimg.com
google2waycm.netmng.com
www.google-analytics.com
104.111.244.187
104.19.149.54
104.244.42.131
104.244.42.5
13.32.121.37
142.250.181.226
142.250.185.194
142.250.185.67
142.250.185.97
142.250.186.129
142.250.186.34
142.250.186.98
151.101.12.157
151.101.14.132
151.101.2.132
152.199.19.160
159.135.137.162
172.67.142.218
18.156.0.31
18.157.172.39
18.158.154.136
18.169.85.185
18.194.231.4
18.196.167.61
18.66.122.7
18.66.97.105
18.66.97.52
185.33.221.50
198.47.127.19
2.21.141.232
2.21.143.57
2001:678:cb4:bbbb::11
213.19.147.44
213.227.153.220
2600:9000:2156:0:8:48e:53c0:93a1
2600:9000:2251:1000:1f:612c:5a80:93a1
2600:9000:225e:d400:1e:aead:3c80:93a1
2606:4700:10::6816:46c5
2606:4700:20::681a:aa2
2606:4700:3032::ac43:d706
2606:4700:3034::6815:648
2620:119:50e7:101::9002:e05
2620:1ec:c11::200
2a00:1288:110:c305::8000
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:813::2006
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:400c:c07::9c
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.250.255.173
34.107.254.252
34.227.252.121
35.186.193.173
35.186.238.175
35.190.0.66
35.241.9.51
35.71.131.137
37.157.5.142
52.2.183.88
52.202.90.208
52.46.130.91
52.50.243.239
52.56.247.114
54.156.215.112
64.202.112.63
66.155.71.25
76.223.111.18
8.43.72.97
00a269606af95f52ce213e5096cc3a079d73522bc4e3c398789038666bb1454a
03feacd7610b1b550455a96ac82373d52df3870f0db37af75aca953e68443d86
047e41bc55cae6d1679bbdfee65a5262ce073b3bd1ff4929057c4d8c31a0ff56
053e7af5899b13dbe6f3bb67381668ccf15373402c805ece14b05d6a12edf92f
075c0d13785dfbc7aa1e938bcfe59a87d9ee00f5f9e40ee51bb65cfc3efb0cfd
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9
087506310fc8e766ae44e78dbf85c00634c089e1bfd077f767fd8797f5f362f7
098977b123570b0826c2b3bea107a8dbd7b5e78d96c198be6cb51cd4a10dd6a8
0aeb4ecf1091b9c52c9fa0ba4dc118b1abafbd88a51278935e574f6baff0bb49
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0cc14154271d55d8c50e737c295a52997941695688aa7b0b1b708d16bd3b1fef
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
114987371a5d9ff96b210fa7e34e6e3ae463c88396ae3351d7a8b6112a0951f8
124a6df2b8fa004112f86d3e1faa7a84487aa50c744411375063001b4a99f295
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13a3016f9ee0cee1007d6ad8314f6ddf25f86cc9e0a906fd328f8dfc6e37c498
140c5b1fb28786a8b50e9c454b6897fb52efc2829dce042156a445123a4d868a
150030e97cca47ade7f9048d75bef6629a7b0c338f9b462ba74296fff38061a1
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
18621a54a00c2aaef42d06bc0681fac7fe4bad29e5bd8994ed4a0ae41e4b6653
1a67926c92697ffe5532c6ac849a60c5cbef91563fc95bc622d662dcdf200942
1cb8216505769e9fdf2fe5d83a903f2c7ccf9b9f239639a3e5609aa6e51b19af
1cf19f6cc925894c0ea1b468ecc3b91995cd99aeaae784662e3d1f2defcf9a77
1dd5319df9a79d0e71f7a1cc27b0b9609bb8e8c5296fc2f322864cb9e47dc44a
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
20ce63d9edc1c2aee134c440cfba7d0705d1c6c3c20461964b9310da22c2a5f2
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
25bcb3102605abdd4ef3fa54c2d2b30daaa54a4642a2c114a738844012d5ce49
2abc465f6cdac0dcdbcb3bc00dbee78b2aa4ef7459c734d056cfd585ced0e5f2
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
2f826a947a47c13c4af480b9b7853e9ca12d2873c67a9200f3c7a26f8cacae2d
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
32d7bc682354e1e70a6dd30feccc783263c13821038d67cf4805b94a2793d2f7
359e8d3584f81abbd87e602643b6c03954b30d62c76b163eb74b1553d2992711
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
383207adb12fd1158865ed6a9d442e80799766b8616f866656e62d9842381cf8
39c5031fa5e04352d50fff0f766f4c5f77f2e30a45fcf73d0470bd41cd041394
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d0b9ab0eeb58961e0d9dd621f2fef39fdaf3a319985b62842125fd3b15cde9a
3d9e4e2746d43307b86c4c18e6f79cc305d5a9dd770a03fedcb93fb459b8461c
3dcd51fa67a98db134b48dd71d42e72d52f7ee818741264e34327d8f40ebd2a3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
41d33852216a10659978fc9fb51ee96c64e0749dab92a60dbb0a44e99fbe552c
438da1276d1d3eda0a0ad7c3a798065015b616021e05b332c0a12c73b0d1de34
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4647ae2ed92911dbccb4bd3315ff0ff0aa811eab801986deabe98c6b31db8c73
4655ad4daa9e24e23165d03f03d375117839d30560d57a6c4e28d09b39bf2971
4839563ab2e13a71b3687fd4c80038104836c90f277772aa448474418169f121
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68
4a335f5eeedb6ae6da2c9f072bf4b00f5cbb93b0962a405ed5583d1490650474
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e39db78d9e511e7f911894ed7b9cd4947de43a35fc4491e153faf7569968454
4f283e059317edafc4c3597769c4a55c9715d45d33e2d682e41b374d616593ae
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50f6de6fee9df0dec65171f6a4a5811dca944b048e0b779ba31ca1b766c16298
5130eb2b26589edc79df541561e0c40469fdb05a7a75566a61e580e1d473254e
52e7c726d9751065d7911b3188b95b0b7a873fae3b5d93cf54f9b0368d916b49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54f4013748dd2ffead8e438f96340d290f51bd3b3c6af2a6c4b8f68eb58ffd07
59696ce2bd0bc9942cd8a9be9aa7540323402c77a28d79c7ae093245335857b9
597c79019b8022a3d09e62b23c65a544c95300bab1e68e9b5f85084a32670d88
5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266
5df3d35ff73222056b2477304de4598f2f2dfe72b8c405eae06cf51113608179
657789d4c08945ff9f19b40ae8f7b9077fb296c8201725aa82ae9ba861d1e1b8
66ba74f053fcee3ab5bfe60d5f4d3c62cee01535ce88be5521542da16771b553
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b350bcd4ef036388aa7bd9bc43eccb48ea9d1d350a69f9d98c551c68b1608b4
6e81a5fd85ad15cde62256de06f348b516f6b1a45016c31ed8a0081bff9fc206
719406378d73a2b1efbb74125cc24d19c7f8df4a4031ebc3908ca250ebdfcd5d
724d5e151b4ba82f7eaf29667bed3a5ae2167a00343cfbcf2ebed5df806d914e
746d5b1c29eb5e4f93d30ff972aeade5e6a616348a03055fe2201b333b900c90
75ff9ed4493b32310094826e703a8be5bce10d31eaa682c182adde38f9366bdc
7663b6ee87260f0e0f8807e000c05acd26fbc4ea3e8981d063d1295f443ea408
77c43ff0f810dd809416be5f1142eef6d512ef4ac4bae656df1d7cea5fe4c72f
792d4a70e724f416b1adf19a79d8602ad32bcd45f255a6937b131b3c5377981a
799da33d2330a2e521d149ccdda293077c0807e63ee21b9366dfc7da80909b0d
79bfa87e26a3f2c23967ec0c41a696316f760922c35cbea46c70fd50b51460f8
79c60a7febfc66e04d2ef222f332640ff1bcbc70a77f5c02f6517b1f546336aa
7b2ce0d77d6fe403e31483d94913f5f153d228ceefcea8c167edf1cf6eded0e2
7c449ee2320f6402f4637e49dec0bc7dffee49c606e86a2eab5553a4a3695171
7e5f390f3c6fdfbc8f3d113d198210ca633424907ed786d2ddcb67056376e806
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
82c3e66a9735ac8dbf6535f5fa081814361c223d028c8495b25d6cf28f42a851
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
84554758a736af6b2db380660060292027ea7eecf19d80f56c0a607b68e35843
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8713f00ac018d68aee92c7379c1f29d309d918ab5f4d51194327c22b060262d9
87f713056c81aba30f92daf6a8f9ee0f658c543e38b8e691b84bd2734b4660af
89ebb26a12f061e1e9df4728a22d9aab5c9141e47e3a594a1d7f179e02f5be4f
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8c12b98655d7840631715602d6afa9c2c57c2b2f345a9f015f8af456b76f5a59
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e297a19022cb164977e46e2cce4b9df5d0e5ed37d81239fc0581efe60a77234
8e7a602e420b13bf0ec8bc909755748532f62765968b211fc33c1b15f5b12a8e
90e96b8ddeddfd57732f5a8da1654a24c24e10692703d3cbaa203ba9164b1c0f
9289d76f5985fd2891823972cc3b101c27d1e1f5824254a29653a5affeae79fc
938c77a89e7d38efbff80ca2324b5191f90c6d790c247e0aabaae93bd62a7763
94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef
987a26560f62eec7ac308e5a37f0a8b2374fb9786edf741bfe957201c0320cd3
99a0f877d68ef4239566c67e6afb147b70132a432660e246b2f6034deb8e5b89
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99e662be938c04bbb89a28971e86e5cc882e88d78f01631b1f1d5a8c90d0bc0c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bdacad60e7453946469c03609e6bf586bf7a08479c6e2cf7568749f85fe8045
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e101c459921e95be83e16839a6e4e3ee26b76928ba3faef8397c8fbeadda7c5
9f34decfbbd16daf934f121db07e115382dac6178794ade8067719df99decf0e
9fda28281da23832cb92c60d328c4f881b55fd15778d2eade201ceb04832569e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a062dc5d11b8c7eec19cbd0d3c1d2b7c6064e0493bf8b73f73aa956a357a7a52
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a21a1e7b26164842ced539a86ceea506931c4a6c511a18e35bb2b356508d572e
a36798a5ed130a0c7c380074c244d1043173ff3ffe192b7e092d798accafbfe9
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a73d090d53ab980bddb3411be0853cfd976b978b77130ff3615fd812a93db2d4
a79c458c1be2a5198a44e1d659d425aaae9b0dc25a8692606e5a366e476949ea
a88904ba415012e49b6bc2643b713ed88a92eb0dea74a172b39c821072387a4a
a9e9ce0f2fe232bf31c9f446a35568c225e8027eee116261a16fdc33170641cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae541ac1f906334afea0ed870a8680217d869f184a12d5e40a9712ab74cee403
aeb062b3d5f8c2b1b1d5f090a3072340f89c4514b611199f9ced35b294e45188
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2099c6c8aa2834919e75ee868046957309e7cb0d7e8f6ae124c16147144af37
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b34970e47adc81fdf317468ef9fb8244e5eeb6584ceb9d647d466678859d6647
b3994c7cdb21eed1d8497fb7bd77befba6ad86f3c7d445a83f7fd840ed0ff70c
b6b2a6b0ecb3218b2f5da2dd045e7e5ebd1c4152a443b5642d9351a8e0a59d26
b6c9dd3a748782828441d959235f547c556ba84b5abf1da7f158f8221162a3f8
bad365573e1343d90b629df69f42bc09a643a4cb12a56f6294ae97a8f7ae04cf
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbbc829aa68f15f2e2f3cc36e7b8f05f8290dc8fee1377e1231ce0f90dfae57e
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be1c4031c965bdf06827008cc018d79cbed689468cd9be0e6810a56a5f6617d7
be7482fe76c6cf5f35a2cfff447360b8c0625f3c51a78826db2070834aa6c383
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f
c23aeace07f5e5962e24a5b7f2b7ac9ac9792345708b820d55c6b897edc0b22c
c4847310e5634ac24ce4f5cacdcb4819f47092a6d4a8836944569c8e9360ae75
c6c77aedeb6e532c85b27b54d9a43f92525b8e8de98b82ddbc15448f995c8fbd
c74a0076a5d70f4786a08e1b2679844ab333213bbfe5e943607571c9f7519cf6
c76e8205972210803277061869444661d43286435145bacbf077000fd1a5e401
c812ddc9e475d3e65d68a6b3b589ce598a2a5babb7afc55477d59215c4a38a40
c8d0e12bcee46c653f9bb941aea0691800e42cf7cb8e43d178215312a0240008
cb1b02f4dda8e8e64c28534fb8bd8c55fa3c69614d31ad13d39b05955cbb42b7
cb6ebd24bfa362f3ef3eb542e0b3d37784f0f6551be4eed626ab9958f8513c52
cbdbf1dd472c6ee81a9f63ab83f0ad5578277a97a515accea566f136a15ecc49
ce36fdea89e7aa0108703f38747e4b389fe5d30c2170ff9eda14790cc489e06c
d35f2b11af796bb5f5dbf368451a503a34d7bc85f2580c0f7735758f19a6b839
da94f33e6c7ec821c6b230b7de55cb0d6abb4819ae2179734f2dfccdd22caae0
dbdb174509d539355797461afe5dc2f86964ee8b3e959aa804f491a763b7816d
dd2ea5a3645dee759e55979c80220d2a18c5607ff56aa999635e5987b832bead
dd3ae658d92764786ba0806af5af69a9de6edbfea5cb9296ee509eff0c7ec999
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfe484e897d3cfddc0f5dd8983f99651ccffa6c0f459a705c2886b7aa208e74f
e02af7df9a190d88380e2dcec2050ecaa493ae2d23526dbeec67f6907df3a752
e0d71e9e83d526a320cdee881361d1abcf386a92a21c116a31976690453bc75c
e0dada58a803b8b0a332f5c4b4056bb7174d0091afb4ba20c4aaea7220222d75
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3eceff69f5a80c3b4ab190ba9551834eb47ce4219b348a01fb0e05eb562eefb
e567b34778c84cbb82c8f3f13939bdfc2ed41adac580133ad66ac5dc0ef2c341
e5c9e4a8e5518916b730e9fd83efe48ef42ced31b3f721bb94f966e8896af966
e62ca1eaa5187d6f70762cc4871ff7412cb4b5c8d63aa8dff42329f4dba15657
e72f6a91fa6a95334e8a521b46840830bedcbd2f1f619846c518334bda15ad89
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
ec80b7fe0fd4117bf415a6de42868a5c50d8af6152ee41610cb43afb266d83fd
ef1018685a8936df063d55f19f0398c76706bdd2dae6474bb01a3525f6a9d6f4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3254a1540922353e9b81877b82ff7d9a9b5680bb32c28611f6d42f058032ca1
f39bb6e06431ad5a852e5ad4754729e9aabdddcfaced175e465697da352eec35
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
fa7bede5d544a81280e6518ca955c7530731a1f7b959f6a2285c7afe3a0e8372
fbbe1611164e2a7bd0f2df1277fa74cf163d0408bb5bdeea9aaf1f0e1262ee9b
fd6321a73fa53c24f5ac39432a3eaf12305d410b415349e19278548b8a4deb75
ff9a7ca9b3edd93a56ac906a12a3c829730e6feb85d0483b48646258e0f0edc3

www.nawa3em.com Open in urlscan Pro 2606:4700:20::681a:aa2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

251 Requests

89 %HTTPS

32 %IPv6

55 Domains

83 Subdomains

66 IPs

8 Countries

3826 kBTransfer

10529 kBSize

65 Cookies

12 Outgoing links

Page URL History

Redirected requests

251 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nawa3em.com Open in urlscan Pro
2606:4700:20::681a:aa2 Public Scan

Screenshot
Live screenshot

Full Image

251
Requests

89 %
HTTPS

32 %
IPv6

55
Domains

83
Subdomains

66
IPs

8
Countries

3826 kB
Transfer

10529 kB
Size

65
Cookies

251 HTTP transactions
13 data transactions