www.mop-veins.tk Open in urlscan Pro
185.111.89.216 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.mop-veins.tk/
Submission: On November 17 via api (November 17th 2023, 3:28:05 pm UTC) from US — Scanned from DE

Summary HTTP 266 Redirects Behaviour Indicators

Summary

This website contacted 51 IPs in 10 countries across 37 domains to perform 266 HTTP transactions. The main IP is 185.111.89.216, located in Hungary and belongs to WEBSUPPORT-SRO-SK-AS, SK. The main domain is www.mop-veins.tk.

This is the only time www.mop-veins.tk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	185.111.89.216 185.111.89.216	51013 (WEBSUPPOR...) (WEBSUPPORT-SRO-SK-AS)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
52	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	79.172.215.131 79.172.215.131	42964 (SIGMANET-...) (SIGMANET-HU-AS)
7	193.201.190.54 193.201.190.54	62214 (RACKFORES...) (RACKFOREST-AS)
8	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:4bab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:4aab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0b::9d	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
10 16	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3 7	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
3	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 5	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
2 3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	23.56.205.163 23.56.205.163	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.42.237.35 13.42.237.35	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.41 18.66.147.41	16509 (AMAZON-02) (AMAZON-02)
1	18.154.63.65 18.154.63.65	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2 2	3.231.201.88 3.231.201.88	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:223... 2600:9000:223f:2c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.48 13.32.99.48	16509 (AMAZON-02) (AMAZON-02)
4	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	23.32.185.35 23.32.185.35	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
26	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	18.132.19.32 18.132.19.32	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2040	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	52.29.179.202 52.29.179.202	16509 (AMAZON-02) (AMAZON-02)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:92f3:67ff:ad62:4355	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
16	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	142.250.74.194 142.250.74.194	() ()
2	213.202.235.9 213.202.235.9	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 4	34.242.172.171 34.242.172.171	16509 (AMAZON-02) (AMAZON-02)
1	52.17.134.215 52.17.134.215	() ()
266	51

6 185.111.89.216 (Hungary)

ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: cpanel47.tarhelypark.hu

www.mop-veins.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.172.215.131 (Hungary)

ASN42964 (SIGMANET-HU-AS, HU)
PTR: backup.mx.tauri.hu

chris.tauri.hu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 193.201.190.54 (Hungary)

ASN62214 (RACKFOREST-AS, HU)
PTR: s01.okosvarosok.eu

www.mobilgo.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.mobilgo.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:4bab (United States)

ASN13335 (CLOUDFLARENET, US)

widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.98 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.212 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.206.38 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 94.130.102.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal900012.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.56.205.163 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-205-163.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.42.237.35 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-237-35.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-41.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.154.63.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-63-65.dus51.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.231.201.88 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-201-88.compute-1.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:2c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-48.fra60.r.cloudfront.net

cdn.lamp.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.32.185.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-35.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.132.19.32 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-19-32.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2040 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.179.202 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-179-202.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:92f3:67ff:ad62:4355 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.74.194 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.202.235.9 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.242.172.171 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-172-171.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.134.215 (None, )

ASN- ()

measure.lamp.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
81	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	748 KB
45	doubleclick.net 10 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 googleads4.g.doubleclick.net	259 KB
26	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	524 KB
24	criteo.net static.criteo.net — Cisco Umbrella Rank: 668 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10986 csm.eu.criteo.net — Cisco Umbrella Rank: 10557	877 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal900012.redintelligence.net — Cisco Umbrella Rank: 234700	38 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	479 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	778 KB
9	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	144 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	5 KB
7	mobilgo.eu www.mobilgo.eu m.mobilgo.eu	6 KB
6	mop-veins.tk www.mop-veins.tk	358 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	4 KB
4	demdex.net 2 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 131194	3 KB
4	criteo.com rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17732 ads.eu.criteo.com — Cisco Umbrella Rank: 10450 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11552 dis.criteo.com — Cisco Umbrella Rank: 597	57 KB
4	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1403	652 B
4	openx.net us-u.openx.net — Cisco Umbrella Rank: 522	644 B
4	adsafeprotected.com 2 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 736 static.adsafeprotected.com — Cisco Umbrella Rank: 587	1 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	30 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	4 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30616 api.webgains.io — Cisco Umbrella Rank: 91573	19 KB
3	medialead.de 2 redirects pv.medialead.de — Cisco Umbrella Rank: 44040	2 KB
2	exactag.com m.exactag.com — Cisco Umbrella Rank: 11905	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 912	2 KB
2	avct.cloud cdn.lamp.avct.cloud — Cisco Umbrella Rank: 7888 measure.lamp.avct.cloud	14 KB
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 74479	828 B
2	amung.us widgets.amung.us — Cisco Umbrella Rank: 28950 whos.amung.us — Cisco Umbrella Rank: 16137	4 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 746	388 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	715 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3451	104 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	463 B
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304	3 KB
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 62639	2 KB
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 18131	702 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 217997	923 B
1	tauri.hu chris.tauri.hu	3 KB
266	37

	Domain	Requested by
52	pagead2.googlesyndication.com	www.mop-veins.tk pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com ad.doubleclick.net
29	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com www.mop-veins.tk pagead2.googlesyndication.com
26	s0.2mdn.net	www.mop-veins.tk s0.2mdn.net googleads.g.doubleclick.net
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.mop-veins.tk
16	imageproxy.eu.criteo.net	ads.eu.criteo.com
16	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net www.mop-veins.tk
9	www.googletagservices.com	googleads.g.doubleclick.net www.mop-veins.tk www.googletagservices.com s0.2mdn.net
9	www.googletagmanager.com	www.google-analytics.com adv.office-partner.de www.googletagmanager.com m.mobilgo.eu
8	www.google-analytics.com	www.mop-veins.tk www.google-analytics.com m.mobilgo.eu
7	static.criteo.net	ads.eu.criteo.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	www.mop-veins.tk
6	m.mobilgo.eu	www.mobilgo.eu
6	www.mop-veins.tk	www.mop-veins.tk
5	hal900012.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900012.redintelligence.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	skydeutschland.demdex.net	2 redirects googleads.g.doubleclick.net
4	sync.teads.tv	googleads.g.doubleclick.net
4	us-u.openx.net	googleads.g.doubleclick.net
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900012.redintelligence.net
4	fonts.googleapis.com	www.mop-veins.tk hal900012.redintelligence.net googleads.g.doubleclick.net
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.gstatic.com	googleads.g.doubleclick.net
3	pv.medialead.de	2 redirects hal900012.redintelligence.net
3	ad.doubleclick.net	googleads.g.doubleclick.net www.googletagservices.com
2	m.exactag.com	googleads.g.doubleclick.net
2	pm.w55c.net	2 redirects
2	api.webgains.io	analytics.webgains.io
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	pixel.adsafeprotected.com	2 redirects
2	pb.media01.eu	hal900012.redintelligence.net googleads.g.doubleclick.net
1	measure.lamp.avct.cloud	cdn.lamp.avct.cloud
1	csm.eu.criteo.net	ads.eu.criteo.com
1	onetag-sys.com	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr3.eu.criteo.com	googleads.g.doubleclick.net
1	cdn.lamp.avct.cloud	www.mop-veins.tk
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	track.webgains.com	googleads.g.doubleclick.net
1	www.awin1.com	hal900012.redintelligence.net
1	adv.office-partner.de	hal900012.redintelligence.net
1	region1.google-analytics.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	whos.amung.us	widgets.amung.us
1	fonts.gstatic.com	fonts.googleapis.com
1	widgets.amung.us	www.mop-veins.tk
1	www.mobilgo.eu	www.mop-veins.tk
1	chris.tauri.hu	www.mop-veins.tk
266	55

This site contains no links.

Subject Issuer	Validity	Valid
*.mobilgo.eu Sectigo RSA Domain Validation Secure Server CA	`2023-07-22` - `2024-07-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
*.media01.eu RapidSSL TLS RSA CA G1	`2023-05-16` - `2024-05-15`	a year	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
pv.medialead.de R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
cdn.lamp.avocet.io Amazon RSA 2048 M01	`2023-02-24` - `2024-02-07`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-07` - `2023-12-30`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
*.lamp.avct.cloud R3	`2023-10-02` - `2023-12-31`	3 months	crt.sh

This page contains 41 frames:

Primary Page: http://www.mop-veins.tk/
Frame ID: 32F565FC795A195F550F1B572CDED70A
Requests: 22 HTTP requests in this frame

Frame: https://www.mobilgo.eu/x3.php
Frame ID: CFDBADDF912E0C769CB9C0A16FBCF7A4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html?hello=world
Frame ID: 11C6C910333509BCE25B10F56C40D74C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Frame ID: 6D733EC58A0B16C2D22382963541A37D
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&adk=1812271804&adf=3025194257&lmt=1700234879&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&dt=1700234879051&bpp=2&bdt=384&idt=379&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=395
Frame ID: AC5882A9D969BECE4A19824CCA33A45B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVT1-4Elcg6ObsdeuMv7l4E9D-w5I18HrjssJPPcu6awnHzuBdNh0a0Iwt-Day1Pe2cr42d9iS_wIKCzSMDftyREKWsP0MurnTny_Naii2llidMgjIkEtLOBrib42gO1HW56y3_Lkxit6cY3ngdBqsRs-8jtXQNT9XpjKxunL9lkbo3vr4
Frame ID: 0C40B2C748D2202C99A06EC44C77315D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 7400EDBEADC70E15B85F46378C5BA099
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 72F20A9BEA21528715EFFFFF136CF232
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 04C4A7A20F442FAA3D929C58307A0A65
Requests: 3 HTTP requests in this frame

Frame: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Frame ID: 8FD9F56330CDE448A6E0995F2C32AD31
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12
Frame ID: 2C5CBC4FA10F441F7EFB9973B6C2871B
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Frame ID: 93536DEAD79A52314441D47CFB034E52
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Frame ID: 264C2A2CB962F15D76213F3B57214D11
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Frame ID: 30F86C2498B8B09A13443A9D9A98C839
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Frame ID: 31B810AA5AE3BF5AB9EC1CFC9E64E783
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNWg3pKLDvKlQd9X2WGnIYFEdvVOWUoh5jmkyauPwmL-gnF46gtiWJhSVufESWjlrl9qeibQ54WBWAKNwdJIFDEeqbbKg2wt1w8y2nQQBUwvwKnSldjOhQHMnrcAkLJ_4j376LXxbYtuhea-0J8KuOQ_0X6JpsVWM8Mks6sAglrunSNSje0
Frame ID: AC584A8F39C197B9A516F9B2FA858822
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: C48CF1BFDBA267FD468E94E58CF1A337
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNV8l95OWSXx153JagsMO4WVBhaI12hKr-Hk_Rc9H6xo_DdDYeEz6wLPdz1e_OgRUXhim4c1KvJz6Caxk0OYgwff8lVXnG-vxFZDm6pjzoyUW1v_V8ltPHByJK0fXJ7pLWOfh3UG07FsTDSib9zbNZietsLMcQzfImhCt4Hl-Rd3u-j1w4E
Frame ID: 6C814E7A1036D1D909185C10D2122DC4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: A3DE65E8742E0E6AF6F22971C08EB3C2
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNXwJXWQ8iDxIu2waYvkigMikMD6KEMbr8gEXOB7SmhmnzzAj5wdH7_yY3uezglX92OFeiwxx46VIqqJnHryKJWNNWSSW6uUBcmwC9uK6wqpjWTFh4nW7iR1yIIdjmCZquAqeWmU1eC33j7UaV0QJje-9a6Gs2dS-nVbz0_BfNU4fbhAIss
Frame ID: 0B53335F043631CBA5B029695D2D7E27
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 0E0003C3420B2751F50A62946D40B525
Requests: 26 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 0CD230589BDE06B539EDD705D8A76DA7
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 58E4C586AFA2ED27F0F106E1B0D97A48
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVeGgQAEqQYGrSm_AAGXlLEEPuX2tGr76ri_GQ&u=%7C5wcN1Cu1QHVrB33oVvfvplKftgpypLoQK1VCl9NoTnk%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC86wYJKbg7yT2hRD2l8DRmMZSv7VrMzdxGvJ8JcCAUBvKKaYsZ9LZayWWV9ihXZTtNZFis_Qe2jHmgiDgGsJPkfnwSgtI_QoJBKum28goAOxc9JZrT4IOvlvX25_GKc2sJXmrwJ2dNeTUV1ehab23oBjuuSTwRsPuPlZHF9l19lCqoFL4ppOq63x022d7kDpDZh18ngGPk-Ub-u0Uog_WO4mJX9haNxMLfrCWLs6CggWnnCz6tnMtpLaVUZgbJUfz8kAUEHHLTZKYQFE5R04WXWtqzKhp4HwHS3POKJ2a2c-S_Xcx72ctDko8RYkb7hhvBEqM3B1qLs_LOwSQC7Cgj-JXaKi9QDN71wCUpsC-zfAQrGO0Sa6xJOwB9g_Cns9fAXF4IteciuVqjzoLimPbLRZPmkMLM6f_qcIAgYaL6RP_eNatl_u3Y6Hsh83LBxRIuR1BXgVz55D5Zr1d-Y7BihZj8_4mJM5EDjmZ3QLvhtzESNZ2yQikUBzpR1fZUu_BAtH1cIQN4g_IVeK0IWYtWOX4tH3YMWQNDOV4tV9IqxSqjv9lZeM7ovyk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRI1DgYZXZYbSEr_TtOUPlK-GmATJntKxXM3hkvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMDUzMTYzOTMxODgzODbIAQmpArslBQjVM7I-qAMByAMCqgTHAU_Q1h9J9D50mvZeBBCmWT--CtdLkCxPmLhkocn5Tzkky2D4_RzfctYDRBCvu0OaOSbEJOfi1LZ3BT5ejX3rj12x3aLAJ9pg6dBu-K6rOTOmVPurBgqowXKV4EwS1bAx94JluzOa5S-MNKdzfub9JN-dRxBwLqstW_BdsPrlwkIRjkddiIVZjzjrSbnZxhQXORTF8bQnOt_hhx9fC3zCYcBbcN4WP_CLxxWg_Ev3ZmFlm0EDY1Vu2pwwnwVaMtLdT5TI7OE3dvOABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3TjPI8sJ8Wjlbt_HiwP7DAkFI2Nw%26client%3Dca-pub-4105316393188386%26adurl%3D
Frame ID: C78B0351A06DA98ACD34C32BDB7BEF15
Requests: 26 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D56AFF109677248395C1ADDAC8CD2EC2
Requests: 9 HTTP requests in this frame

Frame: https://m.mobilgo.eu/lottozo-gorontay-andrea-vivien&op=1
Frame ID: F76E50E895985C04D81205AD8C4530BD
Requests: 3 HTTP requests in this frame

Frame: https://m.mobilgo.eu/muemlekek1968&op=1
Frame ID: E0B7AB115C6B98DB107880D94BB9E5A8
Requests: 3 HTTP requests in this frame

Frame: https://m.mobilgo.eu/elektromos_toltoallomas_nagyatad_107452&op=1
Frame ID: A31A21BCFDE89A16CF1766B408C2230E
Requests: 3 HTTP requests in this frame

Frame: https://m.mobilgo.eu/nemzetidohanyboltok002802&op=1
Frame ID: B53F3AC0E75AA4B2DFA39AC50418F45B
Requests: 3 HTTP requests in this frame

Frame: https://m.mobilgo.eu/muemlekek1020&op=1
Frame ID: 6FCAB47B6B9819A68973B45C11527700
Requests: 3 HTTP requests in this frame

Frame: https://m.mobilgo.eu/vend_csemege_budapest_30&op=1
Frame ID: B9E8526105B738A2732B74EF51B6A1DC
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Frame ID: 984444B78AD33C594886DA19F373D13B
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
Frame ID: 7D938873CD85DC9889C18AE391AEC85D
Requests: 6 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
Frame ID: 2810FF566018A843A32459F545EC0F99
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9AD58F4E8AB7C1CFEB0DA370E3321327
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 061D5EC2CA4FC9C6353C7FA82C8A11D6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D3351EB3AA84066C2D01AE0EFCC6CE47
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
Frame ID: 3A132C484CDC93D084106810F201392E
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 56536977D4457060CC652ACE66235B27
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A926B05A742B941C8DA60F277E325139
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D14642DE50C7BFCA9E0280DCC81F236C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MoP-Veins

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

266
Requests

87 %
HTTPS

46 %
IPv6

37
Domains

55
Subdomains

51
IPs

10
Countries

4359 kB
Transfer

10138 kB
Size

31
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 29

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

Request Chain 30

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVeGgPWDlW0anNfSGF8j4QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

Request Chain 31

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1

Request Chain 32

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D

Request Chain 39

https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D&documentReferer=http%3A%2F%2Fwww.mop-veins.tk%2F&ancestorOrigins=http%3A%2F%2Fwww.mop-veins.tk&random=4555412684439&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D&documentReferer=http%3A%2F%2Fwww.mop-veins.tk%2F&ancestorOrigins=http%3A%2F%2Fwww.mop-veins.tk&random=4555412684439&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 42

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=40579400101818504444550012511012&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 44

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=40579400101818504444550012511012&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 73

https://pixel.adsafeprotected.com/rfw/st/1676726/76173534/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014574277&ias_pubId=pub-4105316393188386&ias_chanId=1&ias_placementId=20700705264&bidurl=http://www.mop-veins.tk/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iZaeiqnVWuZZGsMHEjomPj HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

Request Chain 81

https://pixel.adsafeprotected.com/rfw/st/1676726/76173534/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014574277&ias_pubId=pub-4105316393188386&ias_chanId=1&ias_placementId=20700705264&bidurl=http://www.mop-veins.tk/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0g3BiKbZX7MIGUiKKJ4PCgE HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

Request Chain 105

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVeGgPWDlW0anNfSGF8j4QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1

Request Chain 107

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1

Request Chain 133

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 161

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cver=1&google_push=AXcoOmTyQWKOJnATDeHGwuji2Bf587mvNW33b14erWXrZrepKynH4ANcafdDUPn8l82gXxiS4KNgIBEdBnOaRftGpJ5W5q0YAqzq3ZM HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cver=1&google_push=AXcoOmTyQWKOJnATDeHGwuji2Bf587mvNW33b14erWXrZrepKynH4ANcafdDUPn8l82gXxiS4KNgIBEdBnOaRftGpJ5W5q0YAqzq3ZM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXl0emtSRHoxUjQwTGc1&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cver=1&google_push=AXcoOmTyQWKOJnATDeHGwuji2Bf587mvNW33b14erWXrZrepKynH4ANcafdDUPn8l82gXxiS4KNgIBEdBnOaRftGpJ5W5q0YAqzq3ZM

Request Chain 163

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEPNt6Y3-Vdy6WCKTunjnHjk&google_cver=1&google_push=AXcoOmRjA8wAtnA5gZ7xkrqP--XXpRjJ9xzsKhp-A3At-WSpKEUBFUILUfC39TKp88lCaNOD6RbRgk4kDt5Db4fMgYPcQPGNomKETQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRjA8wAtnA5gZ7xkrqP--XXpRjJ9xzsKhp-A3At-WSpKEUBFUILUfC39TKp88lCaNOD6RbRgk4kDt5Db4fMgYPcQPGNomKETQ&google_hm=eS1RVkVGY0xoRTJwSFp5QUsybGIxVi4xNmtVYU5SeFRDMn5B

Request Chain 165

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKqVGcPkuPLQnOeKIT28jfg&google_cver=1&google_push=AXcoOmTnMLWBvLcx_hEYvIKtvN2u5Ykqsi5KbNQmfePP9e8tXcJdWBaq4HOPxoTpSIfoBRaveBmrmoj43DYZFwAkVi0jiKoy-DxzbL8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTnMLWBvLcx_hEYvIKtvN2u5Ykqsi5KbNQmfePP9e8tXcJdWBaq4HOPxoTpSIfoBRaveBmrmoj43DYZFwAkVi0jiKoy-DxzbL8

Request Chain 186

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=662341003&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=662341003&gdpr=&gdpr_consent=

Request Chain 191

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=3472482522&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=3472482522&gdpr=&gdpr_consent=

266 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.mop-veins.tk/ 24 KB
8 KB 617ms
39ms Document
text/html 185.111.89.216
WEBSUPPORT-SRO-SK-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.mop-veins.tk/
Protocol: HTTP/1.1
Server: 185.111.89.216 , Hungary, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS: cpanel47.tarhelypark.hu
Software: Apache /
Resource Hash: 8a30710606df0e96a6fed5ef1b8d243058e3e2adeddb6edf2d5ee1c2cf755e98

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive, Keep-Alive
Content-Encoding: gzip
Content-Length: 8339
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:27:58 GMT
Keep-Alive: timeout=5, max=200
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding,User-Agent

GET
H/1.1 200
OK power-cata.js Show response
www.mop-veins.tk/power/ 10 KB
4 KB 27ms
26ms Script
application/javascript 185.111.89.216
WEBSUPPORT-SRO-SK-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.mop-veins.tk/power/power-cata.js
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/
Protocol: HTTP/1.1
Server: 185.111.89.216 , Hungary, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS: cpanel47.tarhelypark.hu
Software: Apache /
Resource Hash: 9a6ca90cfd38a578bcd19e8a64f55346b8c39ab70e38bbb614829ccd6d980584

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Mar 2015 11:27:02 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Content-Length: 4152

GET
H/1.1 200
OK style.css
www.mop-veins.tk/new/ 73 KB
13 KB 49ms
28ms Stylesheet
text/css 185.111.89.216
WEBSUPPORT-SRO-SK-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.mop-veins.tk/new/style.css?ver=0.7
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/
Protocol: HTTP/1.1
Server: 185.111.89.216 , Hungary, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS: cpanel47.tarhelypark.hu
Software: Apache /
Resource Hash: bc86db442d52bb08d80ba6967bc1f08ed7d6d954e374291ad19b8dd1a8bed27e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Mar 2015 17:00:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Upgrade: h2,h2c
Content-Type: text/css
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Content-Length: 13333

GET
H/1.1 200
OK css
fonts.googleapis.com/ 8 KB
1 KB 112ms
61ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Titillium+Web:400,200,300,300italic,600,600italic,700,700italic,400italic,200italic,900&subset=latin,latin-ext

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

HTTP/1.1

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

48a56b3b18390376e5d7a17a9126d573860e135a0c33cd7f0823978c5df01835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Fri, 17 Nov 2023 15:27:58 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 17 Nov 2023 15:27:58 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 154 KB
55 KB 159ms
105ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

HTTP/1.1

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39577f73425d3a1bedb2e61901a6de0a4d0266a78947f6e6df6549e6a102e122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Length: 56147
X-XSS-Protection: 0
Server: cafe
ETag: 6245003307340008106
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=3600
Timing-Allow-Origin: *
Expires: Fri, 17 Nov 2023 15:27:58 GMT

GET
H/1.1 200
OK power.css
chris.tauri.hu/work/tdb/ 3 KB
3 KB 132ms
22ms Stylesheet
text/css 79.172.215.131
SIGMANET-HU-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://chris.tauri.hu/work/tdb/power.css
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/power/power-cata.js
Protocol: HTTP/1.1
Server: 79.172.215.131 , Hungary, ASN42964 (SIGMANET-HU-AS, HU),
Reverse DNS: backup.mx.tauri.hu
Software: nginx/1.14.2 /
Resource Hash: 9c991bd785f4ab396919fb62908a96434d7c8547845fc634488a41b588e1acc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Last-Modified: Sat, 24 Sep 2011 13:27:00 GMT
Server: nginx/1.14.2
ETag: "4e7ddaa4-b9e"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2974

GET
H/1.1 200
OK x3.php Show response
www.mobilgo.eu/ Frame CFDB 671 B
693 B 3325ms
3146ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mobilgo.eu/x3.php

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

257d56cac28bbfb0de9772f6f9159d145cf3dd565c6bde1a00a85514ba62370a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 215
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:27:58 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

52 KB
21 KB

162ms
51ms

Script
text/javascript

2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5897
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK egypixel.jpg
www.mop-veins.tk/new/ 14 KB
14 KB 26ms
26ms Image
image/jpeg 185.111.89.216
WEBSUPPORT-SRO-SK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mop-veins.tk/new/egypixel.jpg
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/new/style.css?ver=0.7
Protocol: HTTP/1.1
Server: 185.111.89.216 , Hungary, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS: cpanel47.tarhelypark.hu
Software: Apache /
Resource Hash: c3c6c07a63f714d29412e5d3065c9e9e231b2d392124f12ae9c320cf930c68ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/new/style.css?ver=0.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Last-Modified: Wed, 11 Mar 2015 11:27:02 GMT
Server: Apache
Content-Type: image/jpeg
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Content-Length: 14191

GET
H/1.1 200
OK small.js Show response
widgets.amung.us/ 8 KB
4 KB 51ms
24ms Script
application/x-javascript 2606:4700:10::6816:4bab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://widgets.amung.us/small.js
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
content-encoding: gzip
CF-Cache-Status: HIT
last-modified: Thu, 12 Jan 2023 17:19:22 GMT
Server: cloudflare
Age: 2107
etag: W/"63c0411a-2170"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
Connection: keep-alive
CF-RAY: 82790038aa430418-FRA
expires: Sat, 18 Nov 2023 14:52:51 GMT

GET
H/1.1 200
OK teto.jpg
www.mop-veins.tk/new/ 270 KB
270 KB 24ms
24ms Image
image/jpeg 185.111.89.216
WEBSUPPORT-SRO-SK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mop-veins.tk/new/teto.jpg
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/new/style.css?ver=0.7
Protocol: HTTP/1.1
Server: 185.111.89.216 , Hungary, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS: cpanel47.tarhelypark.hu
Software: Apache /
Resource Hash: 6330e7f7120aed7b1686b171f6ce73e162e91e8fa6e4787a4c11925a96d819d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/new/style.css?ver=0.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Last-Modified: Sun, 15 Mar 2015 10:00:31 GMT
Server: Apache
Content-Type: image/jpeg
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Content-Length: 276158

GET
H/1.1 200
OK footerback.jpg
www.mop-veins.tk/new/ 47 KB
48 KB 46ms
26ms Image
image/jpeg 185.111.89.216
WEBSUPPORT-SRO-SK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mop-veins.tk/new/footerback.jpg
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/new/style.css?ver=0.7
Protocol: HTTP/1.1
Server: 185.111.89.216 , Hungary, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS: cpanel47.tarhelypark.hu
Software: Apache /
Resource Hash: 0dfbca2c5c1a3e89e8ed72df35d86429221e717de4262d4492c89c0543cfd278

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/new/style.css?ver=0.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:58 GMT
Last-Modified: Wed, 11 Mar 2015 11:27:02 GMT
Server: Apache
Content-Type: image/jpeg
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Content-Length: 48539

GET
H/1.1 200
OK NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 12 KB
13 KB 116ms
53ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Titillium+Web:400,200,300,300italic,600,600italic,700,700italic,400italic,200italic,900&subset=latin,latin-ext

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://www.mop-veins.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Wed, 15 Nov 2023 21:55:07 GMT
X-Content-Type-Options: nosniff
Age: 149571
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 12372
X-XSS-Protection: 0
Last-Modified: Thu, 24 Aug 2023 20:30:13 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Thu, 14 Nov 2024 21:55:07 GMT

GET
H/1.1 200
OK / Show response
whos.amung.us/pingjs/ 30 B
314 B 159ms
127ms Script
text/javascript 2606:4700:10::6816:4aab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://whos.amung.us/pingjs/?k=rkzjqwzm43do&t=MoP-Veins&c=s&x=http%3A%2F%2Fwww.mop-veins.tk%2F&y=&a=0&d=0.747&v=27&r=8308
Requested by: Host: widgets.amung.us
URL: http://widgets.amung.us/small.js
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97ce93d1133eaad74cd8663e5b4d2a0371fb3e1953c0a8035ebbbb993239a9e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:27:59 GMT
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
CF-RAY: 827900392a0abb3b-FRA

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
222 B 59ms
57ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=211620996&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mop-veins.tk%2F&ul=en-us&de=UTF-8&dt=MoP-Veins&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEABAAAAACAAI~&jid=562668445&gjid=1645041953&cid=510651855.1700234879&tid=UA-60611243-1&_gid=1357289584.1700234879&_slc=1&z=1656896610

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

c1f01c392b1780cd46d0704b1c0c3bac211d676d12855ecd078d96adf2bf9c30

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.mop-veins.tk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:27:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.mop-veins.tk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
347 B 164ms
54ms XHR
text/plain 2a00:1450:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-60611243-1&cid=510651855.1700234879&jid=562668445&gjid=1645041953&_gid=1357289584.1700234879&_u=IGBAgEABAAAAAGAAI~&z=772808411

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.mop-veins.tk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 17 Nov 2023 15:27:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.mop-veins.tk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 397 KB
135 KB 230ms
119ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4105316393188386&plah=www.mop-veins.tk&bust=31079756

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ab127fa9650a6bef6d6a2a0111e8d24556901149002547fad11da0ec55f6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:27:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137291
x-xss-protection: 0
server: cafe
etag: 9234030319262090057
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:27:59 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 11C6 9 KB
4 KB 163ms
50ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 17:16:38 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 17:16:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
81 KB 188ms
70ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K89DWMDNXG&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0e5c3f70d47b56302aeb2bce54f9dd48084b73c6dacf350a458cdc870f2c1d7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82878
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:27:59 GMT

GET
DATA 200
OK truncated
/ 439 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 116ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-K89DWMDNXG&gtm=45je3b81v9124763809&_p=1700234879057&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=510651855.1700234879&ir=1&_eu=EBAI&_s=1&dl=http%3A%2F%2Fwww.mop-veins.tk%2F&dt=MoP-Veins&sid=1700234879&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1352
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K89DWMDNXG&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:27:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.mop-veins.tk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6D73 25 KB
11 KB 560ms
558ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4105316393188386&plah=www.mop-veins.tk&bust=31079756

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d7d8669a8504ad00daf6a398529f8828dcd7ff604ac1d1581d8d639ec8d4184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:27:59 GMT
expires: Fri, 17 Nov 2023 15:27:59 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AC58 330 KB
72 KB 1470ms
1469ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&adk=1812271804&adf=3025194257&lmt=1700234879&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&dt=1700234879051&bpp=2&bdt=384&idt=379&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=395

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2701e6f4346aeb04ffb2c428bdd0b9fdbe4de4873e35fb50afe46b2420a0876e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 73405
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:00 GMT
expires: Fri, 17 Nov 2023 15:28:00 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D73 42 B
110 B 89ms
88ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ba4Ac_CDePAmrftjbwLrIx1YHo6heQhkE5ZJY1FTJ7uDWNIF9dY9024VVzs_fQPOT50Q2sAOSi6bLX6BPwdlQNAixOGxgprK0fMIDj92Lbm5ECkAg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D73 0
121 B 85ms
84ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=815572986666956956&x=1&ct=77

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0C40 624 B
246 B 96ms
94ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVT1-4Elcg6ObsdeuMv7l4E9D-w5I18HrjssJPPcu6awnHzuBdNh0a0Iwt-Day1Pe2cr42d9iS_wIKCzSMDftyREKWsP0MurnTny_Naii2llidMgjIkEtLOBrib42gO1HW56y3_Lkxit6cY3ngdBqsRs-8jtXQNT9XpjKxunL9lkbo3vr4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:00 GMT
expires: Fri, 17 Nov 2023 15:28:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6D73 89 KB
31 KB 145ms
141ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6D73 3 KB
1 KB 189ms
60ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 11:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16023
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:00:57 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6D73 20 KB
9 KB 182ms
54ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58262
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D73 203 KB
64 KB 203ms
76ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0C40
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

43 B
766 B

21ms
19ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVT1-4Elcg6ObsdeuMv7l4E9D-w5I18HrjssJPPcu6awnHzuBdNh0a0Iwt-Day1Pe2cr42d9iS_wIKCzSMDftyREKWsP0MurnTny_Naii2llidMgjIkEtLOBrib42gO1HW56y3_Lkxit6cY3ngdBqsRs-8jtXQNT9XpjKxunL9lkbo3vr4
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQKcUVPv9RrTVkKhC2nbni43VF9Cz78WXC3I%2FEvNMoOqzmmW7%2BP9vb4y0acoVThRpcTSPYU0TlWPo61kvh2Yi8C04dH7Aq8rFtznVAMfCc2XWCzmAeeF4WHjzSmyMSq5ZcB68luJWwwoEg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82790041ab081cc9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0C40
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVeGgPWDlW0anNfSGF8j4QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

43 B
737 B

30ms
29ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVT1-4Elcg6ObsdeuMv7l4E9D-w5I18HrjssJPPcu6awnHzuBdNh0a0Iwt-Day1Pe2cr42d9iS_wIKCzSMDftyREKWsP0MurnTny_Naii2llidMgjIkEtLOBrib42gO1HW56y3_Lkxit6cY3ngdBqsRs-8jtXQNT9XpjKxunL9lkbo3vr4
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkz%2BE4Gd0%2FRGy3Yl9RW50lrqrfQ2p1Sas%2BZQ0BAQGhmCxG%2Fc9lB9kMC8x32AJLPBe0oXR0vaGC%2BugaFWE0iYm9umvzBYJlg9FgyDDB%2FVaLmn1%2FypXGxVUGaN84Vl5uHWz8Bsddjw8S8HjA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82790041bb1f1cc9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 0C40
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1

43 B
845 B

19ms
14ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVT1-4Elcg6ObsdeuMv7l4E9D-w5I18HrjssJPPcu6awnHzuBdNh0a0Iwt-Day1Pe2cr42d9iS_wIKCzSMDftyREKWsP0MurnTny_Naii2llidMgjIkEtLOBrib42gO1HW56y3_Lkxit6cY3ngdBqsRs-8jtXQNT9XpjKxunL9lkbo3vr4

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
an-x-request-uuid: 1cd09954-688d-4f71-8146-e23f7d327fe1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.145; 185.213.155.145; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0C40
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D

170 B
243 B

58ms
51ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
an-x-request-uuid: fed11f65-661f-45f9-a4c0-1156dc4210f8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D
x-proxy-origin: 185.213.155.145; 185.213.155.145; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D73 0
20 B 91ms
90ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4406057998413&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D73 0
20 B 92ms
91ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4406057998413&version=m202309260101&ct=77&x=1&cor=815572986666956900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6D73 20 KB
14 KB 243ms
242ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRB6isgG4HYN2gXaSIsrAJZB2TPkhW3y3nouydXNBDqtShTkw2-kTJ0sn94m96vaT_1gy0NPu1U1K1KyIaEc_06uO-h4Z6R8wxA8YvUy5yZLhs7lW8LKqHh4TfWgw8GJ4rLSvYQfbmM0DUUUnK0EHVhMIGl-01zcqS-FaeBBFJ6hIc4Ds&cry=1&dbm_d=AKAmf-AmfbOcnVItez3GhxIfKZe_wTpVrcpRgUs0EjjRmYD9Df56rWWlTeGIBsOx8CLe6SWCn0MynWfqkBgkUkdFEMSq-JGr1TU5Kgwopfq1H8Y1SQ5CbKl084SB_5YTpsV9TH_uVaoJRw8Vvq4EgoHTbMlHMMzyqARRFq-qMI2--xVcN-B93QOJk9L2oBlx1telFw7V0aGAoeKEtD2vpn1nU4IHdNzQBGMsapC2t5yk2VaeKnzqdwHRyfNyb6CGC19hsLoKvVfjO4eccPexHVsxSVA0IfHX0_JPb47xLv5ZRxQFOBninPZ7r14ppt7uLMACDivyMv7wXAMvwnd23B0NKY0Ybbd2XnKWgY4BzOT_luGcpfSBv-auNDCuSRUthjJQAuCqfpqclkEVKC1_Y8jaeNIhYYk6US3Fq1hb7HmGDPww-Nfr9LOlzwya44PZaE9ukyI5HldfYSrmtMHP7jJ34cMeRH3AgHuqsWIww76kez4sESTQXQ43VvTbriXuv-d1lGioz4ooWvV1DrCxNz7bs67iN60gZHHdSn6pTI2V1n8i8xtShagegtUnJiBSXuoVtrjbE6t6RWvbAf4MReS7h7skuCuc3H13lPHQtnCe4gayUS20e47zweDchqRiklG9bPI0HZmkkfWCJBdo_ZSkvSzLbt7zzlLFg1EUSTtSV869rYSZRPJEDQRynVHYy19Vvk_zQIxp9wlA-wpM15ss-ETjbi_CH_PxeYGE54tO3q5guYrT5ObWT70_7mA9gccQLl3_N0yZmHBIi2bnmHDbXmyp0CUWbP3TbWbK41kKcic4eVkt9M9HsYanv9_4CVWnsjH11R5ZJOInB7H-oBCgO0voiTqNdwTIZ5jyEDP9Pjp_KNNozk0UqzcgDVEFA7ghmChgSJqVInDZxrdzYPKxp1gG3Ycw1tn2q6OmchPK9rlwB0H-LsMmein5o1Bi8GDr_V5Knn8b_kRAgL8WD4YlfD7maM2D_b-06c0z1M4hOj77aGubz0mzB2kJjxa4MwuEzfzW41UTlvrIqUkKENlTRtL1e4Fw06DfdTOeci2TtYjVVPZkv4Dpf9IWcA8zEUpbGHPg0Q-wwfCNDaOj3PWodOpclHMy6SMMagZX18B968Elpco9xa14BGzjn3kVGo8c4NLfrO-ZwWdK02IlbrIoSVIOPfkxdBOvvoqFperC6nfSGaJZruby82ifwuZ9WtzXke--59IalNRgU-rLMbcGyLudmf401WM-SeHMnW2ygWIbDE0YJwTCNr887xT3UQpfZ1PL_oCmWHWNYDw6UR9QPFQirZl5mazgrBZMdaJl9jR0JHI5qU6MMOTpTOi1KR2uvkGX4zYDRSxjmiL05sWSUsPRQQSsYVU49_wlXyBfhFGg88zTzELCXIJb-Si12CFDbylpXQvMO5W7OW8huvm_Yz2y2h0V3hm1qswVIP5CQXGDvQO-lZUujQvZmx-NfjYL2HyvfshX63XEmtOpRIakHmrRUDr_VZOCgaerMWtwqyJwUDK7woEKz-G1ggx4kvWmwzMcvtVCSoXZ0BHOV5NtT_3BuXsqXUHKHJkeQ-5eEjPRm1qXddIKnEZfUgaZWc-3ANXTOzybyT65oEjYx9fjdeYm7usO4GOuFQ8_w3ymhtQZY1FLDfOsqsb_0W5a4Al05fIETgBQeW24ZHm_zph1gGFsU3DF80mmnPKwB9i9WJ8Cpeil_Jro-L43yQ3VK3FDzO5obv1Hj-XXun1b5yrugHOIxXrQvATQtAvFEbO3gqIiFTwGYGJZjgQGmmTdbjnE4386J8oTaLLwsa5PFKgnBkulWjkIGxusxEZi_Bt9b55IeMAOqxqN9e7RM-eeNxYdaP3eEzynG3r-Mqw3gHV3LUFz5CSsVFoPUG2XAvZXX0dTC4lQaN99uct1ApDx5LII4xesbBiK8kS230-yMXmCUWjQRktvgh1X8FOe1B-KFXS_aBcTrugWYbYqNVWBfm70HcnnSRjc7jz67ifAsZBib-tLJAKK3ubfIdqBn9odqrNqUJpT5b2PkrWzt-PNLMZ6R7LukzwMUjefVYwVAN0mJ4IRMSppfbJY_7KeMjawabkh2kZfInh-Xbo-uqgqYWu_Dfzn3OFYylLbAh6MfOpuvK89PNu5XdUUBnaJwAkSLCjMK_msga-wM-QwwaDpK8Q6cu5GifK3pCGzDad-hBls508SPRZUo9e1DuxwJakIblKFW4XpY4R_rVLA3tR7a5RPX41gTkqwc9ptlLsS9yM9T8fUlDsvH6YfG80o6ONs51PaGG178MNMOC-P6hNA861J6G5VaYu2DpmFK8eQd862qoo0AcbzjNDBSNvtcw14vhszogizzE4GBoNri6yX66Gh4DZqurV03263ckRU02uWua7uNoudLlSeMykA2Cypj2MwUQLatrQYIHnRyFeTHMHX4Y-23HGYx9v8uAzW5J_aMXOx4EDvqX0nG9hM8vs54v_PJiJR54-E1AoKlXcQ8oRVPEDOhvaOtnDVwhbekPpUX4dAIwWT5u42Wqvqgf2R9aFJBiGg0m16TAMin0md6-syEUXv-3c8KRtwiU1NMtqYI6LcRoVb3aJSKG5ZAX8DyIN9LxUzHGMy5RHNvFVlvyPfM2ukR7LiAMNI9F4ohZi3Go0rTPW1G0GrSgLi5fUF0uufWvJSgwATHQLoMccKvOptGMGKm_s3MhKbvLq57NK72j36LFRGBrXGE3n3AgNHJq4xnbrx3GV5NHbw2vfMPppPtMedDRJrJRUU0XzMyiGP5YBY2OLZI-GaBP09brr4knPVkEsV6kbe_YIcL3hWT0I_cvPWRjaasEe2zP7IbmzyfNuj_LfBlI1I-okXuNsHveG4Un4qltmw5djYtRYN3ziIkvhu_4d5OFktA_dN0uOYIYX41nlhmntX1tyibDEZ4fErQtZjFX4WD-CzFjycJ3fLMQKEv54v8MZniBSNavYPW3Doj6_yoY4YSwgBp52BGb1B4TSPIeK4mW-cQ2lChJ8kvPooqLTV3ce8NTCbl2zFXyPqXNyncpu8Enxc-95F95el9gg6LXZ_5JQymSoATyrAHeXMUbN0NA-fSJxcncS74mvPLV9m_GhIbm8FG1vWPbnABSgIGt6IfE1AI3RP3Um77LFnvQhT5LtnyzKjhBkeVWxcBZJ40mhg5w-XKbSXqkino4-FTZ4Ua5GIh5oGmcwtAK6WMe-79mLjSNK2KmzDCOvEhOT1z1iLV7KSS2pZIpMmd5l6AuBhHPM7gRuPtuKUvbbimjw_tnnoLq8mNGDrwr_wSfgh2NH-L5VU2RPTD_7EU_n0olHSVYxGSkmuBjwc2_qHwRw4AjEm1r95q6XkLgQZylOr2su2QeMupWTf5eCY-iKd0aHAx7xJ1EF3kVuQGE9Ht6jb-ovPZGsGOhr3CoHq2uFoJVF3-cVnwSB_6p3SHsAu9De5KVE6oXmJ3jXtYl7I4ddqTirdPQuDRJzEJOIWnvUm_v_G2Vbn4rWFIe4VsYxbWwD-decYEPSr4Rmywc9vZqypB7nohcWuUC-SkPJusNfj8Cj-Bgt2EMGqx2HBMcsK0j5kzsi_DSPjxEPD1ozsn9rtSlruZsFSFP8LDovLIJAoCqa3JFfyWAGIMK401Hjd0XtCo7-Tk6zeB-TLes3dRmoy0ZAJHvzUuoEvCbf3NrYSX2WwHS6cpHeraLTLjLG23BpETShYucA34X299hQk4_XANHoEGcGJIBBgyaCRbRqmC8Tq_POLRALc-AavALktyRYji9jw85sssu0GMknKJiBle3p9bxPdA1Ub58JkkaotAV6PAt5eayTt9ik3z2snrQ-jCEcuI3nIcnn7lxogFiGZVPd2OTnPF5oVT7sJc7umYVDm5ezEoEE8B06BxM2UZK9SUjbRwOuYppC9FlMnuG8i75zRROglq9swrUFg10jMsfnCWbzmdfNwFJvFjv8OJjs&cid=CAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=815572986666956900&adk=2923430907&idt=154&cac=0&dtd=18

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd5af22b0724902da6ceb31665e1822817b88f1f6cbe14c405285a73a789c3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14088
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6D73 41 KB
14 KB 57ms
53ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRB6isgG4HYN2gXaSIsrAJZB2TPkhW3y3nouydXNBDqtShTkw2-kTJ0sn94m96vaT_1gy0NPu1U1K1KyIaEc_06uO-h4Z6R8wxA8YvUy5yZLhs7lW8LKqHh4TfWgw8GJ4rLSvYQfbmM0DUUUnK0EHVhMIGl-01zcqS-FaeBBFJ6hIc4Ds&cry=1&dbm_d=AKAmf-AmfbOcnVItez3GhxIfKZe_wTpVrcpRgUs0EjjRmYD9Df56rWWlTeGIBsOx8CLe6SWCn0MynWfqkBgkUkdFEMSq-JGr1TU5Kgwopfq1H8Y1SQ5CbKl084SB_5YTpsV9TH_uVaoJRw8Vvq4EgoHTbMlHMMzyqARRFq-qMI2--xVcN-B93QOJk9L2oBlx1telFw7V0aGAoeKEtD2vpn1nU4IHdNzQBGMsapC2t5yk2VaeKnzqdwHRyfNyb6CGC19hsLoKvVfjO4eccPexHVsxSVA0IfHX0_JPb47xLv5ZRxQFOBninPZ7r14ppt7uLMACDivyMv7wXAMvwnd23B0NKY0Ybbd2XnKWgY4BzOT_luGcpfSBv-auNDCuSRUthjJQAuCqfpqclkEVKC1_Y8jaeNIhYYk6US3Fq1hb7HmGDPww-Nfr9LOlzwya44PZaE9ukyI5HldfYSrmtMHP7jJ34cMeRH3AgHuqsWIww76kez4sESTQXQ43VvTbriXuv-d1lGioz4ooWvV1DrCxNz7bs67iN60gZHHdSn6pTI2V1n8i8xtShagegtUnJiBSXuoVtrjbE6t6RWvbAf4MReS7h7skuCuc3H13lPHQtnCe4gayUS20e47zweDchqRiklG9bPI0HZmkkfWCJBdo_ZSkvSzLbt7zzlLFg1EUSTtSV869rYSZRPJEDQRynVHYy19Vvk_zQIxp9wlA-wpM15ss-ETjbi_CH_PxeYGE54tO3q5guYrT5ObWT70_7mA9gccQLl3_N0yZmHBIi2bnmHDbXmyp0CUWbP3TbWbK41kKcic4eVkt9M9HsYanv9_4CVWnsjH11R5ZJOInB7H-oBCgO0voiTqNdwTIZ5jyEDP9Pjp_KNNozk0UqzcgDVEFA7ghmChgSJqVInDZxrdzYPKxp1gG3Ycw1tn2q6OmchPK9rlwB0H-LsMmein5o1Bi8GDr_V5Knn8b_kRAgL8WD4YlfD7maM2D_b-06c0z1M4hOj77aGubz0mzB2kJjxa4MwuEzfzW41UTlvrIqUkKENlTRtL1e4Fw06DfdTOeci2TtYjVVPZkv4Dpf9IWcA8zEUpbGHPg0Q-wwfCNDaOj3PWodOpclHMy6SMMagZX18B968Elpco9xa14BGzjn3kVGo8c4NLfrO-ZwWdK02IlbrIoSVIOPfkxdBOvvoqFperC6nfSGaJZruby82ifwuZ9WtzXke--59IalNRgU-rLMbcGyLudmf401WM-SeHMnW2ygWIbDE0YJwTCNr887xT3UQpfZ1PL_oCmWHWNYDw6UR9QPFQirZl5mazgrBZMdaJl9jR0JHI5qU6MMOTpTOi1KR2uvkGX4zYDRSxjmiL05sWSUsPRQQSsYVU49_wlXyBfhFGg88zTzELCXIJb-Si12CFDbylpXQvMO5W7OW8huvm_Yz2y2h0V3hm1qswVIP5CQXGDvQO-lZUujQvZmx-NfjYL2HyvfshX63XEmtOpRIakHmrRUDr_VZOCgaerMWtwqyJwUDK7woEKz-G1ggx4kvWmwzMcvtVCSoXZ0BHOV5NtT_3BuXsqXUHKHJkeQ-5eEjPRm1qXddIKnEZfUgaZWc-3ANXTOzybyT65oEjYx9fjdeYm7usO4GOuFQ8_w3ymhtQZY1FLDfOsqsb_0W5a4Al05fIETgBQeW24ZHm_zph1gGFsU3DF80mmnPKwB9i9WJ8Cpeil_Jro-L43yQ3VK3FDzO5obv1Hj-XXun1b5yrugHOIxXrQvATQtAvFEbO3gqIiFTwGYGJZjgQGmmTdbjnE4386J8oTaLLwsa5PFKgnBkulWjkIGxusxEZi_Bt9b55IeMAOqxqN9e7RM-eeNxYdaP3eEzynG3r-Mqw3gHV3LUFz5CSsVFoPUG2XAvZXX0dTC4lQaN99uct1ApDx5LII4xesbBiK8kS230-yMXmCUWjQRktvgh1X8FOe1B-KFXS_aBcTrugWYbYqNVWBfm70HcnnSRjc7jz67ifAsZBib-tLJAKK3ubfIdqBn9odqrNqUJpT5b2PkrWzt-PNLMZ6R7LukzwMUjefVYwVAN0mJ4IRMSppfbJY_7KeMjawabkh2kZfInh-Xbo-uqgqYWu_Dfzn3OFYylLbAh6MfOpuvK89PNu5XdUUBnaJwAkSLCjMK_msga-wM-QwwaDpK8Q6cu5GifK3pCGzDad-hBls508SPRZUo9e1DuxwJakIblKFW4XpY4R_rVLA3tR7a5RPX41gTkqwc9ptlLsS9yM9T8fUlDsvH6YfG80o6ONs51PaGG178MNMOC-P6hNA861J6G5VaYu2DpmFK8eQd862qoo0AcbzjNDBSNvtcw14vhszogizzE4GBoNri6yX66Gh4DZqurV03263ckRU02uWua7uNoudLlSeMykA2Cypj2MwUQLatrQYIHnRyFeTHMHX4Y-23HGYx9v8uAzW5J_aMXOx4EDvqX0nG9hM8vs54v_PJiJR54-E1AoKlXcQ8oRVPEDOhvaOtnDVwhbekPpUX4dAIwWT5u42Wqvqgf2R9aFJBiGg0m16TAMin0md6-syEUXv-3c8KRtwiU1NMtqYI6LcRoVb3aJSKG5ZAX8DyIN9LxUzHGMy5RHNvFVlvyPfM2ukR7LiAMNI9F4ohZi3Go0rTPW1G0GrSgLi5fUF0uufWvJSgwATHQLoMccKvOptGMGKm_s3MhKbvLq57NK72j36LFRGBrXGE3n3AgNHJq4xnbrx3GV5NHbw2vfMPppPtMedDRJrJRUU0XzMyiGP5YBY2OLZI-GaBP09brr4knPVkEsV6kbe_YIcL3hWT0I_cvPWRjaasEe2zP7IbmzyfNuj_LfBlI1I-okXuNsHveG4Un4qltmw5djYtRYN3ziIkvhu_4d5OFktA_dN0uOYIYX41nlhmntX1tyibDEZ4fErQtZjFX4WD-CzFjycJ3fLMQKEv54v8MZniBSNavYPW3Doj6_yoY4YSwgBp52BGb1B4TSPIeK4mW-cQ2lChJ8kvPooqLTV3ce8NTCbl2zFXyPqXNyncpu8Enxc-95F95el9gg6LXZ_5JQymSoATyrAHeXMUbN0NA-fSJxcncS74mvPLV9m_GhIbm8FG1vWPbnABSgIGt6IfE1AI3RP3Um77LFnvQhT5LtnyzKjhBkeVWxcBZJ40mhg5w-XKbSXqkino4-FTZ4Ua5GIh5oGmcwtAK6WMe-79mLjSNK2KmzDCOvEhOT1z1iLV7KSS2pZIpMmd5l6AuBhHPM7gRuPtuKUvbbimjw_tnnoLq8mNGDrwr_wSfgh2NH-L5VU2RPTD_7EU_n0olHSVYxGSkmuBjwc2_qHwRw4AjEm1r95q6XkLgQZylOr2su2QeMupWTf5eCY-iKd0aHAx7xJ1EF3kVuQGE9Ht6jb-ovPZGsGOhr3CoHq2uFoJVF3-cVnwSB_6p3SHsAu9De5KVE6oXmJ3jXtYl7I4ddqTirdPQuDRJzEJOIWnvUm_v_G2Vbn4rWFIe4VsYxbWwD-decYEPSr4Rmywc9vZqypB7nohcWuUC-SkPJusNfj8Cj-Bgt2EMGqx2HBMcsK0j5kzsi_DSPjxEPD1ozsn9rtSlruZsFSFP8LDovLIJAoCqa3JFfyWAGIMK401Hjd0XtCo7-Tk6zeB-TLes3dRmoy0ZAJHvzUuoEvCbf3NrYSX2WwHS6cpHeraLTLjLG23BpETShYucA34X299hQk4_XANHoEGcGJIBBgyaCRbRqmC8Tq_POLRALc-AavALktyRYji9jw85sssu0GMknKJiBle3p9bxPdA1Ub58JkkaotAV6PAt5eayTt9ik3z2snrQ-jCEcuI3nIcnn7lxogFiGZVPd2OTnPF5oVT7sJc7umYVDm5ezEoEE8B06BxM2UZK9SUjbRwOuYppC9FlMnuG8i75zRROglq9swrUFg10jMsfnCWbzmdfNwFJvFjv8OJjs&cid=CAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=815572986666956900&adk=2923430907&idt=154&cac=0&dtd=18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 384971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDIzNDg4MDIzOTc0NgogIHNlcnZlcl9pcDogMTM0MDU4Nzk2CiAgcHJvY2Vzc19pZDogMTY2MTg1ODc5Nwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 6D73 0
858 B 189ms
75ms Image
image/png 216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDIzNDg4MDIzOTc0NgogIHNlcnZlcl9pcDogMTM0MDU4Nzk2CiAgcHJvY2Vzc19pZDogMTY2MTg1ODc5Nwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxODQzMzY3NzgwNjE0MTg0MzMxNApkZWJ1Z19rZXk6IDg3OTYzNzY0NzA5NDI2NjQ5MjUKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTE3IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzQ4NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwODYzOAogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x5e5b09cb561a004f0000000000000000","13":"0xcdd198c6cac28eb30000000000000000","14":"0x209ad700d2a89cf60000000000000000","15":"0x1b04566e41f0b1510000000000000000"},"debug_key":"8796376470942664925","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"18433677806141843314"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 6D73 11 KB
4 KB 66ms
13ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1700234879547971&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: ae021a8d6f0b6e068a252d9c857ecc70cd9c9c6202803d1be959da9008da3fca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:00 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4169
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
hal900012.redintelligence.net/ Frame 6D73
Redirect Chain

https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

114ms
88ms

Script
application/x-javascript

94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D&documentReferer=http%3A%2F%2Fwww.mop-veins.tk%2F&ancestorOrigins=http%3A%2F%2Fwww.mop-veins.tk&random=4555412684439&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Protocol: HTTP/1.1
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 518d13d06f89e2d21ed1fb5d447089b92e5419c50f41aeee74040461e1fde281

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 17 Nov 2023 15:28:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 40579400101818504444550012511012
Connection: close
Content-Length: 1135
Expires: Fri, 17 Nov 2023 15:28:00 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 17 Nov 2023 15:28:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D&documentReferer=http%3A%2F%2Fwww.mop-veins.tk%2F&ancestorOrigins=http%3A%2F%2Fwww.mop-veins.tk&random=4555412684439&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Fri, 17 Nov 2023 15:28:00 +0100

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 7400 38 KB
13 KB 55ms
54ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 35020
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 05:44:20 GMT
expires: Sat, 16 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 7400 39 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 14:56:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 14:56:44 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 72F2
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=40579400101818504444550012511012&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=

0
628 B

41ms
30ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D&documentReferer=http%3A%2F%2Fwww.mop-veins.tk%2F&ancestorOrigins=http%3A%2F%2Fwww.mop-veins.tk&random=4555412684439&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 17 Nov 2023 15:28:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 17 Nov 2023 04:28:00 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Fri, 17 Nov 2023 15:28:00 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40027
x-iplb-request-id: B9D59B91:B05C_91EFC182:01BB_65578680_55E7FDA:1E87A

GET
H2 200 / Show response
adv.office-partner.de/ Frame 04C4 930 B
923 B 76ms
6ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=883edee6a5&subid=&uid=45aebbb9592005fa&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoG15f4ZXZYO5IZuAtOUPlryi2Amm5b2gaYWVnKfJD_AuEAEg9Pm1FWCV4pCCoAfIAQmpArslBQjVM7I-qAMByAObBKoE6AFP0FyZ95aPAMl0sk_2av1LnLzOxjoIhBLAv-KEmu1JeE1Cn_aodeg4Eh08SvyyPUVnc-HYhUy-3GD6SgtkXvyXr2M-phSBKFWTC5PlFoYf3q_Cqp7saom8SICjIPyqKPmDfgc7m69Dml-qMuCxVW8mattM89kifT5H47pLQic1vy-77bBdpnNeGZlZkLxGTlnXc5raj4x5fRGhucHzyhRbts9ue_C5wedijCJviaMX_Z2Waaw0ieiL-mhzDIAn5qERPZLalFWLsExjdpGSCAjmskEAWVV0M2vQuLjDTBZ-5ac1zwYsoCdjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJDJmsCsy4IDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB%26sig%3DAOD64_0wwyroF09oZvi8XLv_E9WnXOI-AQ%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-BWTzx1e1JPJugLEznBOakUKtSMOIvIlVRBwYoCzqITS--QfQgm6qzlttd1Bz4CpG11kxqGfRGOeQxvUqPLIsJA7pq1Doh1KHm6g-gsHnxogDYQNrGPSh2ncM-9DPNXcbKA7c3spPXCu9kd5bnuQ8_kicgwGocj5ilid1r9qRqXAfW4kXs%26cry%3D1%26dbm_d%3DAKAmf-AoosUjL4kan8_Pq4O2DX8A6xnE_3t-3MthckB2rwh-LCz4UUiYK2roX_QB2RbEBZ1xZAjuIDDMIglXE26x0yizSTfohSe0IEjwNDu1gVOxVtajM2rkFXAqfp88x1jS7Vb13kSwUC5LvQFAAGXcPPu25ZBwfkLZlDk6gZtyUQz1Ima98E7lBcYEj1Gl48T4IVT1v1YucX6HZyAOh-huT-k6brS-pglRKLLuaejeUaP_aDRpSMrtDOr5KqgfFgT81jr1kZaoL25LOCAAMCg9lGuuCjzhiN-1DMgewid84fM6y7lmIzg6jJajf3Z1MqMFPspb92_uf41a8yINC6AmxoU7OL3PUk1TtTmD3C-9PlyZVLTmdDrx1kHvbg2QLeDwwo22IAfCXMGgWp89zAdsL9QT4r0woZcB-OyXyrmGUz1Xrfcn-M1UOH3J-lRgDEBzL3DnzJEs7jPmGr96xTJO6cfUz9RHtmPENhry10J-kiZBejyCdqMe-c9j2kYRp7MOMzBZOnxgcY1btebUkhlAq50cehPwc6HqS4lPuG2aGi1_KL3vp-M%26adurl%3D&documentReferer=http%3A%2F%2Fwww.mop-veins.tk%2F&ancestorOrigins=http%3A%2F%2Fwww.mop-veins.tk&random=4555412684439&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 17 Nov 2023 15:28:00 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 24 Nov 2023 15:28:00 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 6D73
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=40579400101818504444550012511012&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=

0
200 B

86ms
39ms

Script
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Protocol

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:00 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 17 Nov 2023 04:28:00 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 17 Nov 2023 15:28:00 GMT
strict-transport-security: max-age=15768000
x-iplb-instance: 40027
content-length: 0
proxy-host: pv.medialead.de
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: B9D59B91:B05E_91EFC182:01BB_65578680_55E5D67:1E87B
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=40579400101818504444550012511012&actionid=879111&produktid=ratenkredit&dt_url=
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 6D73 43 B
666 B 223ms
92ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=40579400101818504444550012511012&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:00 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: B9D59B91:B05A_91EFC182:01BB_65578680_56463CE:1A42A
x-iplb-instance: 40028
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 6D73 43 B
702 B 111ms
70ms Image
image/gif 23.56.205.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=40579400101818504444550012511012&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-56-205-163.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 17 Nov 2023 15:28:00 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7400 0
20 B 93ms
92ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B6OJ2gIZXZYLRDqym9u8P7ee3mAYAAAAAOAHgBAI&bg=!ZWalZinNAAZxrfrxUa07ADQBe5WfODXdYbqVbs-jx_TiplliXvKHIasrlD2YeywbEEj5GNpJ0TFOmrtNQ5_-8xrbLhrjAgAAAGVSAAAABGgBB5kC2Qqb8H2aG8RMWYFHgAuUNw6PiGs4z3F5kYOeGImZjn8WnWaY7mRg0Ijf58d4WsMTFAF2007TwX5Ccvjcy0dLIXXVq-ofmWrnQGT-xBdIUSayzXnrkIRB_JtOnHTXVjcWxtWtdCdUS-xdMfx3m_lLNI3Fsux-ioYKCrnZAnoKRt986NXGikMhHQ-pNq5RewIDfZP-WNiWBmWUS8qnj9rcbMcdTfBiT_gXwDblHTo4xvKk4nBp8ktykeOOeAodf6R7eNrj3KJCU3Grpvd9wzb6c8FZjN9eDXJdvyk77ok9mCr0e8fdQbaJfgb01uoAAOMWKN272BiAMPfolvB5Q5y7sm0YwIYF6xaTIbUJO6cX4cEJka6mpi_ofqDcLH54GDxl3AJJUSEQQhxR3g1egJbGa4aD6pf1wfVxNkJcnZws4OUHp0CkNbPSUlWLR_mESQ442zRAvctbl7qZ4XS6z7ulTWr0Mz_Amt_v8hXjfbJQujMxZSEm9jbtuSBMOh0yMbGQpZjiNlzy54HjWUCyRUH1ctjg-5jjcINuhNXahdo9EOYHFeM-ZCOWFArPms2X_MDv9-pR-8M1uPCj1rJqh5FFnbuo1uO_vxE2ATuzzDu1gYn91FEoiEv1_WOSDJUp_qztxdRfbzZ4kUicfellS-T1N7nhr1czbjjAXDywjPW43ZzSNYI4bm_ZkDSRfnSJoFCR7DQBLVwsG1-q9eveFc2JxWG2BMXrpnwd78S6lMz7FWEuN3d7IP3wS-he1uCiNzmaUiWa3z0jx0AYnXQejntjTmEsN_5HrxmBn6wQyJctiFy1PAZMsw-aDmVTSj7z1CLygug8UkVKoRcLlim5bLnZBRXcvKvu2fkOw3UE-avcr4uMAbadzp9OFkQ8-cohva7dcNWaw9aGq2Y05mUZTG3DwRVXcvu1cswy-KYPlujY35OT9eDdFuPKv6e608tTbbtbly1XvihhE6jDKg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 04C4 174 KB
63 KB 63ms
62ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

09a0dea85f2a01b11163408d91530120f90eb56f8b92de5dc25f33d240ddd100

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63916
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 17 Nov 2023 15:28:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 04C4 273 KB
91 KB 61ms
61ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b6c33c2d2ec8694c31a5df76f22dea27584eb4086718646d43f06109bfebb8e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92912
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:00 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 6D73 2 KB
2 KB 283ms
190ms Script
text/html 13.42.237.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=40579400101818504444550012511012&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.237.35 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-237-35.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: daad809833438a83d44f2f36fc2f329367f14da0713064bcca1e52e203e2cd7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
last-modified: Fri, 17 Nov 2023 15:28:01 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 17 Nov 2023 15:29:01 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900012.redintelligence.net/ Frame 8FD9 7 KB
2 KB 37ms
14ms Document
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 4d0e6ea6c6b0c97f6cd2fcea5987369304f675bfb776a8c1e0db6f78d6d494bb

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2069
Content-Type: text/html; charset=utf-8
Date: Fri, 17 Nov 2023 15:28:00 GMT
Expires: Fri, 17 Nov 2023 15:28:00 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 6D73 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 281858841ba8344ce914ef30955d56ecab63f1a2fbb97660e86e9efa11557c2f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 8FD9 2 KB
843 B 182ms
63ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 15:28:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 8FD9 10 KB
10 KB 40ms
12ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 88d6d52950d15f2aa22a87b2d1619376104b083f75ff02fe9461ff6d8cf9e04a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9892
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 8FD9 9 KB
9 KB 40ms
13ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 78b3955452d6cb84e05b3357cc723faeff4f28b1d5f0b8856a3981f489ab5a9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9250
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 8FD9 7 KB
7 KB 169ms
145ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 77ca6322ae9d07efe17882c04469a2a69629aa48496de240b8a868ee0ca869ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7115
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 160 KB
55 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/reactive_library_fy2021.js?bust=31079756

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1ddb4baeb81e218f32cd1f0ce079d01388b05547d25a6d734f2bb4598d8414e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55861
x-xss-protection: 0
server: cafe
etag: 13507752284262032569
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2C5C 34 KB
14 KB 483ms
479ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efd132cfce7d9d864685ea940ae50de5728a453a53406fc72f668d6ed2d81b93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 14586
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 6D73 53 KB
19 KB 107ms
11ms Script
application/javascript 18.66.147.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=40579400101818504444550012511012&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-41.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 05:55:54 GMT
content-encoding: gzip
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
last-modified: Wed, 01 Nov 2023 16:51:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 34327
x-amz-server-side-encryption: AES256
etag: W/"5d5bc5942e2e0a61b44429bb852bdc91"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: uNrOgoexIq5gog-M8mZR7bk0SDH66_Rk4uvUvAyUN0qJNyLYPL6aPA==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 6D73 3 KB
3 KB 68ms
15ms Image
image/png 18.154.63.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1700235181&Signature=SMvqhgftuR87sCe3ZCDZ7WWAlGiQCNF1iI8akzgUD6V85t0rRafzUeQTc1UUr3~N~kKrzc0J9zC~2b1SM3yoCEwGrwgh8rWordOa9VTeuVIsZs2IJ56JWXwbps1cRKJrU8eV30w-dzLZnu5uLS5XB9D7US1mGNIc0CXtFq2xG6eNTrUfqLpbyEg4vXtX1xD1zokJbq87QE1JTs~4JJhXNMBJSfX850PPPUcAXG1-AXHim57xyVUkNBT5LdXNNTybaGirMenVcYTW4n~rJEpET5fC0TO5LhBBdQqRkMf9FHzauW5KwncQz4I43OWYo0vTFkrGgWmKd2BVP4raibc7cQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=90&slotname=4689036173&adk=749540655&adf=4276005684&pi=t.ma~as.4689036173&w=728&lmt=1700234879&format=728x90&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&wgl=1&dt=1700234879014&bpp=5&bdt=347&idt=396&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=3231655308189&frm=20&pv=2&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=310&ady=402&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CaE%7C&abl=NA&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=410
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-65.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 17 Nov 2023 10:13:24 GMT
via: 1.1 4916e178488f684789738aa0c104421a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
age: 18877
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: 7V2dARHks8JdhHS12DgSxqwr97YA6mjq6G8A3VciBwqdQ1wgOanxDA==

GET
H/1.1 200
OK viewability Show response
hal900012.redintelligence.net/ Frame 8FD9 0
150 B 40ms
13ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/viewability?s=40579400101818504444550012511012&a=23b6d151&vb=m
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:01 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 9353 9 KB
4 KB 61ms
57ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 19:11:49 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 19:11:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 264C 9 KB
4 KB 54ms
54ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 19:11:49 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 19:11:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 30F8 9 KB
4 KB 57ms
54ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 19:11:49 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 19:11:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 31B8 9 KB
4 KB 61ms
58ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 19:11:49 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 19:11:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 9353 4 KB
744 B 65ms
62ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 13:31:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 9353 205 B
651 B 168ms
55ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 57665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 15 Nov 2024 23:26:56 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 9353 604 B
693 B 168ms
55ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:27:42 GMT
x-content-type-options: nosniff
age: 19
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 16 Nov 2024 15:27:42 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 9353 15 KB
7 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:27:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:27:01 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 9353 21 KB
9 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 03:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 03:59:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AC58 624 B
245 B 98ms
96ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNWg3pKLDvKlQd9X2WGnIYFEdvVOWUoh5jmkyauPwmL-gnF46gtiWJhSVufESWjlrl9qeibQ54WBWAKNwdJIFDEeqbbKg2wt1w8y2nQQBUwvwKnSldjOhQHMnrcAkLJ_4j376LXxbYtuhea-0J8KuOQ_0X6JpsVWM8Mks6sAglrunSNSje0

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:01 GMT
expires: Fri, 17 Nov 2023 15:28:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C48C 89 KB
31 KB 133ms
130ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame C48C
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1676726/76173534/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014574277&ias_pubId=pub-4105316393188386&ias_chanId=1&ias_place...
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

43 B
484 B

64ms
7ms

Image
image/gif

2600:9000:223f:2c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Protocol: H2
Server: 2600:9000:223f:2c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 28 May 2023 02:26:58 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 14994063
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: -AjQMK056FLbPwjajzY2J5N91oyO40ST_BJ8LdqXKOTGtWtO5NAqDw==

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: nginx
x-server-name: app24.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C48C 3 KB
1 KB 59ms
55ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 11:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:00:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C48C 20 KB
8 KB 59ms
56ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58263
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C48C 203 KB
64 KB 92ms
88ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C48C 42 B
63 B 97ms
94ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DNkGAVqtq00Db-aXU_618LGmFgAdd4Pk9SQlZj0OhxajKQyOoz63hwl33QDNRKb6sCFAUS5MAkxq109QSSTIqCM_THyEHdO7K6KLSjAHR-c4G8WiI

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C48C 0
20 B 95ms
93ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1126878060032665447&x=1&ct=76

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6C81 640 B
265 B 107ms
104ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNV8l95OWSXx153JagsMO4WVBhaI12hKr-Hk_Rc9H6xo_DdDYeEz6wLPdz1e_OgRUXhim4c1KvJz6Caxk0OYgwff8lVXnG-vxFZDm6pjzoyUW1v_V8ltPHByJK0fXJ7pLWOfh3UG07FsTDSib9zbNZietsLMcQzfImhCt4Hl-Rd3u-j1w4E

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:01 GMT
expires: Fri, 17 Nov 2023 15:28:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A3DE 89 KB
31 KB 178ms
177ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame A3DE
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1676726/76173534/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014574277&ias_pubId=pub-4105316393188386&ias_chanId=1&ias_place...
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

43 B
482 B

33ms
8ms

Image
image/gif

2600:9000:223f:2c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Protocol: H2
Server: 2600:9000:223f:2c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 28 May 2023 02:26:58 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 14994063
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: PwhLQ5viJx5_i0wYUFLp-Uji85dd3mY3loZGey5wMCaqhzvSIgJQ9g==

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: nginx
x-server-name: app16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame A3DE 3 KB
1 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 11:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:00:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame A3DE 20 KB
8 KB 65ms
63ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58263
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame A3DE 203 KB
64 KB 96ms
93ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3DE 42 B
63 B 112ms
111ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AyLVbcLmzA2scmpe8biQbbJUIHpz386ddKiCX8FKp4k96jKVnhwZDvXVn3QZgdijO_YLptkAg5_JYwi3H-4xh2D8Qyvop1Td9k2Q7F5OD10j4F5HU

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3DE 0
20 B 111ms
110ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15211146504769497770&x=1&ct=76

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0B53 640 B
265 B 111ms
109ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNXwJXWQ8iDxIu2waYvkigMikMD6KEMbr8gEXOB7SmhmnzzAj5wdH7_yY3uezglX92OFeiwxx46VIqqJnHryKJWNNWSSW6uUBcmwC9uK6wqpjWTFh4nW7iR1yIIdjmCZquAqeWmU1eC33j7UaV0QJje-9a6Gs2dS-nVbz0_BfNU4fbhAIss

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:01 GMT
expires: Fri, 17 Nov 2023 15:28:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0E00 89 KB
31 KB 166ms
165ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 0E00 18 KB
8 KB 60ms
56ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:03:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7823
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 23:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 17 Nov 2023 16:03:27 GMT

GET
H2 200 attn.js Show response
cdn.lamp.avct.cloud/ Frame 0E00 48 KB
14 KB 55ms
10ms Script
text/javascript 13.32.99.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.lamp.avct.cloud/attn.js?mt=displayBanner&aid=63c51e1aeaeb06ed73452eca&mid=651e6b2507e337ed959d3bc2&tid=651e782707e337ed959d3bc4-1-19&cp_lineItemId=20618300095&cp_creativeId=523603354&cp_extSellerId=1&cp_extPublisherId=1&cp_extSiteId=126390448826&a=&cp_dspId=dv360&api_frameworks=[APIFRAMEWORKS]
Requested by: Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-48.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a2bb12e88266c40aa8e4b1b0cd7204b23f0bbd8e8b4eabb96806116b590949cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 08:24:03 GMT
content-encoding: br
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
last-modified: Mon, 09 Oct 2023 16:23:08 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 25439
x-amz-server-side-encryption: AES256
etag: W/"8a45742518e0e70d41040ddf21529736"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: Vk627NbNQXZC_0HDgiR-utSkUsT-HqmE2skOJ-8KONb0eJgJSNtCkQ==

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0E00 3 KB
1 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 11:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:00:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0E00 20 KB
8 KB 72ms
70ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58263
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E00 203 KB
64 KB 101ms
98ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E00 42 B
63 B 91ms
90ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ApecW0EJRHZHlIb_xT1G3Ao-jNhHGjnL2CRGF9qHDWs6X-OAsnAo47AqDYS8f2IIPmecL6QnPKd77fpNRJzI5xLmMFYq3SQHucZTFbys9K4uBWU3M

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E00 0
20 B 98ms
97ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15539817034796330834&x=1&ct=77

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0CD2 14 KB
1 KB 88ms
85ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 13:35:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0CD2 2 KB
822 B 70ms
69ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 15:51:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 0CD2 23 KB
9 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 02:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47436
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 02:17:25 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 58E4 143 B
166 B 69ms
66ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 970
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:11:51 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0CD2 3 KB
1 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 11:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:00:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0CD2 20 KB
8 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58263
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:16:58 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CD2 203 KB
64 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 0CD2 37 KB
15 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 09:24:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21792
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 09:24:49 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AC58
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

43 B
729 B

33ms
28ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNWg3pKLDvKlQd9X2WGnIYFEdvVOWUoh5jmkyauPwmL-gnF46gtiWJhSVufESWjlrl9qeibQ54WBWAKNwdJIFDEeqbbKg2wt1w8y2nQQBUwvwKnSldjOhQHMnrcAkLJ_4j376LXxbYtuhea-0J8KuOQ_0X6JpsVWM8Mks6sAglrunSNSje0
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WofiKyZ6t%2B1BBpJgfAAhtNCYHlxtwufLgwjEDgyoTxfb3MMwEKXUKSvmkV8RcuKsvIafw1SWChBamQCiiJXGLak8cJdR1DgEfJCFElWkp9vUUn7KMPY4FEo7pKxp7c9nPNAR4nLe4PV3Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8279004a8bfe1cc9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AC58
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVeGgPWDlW0anNfSGF8j4QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1

43 B
731 B

30ms
29ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNWg3pKLDvKlQd9X2WGnIYFEdvVOWUoh5jmkyauPwmL-gnF46gtiWJhSVufESWjlrl9qeibQ54WBWAKNwdJIFDEeqbbKg2wt1w8y2nQQBUwvwKnSldjOhQHMnrcAkLJ_4j376LXxbYtuhea-0J8KuOQ_0X6JpsVWM8Mks6sAglrunSNSje0
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6uGgrZ0qppg7sAEurOdiuRzr1n6D9UL8k8oDH0F%2BNl66NM4eziF3Votn8Gbs7tu1TRyW4A8s3SII8L8D2%2FvhB4NZi025HnwRcptAc9PArob3JjZLKUGIdERAXEnFX7fvRxDaMX%2FJBIWRA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8279004afc611cc9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP156Hl6llM0_OOeBfCIvAY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame AC58
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1

43 B
849 B

19ms
14ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNWg3pKLDvKlQd9X2WGnIYFEdvVOWUoh5jmkyauPwmL-gnF46gtiWJhSVufESWjlrl9qeibQ54WBWAKNwdJIFDEeqbbKg2wt1w8y2nQQBUwvwKnSldjOhQHMnrcAkLJ_4j376LXxbYtuhea-0J8KuOQ_0X6JpsVWM8Mks6sAglrunSNSje0

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
an-x-request-uuid: e5877082-05af-4f46-b4dd-60dacca16efe
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.145; 185.213.155.145; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENFikcbvD3a6m6Dyl5fnKQY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AC58
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D

170 B
232 B

59ms
50ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
an-x-request-uuid: 80e7be88-ef00-45cb-a103-1ae17f143566
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk4Mjc1NzI5NDU1NjU2NzM4OA%3D%3D
x-proxy-origin: 185.213.155.145; 185.213.155.145; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6C81
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1

43 B
106 B

28ms
27ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNV8l95OWSXx153JagsMO4WVBhaI12hKr-Hk_Rc9H6xo_DdDYeEz6wLPdz1e_OgRUXhim4c1KvJz6Caxk0OYgwff8lVXnG-vxFZDm6pjzoyUW1v_V8ltPHByJK0fXJ7pLWOfh3UG07FsTDSib9zbNZietsLMcQzfImhCt4Hl-Rd3u-j1w4E
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 6C81 43 B
120 B 88ms
26ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNV8l95OWSXx153JagsMO4WVBhaI12hKr-Hk_Rc9H6xo_DdDYeEz6wLPdz1e_OgRUXhim4c1KvJz6Caxk0OYgwff8lVXnG-vxFZDm6pjzoyUW1v_V8ltPHByJK0fXJ7pLWOfh3UG07FsTDSib9zbNZietsLMcQzfImhCt4Hl-Rd3u-j1w4E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 6C81
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1

23 B
163 B

53ms
52ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNV8l95OWSXx153JagsMO4WVBhaI12hKr-Hk_Rc9H6xo_DdDYeEz6wLPdz1e_OgRUXhim4c1KvJz6Caxk0OYgwff8lVXnG-vxFZDm6pjzoyUW1v_V8ltPHByJK0fXJ7pLWOfh3UG07FsTDSib9zbNZietsLMcQzfImhCt4Hl-Rd3u-j1w4E
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Fri, 17 Nov 2023 15:28:01 GMT
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 6C81 23 B
163 B 135ms
57ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNWi-foBMAE&v=APEucNV8l95OWSXx153JagsMO4WVBhaI12hKr-Hk_Rc9H6xo_DdDYeEz6wLPdz1e_OgRUXhim4c1KvJz6Caxk0OYgwff8lVXnG-vxFZDm6pjzoyUW1v_V8ltPHByJK0fXJ7pLWOfh3UG07FsTDSib9zbNZietsLMcQzfImhCt4Hl-Rd3u-j1w4E
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Fri, 17 Nov 2023 15:28:01 GMT
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0B53
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1

43 B
114 B

26ms
25ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNXwJXWQ8iDxIu2waYvkigMikMD6KEMbr8gEXOB7SmhmnzzAj5wdH7_yY3uezglX92OFeiwxx46VIqqJnHryKJWNNWSSW6uUBcmwC9uK6wqpjWTFh4nW7iR1yIIdjmCZquAqeWmU1eC33j7UaV0QJje-9a6Gs2dS-nVbz0_BfNU4fbhAIss
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHSBZN3ea1GLVCpTbprRKRs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 0B53 43 B
304 B 76ms
20ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNXwJXWQ8iDxIu2waYvkigMikMD6KEMbr8gEXOB7SmhmnzzAj5wdH7_yY3uezglX92OFeiwxx46VIqqJnHryKJWNNWSSW6uUBcmwC9uK6wqpjWTFh4nW7iR1yIIdjmCZquAqeWmU1eC33j7UaV0QJje-9a6Gs2dS-nVbz0_BfNU4fbhAIss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 0B53
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1

23 B
163 B

53ms
53ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNXwJXWQ8iDxIu2waYvkigMikMD6KEMbr8gEXOB7SmhmnzzAj5wdH7_yY3uezglX92OFeiwxx46VIqqJnHryKJWNNWSSW6uUBcmwC9uK6wqpjWTFh4nW7iR1yIIdjmCZquAqeWmU1eC33j7UaV0QJje-9a6Gs2dS-nVbz0_BfNU4fbhAIss
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Fri, 17 Nov 2023 15:28:01 GMT
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEAmiA2L4Vr0ZICgwqPlt_eA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 0B53 23 B
163 B 128ms
58ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNXwJXWQ8iDxIu2waYvkigMikMD6KEMbr8gEXOB7SmhmnzzAj5wdH7_yY3uezglX92OFeiwxx46VIqqJnHryKJWNNWSSW6uUBcmwC9uK6wqpjWTFh4nW7iR1yIIdjmCZquAqeWmU1eC33j7UaV0QJje-9a6Gs2dS-nVbz0_BfNU4fbhAIss
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Fri, 17 Nov 2023 15:28:01 GMT
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C48C 0
20 B 96ms
90ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3135773349921&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C48C 0
20 B 91ms
89ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3135773349921&version=m202309260101&ct=76&x=1&cor=1126878060032665500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C48C 92 KB
38 KB 109ms
106ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJelVB0Iwo-o9N0FZGlg7MJy_RKyqu7dU1cHWmcM10m3soi652HN2gt_unmP8HjdbIeRR2UpcuGth7iXLyRWyitXX23nFcLXACLntmHOJH-SXjJYszo0kW478nue5r7-hkM5FjNO4kasngsmjm19GF5va4THe7MzFc5XjoPOUQwJQ8zf0&dbm_d=AKAmf-CZjoy87ZsHy5eOL0iRTXLlzmhaNtl8yseqCRb0yk1SI0bVI1EK2rHS-sWO3xHjYdCTGIvi_02cT_WXxCyKzSJlIW101u6GPaqdhW2FBM9pQd7YnkoSn7YGW4oY-1MTJt8aeQFdob-Xnoy5tzQtnuoeCUc05umSOn2aOOMSeFH9X3dWuAl0I10MTjGU3X7A8pau2Jr-9sqyWhqC-wEdjhbEbiL-XL8Ad-MTPgbF2AMVd7baC96jc5eA-1RJ6rVM5-ddB3d_f2QXhI1AQJm17A_Mxx5dHcyu5VDxBZbWnOKaQ1RQobFoga-XhHMga5hSd5uf9UdrfXhC4mSdg4XBcRS15pztbSpqFflx2TWIDQpb8QtfxjhqqdbAO688Rhl8xdXclepbyQ9SpKeDB3TljyZKffYtfyakR-W1Y8wTKHTTFR91fW01tr-dhlv4FptVMdTYqVCoIW57npsxITDQwwb5kWd1a75qfDK5itSWsD9Q7-0BhVhNwcy6MnG600NFGQFG90alqOOd811zheOXaNQ0wAcOirbgnihtC6ZkXRd7Lqu6KL0Ezo_82IB2LwqYBoNldItV2QKOt46qCCmtjGOQgrBuhNKswRFJZihjw-1o8IvFJ4gcKtt66DYOcrXTv60hMTvLyiknfKE-4KL54wTg0hP12v5YvU989BK-VxjMYMxD94mzLlC0176MP-8OPiLIBrBsj4jdVnPpXJypyS3ge490Dg5Wm00N2C_KEnz4okiBS_ETXAVuW_F_bjrMkgYOPV1KdkPvLrfbixWd3WQR5FrMiWCxRTpO5nGCLtkFJCtwbfHAAnLFPGjz8X8AenX8NsnrHMe8bK3aKHuxW5DJ5xatOTpvAVJy2wNkRyBbGqxVHaGzNuZm8_lHvfsa8jiZRzmbdBhRD8CvV3wJQG-Iv85gD3TqbLouJIvjUa6DMT9KWr3fG4-mtTgoY3Rqgy-ONcQtBGbaJ37b6jhDRJCDw3gUOP4j8rSoIOBDaw0aO2_8ce5Dyum2TZ0WAD_pwrUUG8kPbhoi_uHIZ4AHglKaXfewHKOa8iGzA8NNv_AwnLwsG8k6LvAZwCNekMzxFOj7piWwX_97CRhDi4blMFbqWrDf25tg-8JqzKbyDAFPhfbCOg7QlpAV0sYotmzQoY6BIlF2ZCcb_PoCUXv393T5Q1g85AWHMlSIdUfFAUPziSRnpSn5Ekm3oE3PJ-RTY08YXAngjNKwu3wcD0BawKynJWZAyNrvt8H7Vb5VSFRbJ1H7FAvHaDspXqEDgYz2avPZKlL09PP-sBOwu1H55KORRZ0hjdNsam9jFGSn7oMXORAlJRRvc-yZzPw0nxmCRsJxaHKVUyVXC_3uOc9PdaWQTjhzEQ_YdsalFip28ikiP6nKqGnH01J0h4jIf571BDCO3JRNsb1itxICgHJwtkjB42CZAF2rV9563S-cgZgwEtAxK7wwnC37rK-L-QrWjNWk1e3NZ1L9mmfN54yxryo4tduY3Pu5ItrJKyM11WoX-74pgA_aq22CETg9T2Rg0dk3ZYRNJcRRwuHLIeRjv9bZgoBrn4dRAx2jmt6sxDgb11mb5SDlHROTNQSHHywS22n98z_dRIoYqI6kl86G9vqW6qvSCRc8CSEwhQNkSzBBYet6NmvYD0aP4IhC8twP9Gr3xoEMelMWcOiFJIgq2bUROLVGLiRNSOTjJoO_XkMnu9bN4piukm9DcUMGwmnsuxp5OyQKO8Ra6yWwxCeZz8OOr7LKFuWwWdIJI3YXQ_I5xbNxpaJ4-dn_PZ_yQ9vryUMf6_Rz8j8yTwS6M4k4mmcF9jizO1GDrc68mJ9NIGLvFfmBsSmkmqaH2OFLd2JXv_B3xQ00MBiM91L4UcFD4kBrPZ4SCbAWlkuGVpGLboMRZTRQ3Fb1uOzAzJV2NmaME3Y7QQkidCMcZz4WbF_2uuDBedBiQBKTwW-u6ZqtbiiaEByCviHPoUVzGbzI5sHBoBQ8rSENOfqLzpX51R_xA_hLqRTaXnu41CUTKmvYXb7FCk8KUX5lN1nluIk2VV_pLt5Fpi4vrZCghhJlr4A7I0KUkd4SndEEloiIkNm3UqNcoVpX6FWR6PmSiBAqNGEylzVa6nrfoi-Jp5cYDTMmCr19-HAZdPncVro1MjXkSPs4E46mVir5JjB7CYf2qiSjiq3f42bMFJ9-94QghvbWVIse4d4_74_Pd7y9Dam0TJyhZrFXTvMzt8NtLbEnPh1JxyDuGXLpUUsLkEHoSXQ1k_rEki0-gRtFpX9czizm8TAWKg3dwxoDNzpSb2hc1Kk3N0Y-988R2c1RG1j3TbB6Fb5OuQHCZJKo8lQ6bB5lOiSHV1cmw777SsTmojEEAJKjacZI9HFyGca-5QKyAkIvoe-U9L-Se6KfEaN8h_wSdloFOIVkyfFBa-6ZqAj4aV3WIFZ5ci_jxM5Q5cTwb4tQOXtNU_2fotKAK44frvpqhAfwsw3D-PKWGLYPT0I3MLUwAISDXPMuJ0Th28ufPzvYBji9toj3aRyKDCwYEwHZk1V0IQ8ZWiJdNZqnm5X3qNyGAIjvDPWbMPejSqg63VifRjU2qB4bGcPdYgtQy5XBvAblNBtQEbPXmRng9gV5SxbvEPW3-RC9rNKw4kOOw23B5J5DmZAb2lHEKMbG9KbUZdi4X0k1YrShpoxwDPMdEsN7E2AAqthqiOFzgZ7rvKMYbx4N_Ar1rzA1H5ClWfNgTvFN3JhpRs_HQ907ttvg4a2U3If3Wa3NPl-uTKAxPkFKIkuukMdwN5Vs5kiAFHVBk57p0oNccJlQluSWvTAjEs0UzYMdEAKEh6pyoy8TGYipabPuc8LpbVhnO1lTW6Y_JIAXEEVatiENQwOoTdoNF5jG792-VBAqdzhS-1qZIRrCwRr8wiihbI3VNL-fVKUhkwbERXP7t-jFhUOuPFKQmAy1upnPOR7GPxkZCY6BO9n6iuZQZ8q4IdHtCvH-t69f9lnOhP-rDc780yGm4GedatXM_xE1lUPPOEu0BxiTNCnoCaH49NxIjhW97_wkBM_ncGFUZFUgY-OfhLd26KGT8pOGvg2WJzFDXPDhGipr9hTXZymHKfmc1UzKa4zeUFV1H8igNXmhY3a3d9cH39yZNPTfIst56Lk6_njm5vQM-3dWdnXTzYBg9O4NQFSQDiErM2CpmEvNKunHkym7Yh7sxvvJhblR4J8UPW8jV3BEz8dAAn8hyA1ATaDhui7vvmuJXsJJs5q1BhsWoNNaFm1bwlY6uToYSFrZ1DOMn0ePwWzkAekVVqa10BprPLmQXMT6-OFwhIGCHEn5yAc5vdVU8cZitWQMKEUMF8KF7uRwgzgm5MbaUwudEoykQq3hmJPDKNWyDflzZNXvarcREN9kEmWAmNnkc-Ic08S1zq8ToRXBzPEONIw0ZZ33lUuq5cmOWVnLGHOJxpmg0Et_dV5tlk831bnfdqIddm4k2cFFCpJOG2-ZD12lEtB1xq3vaj2WWx_zm342jKbiRFIpC6UyCQUp3dPP9N0hxozIuJ6137P8Om9v8nGWTPPUEWAxH55w9Xbab7TdYLAtKUB8_gCmBP_CGkHTHeh0TOEHGv0HomLBeCRHKezHHAS-7Pm7nw_BQp5CmhcWO4-qmWmQizD1Xz0iScCa0kXoF6IZVy5VqWP7Irww8VyPId2NaOypmTQHtRR40xUnpGlC6vxS_vXkL_Kf449CKWmj&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=1126878060032665500&adk=521587874&idt=146&cac=0&dtd=25

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a8271a93fa586241c7d02ebfcd59c9f375bc33a1f21308ef0db72bfe6ddcbd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39124
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2C5C 3 KB
1 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 11:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:00:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2C5C 20 KB
8 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58263
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 23:16:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2C5C 0
0 195ms
59ms Image
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTIrv6P3YPlerxlN-p5TareHnzEy4xoGwnCrQEc5kYO97eyxMYyGHt0XRVBxjxEC9nPPr-ZfhfFxabu7Rl6q1O-vBifJA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C5C 203 KB
64 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:01 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2C5C 0
0 99ms
96ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTMjqgYZXZYbSEr_TtOUPlK-GmATJntKxXM3hkvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMDUzMTYzOTMxODgzODbIAQmpArslBQjVM7I-qAMByAMCqgTEAU_Q1h9J9D50mvZeBBCmWT--CtdLkCxPmLhkocn5Tzkky2D4_RzfctYDRBCvu0OaOSbEJOfi1LZ3BT5ejX3rj12x3aLAJ9pg6dBu-K6rOTOmVPurBgqowXKV4EwS1bAx94JluzOa5S-MNKdzfub9JN-dRxBwLqstW_BdsPrlwkIRjkddiIVZjzjrSbnZxhQXORTF8bQnOt_hhx9fC3zCI8J64l6F780tFzJ6cGsewm9CkfcJTU3sblQNOfflLP7F115czAiABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDEwNTMxNjM5MzE4ODM4NhgA&sigh=gOxjN_DYRM4&uach_m=[UACH]&cid=CAQSOwDICaaNUoQ-pTxOOsimpDjYXoQAanHzdvm9kglQ9YdcB8bK5rcw2WKVlGNpYYAfxjfazYvGYmifPAxkGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 2C5C 0
0 87ms
18ms Fetch 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kMHZGMz6RLAJmAKdg2ICAgAAADciWQhgxHKMEICGV2W4oAaCnBgWUFIqAAASAAAKCkFRVUREd0VCRHc&wp=ZVeGgQAEqQYGrSm_AAGXlLEEPuX2tGr76ri_GQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 151503
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C78B 193 KB
57 KB 158ms
99ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVeGgQAEqQYGrSm_AAGXlLEEPuX2tGr76ri_GQ&u=%7C5wcN1Cu1QHVrB33oVvfvplKftgpypLoQK1VCl9NoTnk%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC86wYJKbg7yT2hRD2l8DRmMZSv7VrMzdxGvJ8JcCAUBvKKaYsZ9LZayWWV9ihXZTtNZFis_Qe2jHmgiDgGsJPkfnwSgtI_QoJBKum28goAOxc9JZrT4IOvlvX25_GKc2sJXmrwJ2dNeTUV1ehab23oBjuuSTwRsPuPlZHF9l19lCqoFL4ppOq63x022d7kDpDZh18ngGPk-Ub-u0Uog_WO4mJX9haNxMLfrCWLs6CggWnnCz6tnMtpLaVUZgbJUfz8kAUEHHLTZKYQFE5R04WXWtqzKhp4HwHS3POKJ2a2c-S_Xcx72ctDko8RYkb7hhvBEqM3B1qLs_LOwSQC7Cgj-JXaKi9QDN71wCUpsC-zfAQrGO0Sa6xJOwB9g_Cns9fAXF4IteciuVqjzoLimPbLRZPmkMLM6f_qcIAgYaL6RP_eNatl_u3Y6Hsh83LBxRIuR1BXgVz55D5Zr1d-Y7BihZj8_4mJM5EDjmZ3QLvhtzESNZ2yQikUBzpR1fZUu_BAtH1cIQN4g_IVeK0IWYtWOX4tH3YMWQNDOV4tV9IqxSqjv9lZeM7ovyk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRI1DgYZXZYbSEr_TtOUPlK-GmATJntKxXM3hkvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMDUzMTYzOTMxODgzODbIAQmpArslBQjVM7I-qAMByAMCqgTHAU_Q1h9J9D50mvZeBBCmWT--CtdLkCxPmLhkocn5Tzkky2D4_RzfctYDRBCvu0OaOSbEJOfi1LZ3BT5ejX3rj12x3aLAJ9pg6dBu-K6rOTOmVPurBgqowXKV4EwS1bAx94JluzOa5S-MNKdzfub9JN-dRxBwLqstW_BdsPrlwkIRjkddiIVZjzjrSbnZxhQXORTF8bQnOt_hhx9fC3zCYcBbcN4WP_CLxxWg_Ev3ZmFlm0EDY1Vu2pwwnwVaMtLdT5TI7OE3dvOABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3TjPI8sJ8Wjlbt_HiwP7DAkFI2Nw%26client%3Dca-pub-4105316393188386%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d3749ca2ee6ed51d8da45099c81a6a031deadac7de7ea1d595bc54b74ca6dc6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:01 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=cgTusB-nKTgpmPJ2Z3TAnLb1ujX_ysE4yS7WA-6j6WJXPLp739rRxr752WQhTTlr2cV1cPjvMgWQ21GnrdKCRjGQ3YwSh5IpW45ISnHAfJ0jdhXdAQzTkoDkoT_diMPl4hTRrmsSfohdEM0jp52PoypWm3dy7OOLb7gy6l1u7Go6CRy7SmqQC82FhXikbdKwQQKgulPJKOPXNSsHu6KmCRKav-9udduwTf8qttvHGzqHgxllIiWMotcDkmLUK7rYbRHoEg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 71087390
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3DE 0
20 B 89ms
88ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=968672044044&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3DE 0
20 B 88ms
88ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=968672044044&version=m202309260101&ct=76&x=1&cor=15211146504769497000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A3DE 92 KB
38 KB 132ms
131ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CV2V5zWKHQHOPviMS-wvaMv9u1f5DOOEZoJB1n30eA_OxEjsk1Op8RPE83X7Aoy3O4P9_rwh9RDbpdsQb-8pI9JL8lzWAHhqJM9BUNiKy68iEIXoKSgn7XCW8uljqhzo7mJQVa-OKXiYOHsDw92Vkd_klwcUOBNYkpeYfCYznw_7qODrY&dbm_d=AKAmf-CyucAvoHkj7aP0Zjc9v4czxi2Nt5oEnP7RGa6zbTFq_HJKjJV6AkEWXZG2JNeA0TNrfqVchFjboHdD5RgpNOURAtElF6gdpZir_JzS5zMnqsAKNgKBQqGbd3bwOtN91LBXWZRjgyhQsF0lJqgEx0c8hKgmAuo0BjjFrEBBVWIv-QJovE4QUhpK0MNJyjPFiQ16gJIuLLw6DY3eye4-YSO9mIOReLh1x8vAT7fA5DuLKV2ymoVDAWvX4btEEZQsbCcMyc5Sbpyr8EazSD4AZRUJCE7jmJlAr3yxU4ITyJSedQM3Wq-N7n6tKEVWy0o8Oh1I43n1b54pjNmhS6IH7aSheF297jBSGZVpsdZ4BpSfr3ZAn-QQcceXdhC0FOxMB0hTcLx7197MdRjP1nR1soZ-R6prWDRtqGW_i1Oj0bLgnHnUebDrcXuiPrL5YndH61gryPf42JGEuhs1ejnhLjXThoQVxcH37_YjMjcBIW4etdjHJY6Qa1knuK3u7dfFWItJ8ICAsyvSGDXAE2QzVYjG-gIsiBovAp5M14ERvj9XKLxkWLojPiziT6wtOPOtLETuBI1zbzu-dDkfqj6QTp3BWobyo_-FSLYsieCfNBv67-9h6Zu-o3vGl_7D6ANw7-3vgLX9850yh6h8NQKuLsZNwRoCVOa0tvhFnAzdtfFvdRksQu5TieojLwNwyTTQ9UkhcOPKqEwSt_Nbah0xOLXE-AVImDVB13CEFdFxF8YfpAX-EJenKQ9jSwjz3d5ffxKpJLBwR3QrT8EDwUYv5qHAVOCC9hB5VN3OrEQrPZIcaeYoUmY77Sm_iK2AWfM1cEbbJK9f4pWI885Hm88Ejemz3wupBIeR7SLHkQ-N9a2W9lf4jdocbgz8kcqxXEA84Q1JzDtttX4hckvBusNQdJxurTzgE38T1UkTKAxHVPQ0nuOp_5zAeIBY0X-3sWkZqkzXoJgNV__0TVSskuw9gSTXjO38NqcX4uvFk2_lsofLXe_LXKuE752utFqURT3HMrqw3XyxGNOQMGREpLzRRC17GZeFPb3kFJEJCKZRJMtBKZ-CKmrbGzZI1opTlqh0FuHCzWAXZgPuwvmyy0ZiTbhLn-bF6UDABkKRPUpmHz03Lhm1vCOsUveX3ffNqWrRO_OOaSLKW97DKhjiaWzt_qVky8qcCbYUxIyFvTc8owizmkaf8xd3l_6YAk-5a7NajnqVVsSYW2ReFxTmg5jkEYj_wIY-824-YvIhPLWYGmFWl9qRUTr8NbN4yIdSrphW1rpMJWMwt3c63y0b3ecNvGVsxeFJry-Jxu25yfCeF74B6MDjX1tO7i0ndVQwdDCtvxC4-3y0QqbjJqIwDc5lkoGKefb6dUsK2vL79x3Z7_nB3zyS-VioBkv94NDHxU1iIUQ2vsgi1Sb1VFLX9KXUGON8SMIdmKKi_91Z26p2yYxyfXy6FI_zjb68L5rNRYaycQPCzvuF_Px_fxdl0wXqBGloFMwVVoJ9sopwv3Oq3GQUJuO6UOHDmMTmxgeXhr1xzvaW931EJnxVBNGRj1I3eLUqimuQUKA6q0xN8qHdP4Y82Zda5ZXt1Y6slxy_OlqwzwHMXGGoYr2rAR1g0hC-GDPbzCfxyiAjE5xLCGMFzwsDFfotYWKE6W9e3FjKDCKAIod_D-RcFrIg4lKMHwMHxEy1um3h-aUNrvHpt-_vhk8oPGdrSbcf7woTonvZqjkhQA-PyjzV-kR39bwTHtGH6VXMnBF2tZi3Fx4jUJ6n5MI99dimDj0xN0wRiSDGBwppbEaMbfltB9PBAE6_w1gjZ8WrsVoN-LsXStmvVs6ER2FCJPeSflRxVPN0M4NGGOWKF06jEfSxofwtHaUIsAtbI874yMa-fs3RPUVpF4O49u1dQpnVbzeu_oRetHNE_k-Mu3FBafdKnSk8ftgLUQiisdMIfJjRRPKQE7HH9IZWYEGyG9P2wFZuS6Pg0k5iy9EpRkUJUA-873xhoXkKcpUFuT9LW-D1OvhWUT-ImtlaRqWh4a-z5_Co1SH6qiACQZ6MJDqjKR3hi6gxU3aGzWzoop_zYqBytK5rSKAhOQ4RQy7SGHw2WS1NXspisxrO_D-XvsGIYfdfwEh0N84lu8jrDokXmWVNyKQHh1j6HHXctvu6TzSUI2Hz944vLL9NV4t4b5Fz8dyFV5_DWkzNabq_5zU8G6qSG8fiUVh5x0kYVxIU86ZOVH0s1DzVaHPL6cRM9JXz5m4aaveSRiQUe4rRg2s1DQMjiEkbRtkOlzctf7Xgp2rNNfFE0WEyRTB8z6Skbn31XbOaylbAnvOVAjjj7rOxUS9-uD0t4y7yLZWpdqFqGNd1O20xzW65XCEEi2E7ZuR4sWHlZd10TW01lbWr-423bGVrzSWZx03aF9jUuj2fZZn4WbHMcVHrUhpHrZMbNsys9Ng7fGlouxASDLiZZCs4ORdnCesJZBVvgAhdZ1mDLjggdZOmaNX0OSsqaRuLD4QwkFyU8rGEJwXROgaF9R58nkdhs1SN0-CQ3kWfFgij4WRaTPtHyJ12onFwuzN9Qui0MSSYuFYZYJumvFRAvNXRwlma4eJ2w0kbxHNmfwqHKYZ9SSkStgF2VkR6Gtyv6Po0iMi0TGH3rebk2vIlC6X8LnL48Ga2723JeQEeZyU8_5DMoVAGVDgCPDLW9KG2_L5T092UmlxgxVhmD-Jko0cWk_Wmew56N-rSgK9wbgNLOSG12Bhe7KimQ2kQnn_RvxmhzFkNUVb6zuGidR2tSDMBpn_EG32Kz6bRbamjsZdEogXbr3QaO8looBJWJBbA3IJPY_nRI4S9Ey3HURwxFFaxow05qUqFVLhnu299q9Pvo-bm0_X2Ll82mxaKwU-ZvZXHZ6nO3ZD9lj9MSm9rjy99xU_0VLjq91PMRz-OTtgUpeKMJuR_MtMznkKzgrLNL83r7Vv1Ra1wJH0B2XxwskeNhRKv3d-1fdduB1NnFgXeytnxHfS6D2-UC25eaiBxAAjwh7sOmFMZlYwrHT7U-cV5LEy0uAf76Zp6EMEspIpLm6O1GShvRPjZu0wGGrtlioBpSU5anY1t8dxGvipBPfmI3pymZduFMgcqLkA4ZU1yhKBQYv5oE9YKlKIzUaiyJ1VpURB6J4EziRu9OnNt9Po1aJvYTKZzUuHlq3aKGY8qG6w_VGyeudRY1mkiM_p0zkIpv1dQDtSXv1xwIrYRFsZ3VzGJ0x7b9h0GOShfkx7t199kQQlmI6gXQUYd_HYmkLtO64Jq0KZMVOkIqsE9ELjnGqWcTmCqyqwEygA2ocqVbV5cTu-cmGxxoaBgHKdGltqltJzsLBYS0GDHk8AhZhNsQWpcr9GmSPgCkvN9NMC2fZxlY5WlFZKF3R4gQLcRlz6GGK8166yNjN_mdVtvN62pRfuWd9lz7sGeOvQ2YQ1OqhXABElixHUXoGoriOUv8cxSBoUMGBxLIU521y4-C8kv94uVmSnyFhMME-XnT8QiDadR1OWOH5fiReNAqdECGc0UlN_8XZ5XEoq4e3h6nmABekI6tidxRtPuw6P5gmxI_bzXBJnhmupfg9CPzHFVbAfCHaqo9fEOhS7rgatFaGbGUFHNjg&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=15211146504769497000&adk=1877897943&idt=189&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98d6ccddc99d3b8fe3a6f75ea01ec68a6bfcef5e4442e8e54682577b5ae2974c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38957
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E00 0
20 B 90ms
90ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2694845573210&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E00 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2694845573210&version=m202309260101&ct=77&x=1&cor=15539817034796330000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0E00 20 KB
14 KB 344ms
342ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXhAOXiNsEn3wlINSlFwqSDw8TZfKBb7QJXV67FGqKx9gBZ6ARcY92uGXwDQfEEVefQSbi63IcMUy81CSElukn6pMJZPZhOuIlzOP2ananMIUsRLFQKc-NmSneuEk2HF_qqZ9CjOhLfJXQqYAH5OYXA_9klzFB2SMZBI2qnW4r8_weBoM&cry=1&dbm_d=AKAmf-At6R4ijwtfBG2aoK5gnRB4F0-Mp4zMIuSQ7KR-AGECDwE2wHn4D2kKPhKVngrxvqtWvYc789iGJW_K171launTZgQu5jNQ2ViVk7u2A7JvlOybiBMvyP95ohkWEd6No93cKb86Ll2yW7QLTJSker_YKe-xqShKOs52NVn4DDpsszTaqZfkgHPwHEP7T9RSk8Tf86rYnmimCZZo19GkHMWolz5yNWRu2QaeYbX9kuy5fsaQVvvHWi_-3RaoYwCnmqUqobS2X7YTBlwVvxPgukHMAcEUjx59aXU4rcDMfZPBKhbBZuulbwZl6Zn5fFUyWeT9354cOgWGQkUmFWSE71WaqTqfhqGSQJesFCxjVghzfKiwVSf5pcdF-KVU0sywS5GrTfso1grrcZ0Soux-LjKaagOSVEiLKjAsXqQ_tNrJ6uDppYAR2vqBtepHr16QlbndKxAlIMfmrt0ZEZFVLPKXg9pCyZaC3ZhL2IOfQX135lQgzxkoUmdfsmJ5BlXEMokGlCd1J86NeHOh-wQtHAxC9RfbO5phfHoRxBiB0INz-j2Weo36gN-7_na30InPpnocgbz0d5YfIMcVrFSenUr3XnXJiIyxRlWA7JW0JJNzf5659UzM8BRaL_0MKcqQd-_R-nWOZDYNcCZClc2BcSJONOg9tG_tUYTnE89MKm21gFeHvzblM9pQrvUvnGzvBSTDN3xrXEQq0eq3Ifi0KtKi6wCmGLxLmpWA8SyDu6sz1YrYLlF4hSJsi6dou4k2l3ZdEUmtCVEt6_xFty1Q1HRM-uR9VQGmp_YtmIk7b-PN_2ZzhmE2G42ld_Z8DHFLQddTSB7dzhk5vxp_J0WA_twdjtbBtXRmnUj6a4wIEbmr75amFN4I8V_dY8xEOYnTLPIiN-mwNKSEmfQ0STdyuIdv4IdZOHVXP0YWju6O4j9dx4pbs5jn2tZcx8NpZ7fz-tHdO_7lRTxT4bI3l5Dwy2aGhL6UooFSMyYYbK8nT-BJRmAAzmCKA6HtAWJfIKrhvahmmQl9Q3XBBjUcSVneolISSTKTqCB1AGXGA72KFxd2yahV4cpgC4kpU7e0yAiZj5Q_rSTWnanhr4rjCMDulz6dJAzw5hwRYnOH-e2G1Kr2lamnjT5yBqdkQ9llrB2iJPR7au892ez88JQqOp2z3NFT2bb3Nb4RwW_bUgCQUXfqZNoq33oR29iyuXDnappSKwHO31G6mEnwSFQ8m5lai_Nq1LYCQzNHFiZiPiXl6bIG2C-mzNFQpJs90C20kiSQ6s_xU5yaJm2hHVpUUBeYT_B7qJl7KViYPTWbpinXHVznG69Ovw_Hho3Ms9oJZcrLmomxp_S4eyEgsJcK0yckLLIl_sWgXAem4tM8KpliJqDUPTwbUpNggcgGTvVyef8zqaNQAUHt5O5JgBXHhhTHaz8dtw10KPxyDjietXATbsk5kmPXANxJ70egS0mAQPguTLD73RwykCsLB6sx2xuNSzDIWYmq6u7ojdDfFVn5jpEojlOJ04o791rJVQmrFlp4CzgRsLqsdIJxRcQV-frnydDDQKBF0A_Eeew6Wz7kzhUwrEDO0bryukO08lAolCBODVM-c0eUDnHYn17e4IXmGgOwpaB7jI_e2GvNkxsa-EbL1fqdwxOA7Q0FzTT5ktw_ziq_nMGhIeqN2sjpdGsxfRarxf0Sua7ouq-ydmIGzHL8JhTYp-lNxsbzCdYY-jYGWigAPQ3bn6lLSj8MXzoI8jzXJiKA2b7h4MxALL5GW5_LN3NiCFvoPU2M-fgKHAIfebQKMCdu40z72P-8cqhPRUZmTaH7GgSvzn_aIMrS4ha1nLx1k2iKIPWhAifoLGzFKIom7nWepqUSB5oO3aUPrce_LJ_UPmpWInVxWaBQ8c_e154fFJ6hgbYcp-e18t34u0OY5V6hj2rGzvOW9uAe-fkgai26mww4CS_TFhuCdIqwbCOyztH0LKIyhVPgEVMX_7BubyyoaNXYk8aURqDLZn9Ws1kjzXuRAfvMaBGs3QQL0YOgXADlD66J2lin8tO_BLFnfhk3cQmhnu9eoF4dV23kdnHHv_ABx3oN1VsG4HiDcFgECNJ-jTDPMcl6iilOtmIMl4zVSG2_dApf-rGADiSUHWqY8Wghp9nfWUJILKvlZD8Y2ptiTh4BoORNcadSBo-nGDobEgCPDR9XN6rJ6vIxuCfNEt3EwxZtWHmWF09-715WbQb1U0t4p1eE0kUVwnT7qgBAs--ySZI-ZsRmz_SO7NMVCD__76qgdCv-NzU2JfGqdXKHy-HqJkYy_xl6HmSMzFdC9DfCCrpXwzUh8B5vFYSomy0xjhRBn8Cmt7IDcc94yHa0x-nIvItqm1xg2TXXy-dWh8kdyL91jqNIf65VjEhPAf73B-VUeVJkwpZ5iYTeQC7GbwBXgtbUWffsEM4jfK7Mad3zxlHbUdFqNQoln8Qf2De2lVG88Rs_EiV5oOeGPal4mM43AeZXjU7ilUFN0cPIH89pnoxWQZuTs7v5yKZ7wrwjFTtpANJNYq7v50zXmUuXekSDJhsf-6LYf3ZXnW94Q6s3zLWSwy1y3ITjf49iUZmEZcCl2SuaMaNR5Y9nyg35pBmEU8oEZ7EUzegERqnq0NnXy00Mi8m3Gra4v0MrGFbbkKFUtHW6f2PkCyfXJATVUBrbH38u6OHUhEtPqQjMlrzJ2A-251X2IZ2cJyjvp8f17Xu2ZG49Wo8H7JyJoPKTuPs9GfM8jl4x39CQtrzQzwS4keqIMX5NPgfIOmL3OJh3RSfVxgnWxYPFQ-bpBsfWWelUhghAe0q5ICBbu2GyhMFrHfyYAkJlaDSltlrWnSrLtsTtOyhy76CCgwy0os40OsDqg47-xjT98rniEPq_-LjDJSC9sJffApmsq-mi-X5OF6wdcD6dEUbk7iTyo5YsICA5eFzl1PpM94MrtDyC_DmLG2w1RZ3ADpHRYLwMca2mwIatAGQziP8VjpE8kce7n0OhDkoqmLgG8lQndn1mMeNzueHdzEMg_7Dd5GhUGJvoZQby-4r8UFwWcMHNhh9FXifGtGtqT2l-SYEfF6Ur96zzUp1qV8m9KZbWWi4Hik-_yyGvICpOMPK9CWvN8BjWDnUOBkHkrE9FgnfmbmWoXbj2B2-8ZL977yVOY-7UxhSeyGDDDVZ3DM8Qo8y6uS_WMBnXPf8v6tQ5nImNspkmRyz-joN-RnC4Yf5rfR7aKGyyfRiUvgAvQHWGylbf9hI5nvhGuHFBTHHM6TduuWCUbIGwGwHigbrp-xJY_-QME5vpZn3smbx3yhrm2H7X3XJa22oVVkvxhd9H-5pKCcM1EihVtv8A2-Rg4wvKOcUPmMJjQadg_WXX1VHVHE7UmcbIw65vn3xK79psH5adyRRunAP9a33Slec3Rjzj6FVGo09zzmvlS9kVoWkP6w6QLBciwgLoOwfUY4aPEUFaRjzXQAz-f8tEzY6JOJo8ypkjC3bQIL55v1C204B_Xww6i3Q-a_LauYlzlxIIOPZ_8X0U1UNQEblC0K2Nhr8QfQ2RfO8cma9VOYo3yvZBdWsYabmeeErN7XaN6KVc2-WJZU2qXyRTJCenKg51rTKaXYkDmkeK8-_beFd_8020l9hVPiJmBLaBCPG582B574M85pF9RXnkwoMpwB6oXF4aHyqgqr5Rwd6gYJ2LzrTqy8QSz84uh7KhwHF_SHiAOQVx990bO27RmZxHmLjbI-hJAOoo0fIRKjSURu2A462FhiE1L5vCichi6jvr78hSzq4EKb-uk6dGZfPEaf-GNtNclKfFA5gTGtqon4QFTZBom0y0IjaBbSKAU2KjRuiQhpdH-8XEz3BIjajw4xtwB15KyiUzqGiqF9M5spO5riMZLD7XwOQ&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=15539817034796330000&adk=929882891&idt=218&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

993b27f420c9927f68ed5023acd39625568458745e2ce23c7ddafcde66cd3e29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13958
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D56A 1 KB
643 B 57ms
55ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64268
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 21:36:53 GMT
etag: 48472445140208031
expires: Fri, 17 Nov 2023 21:36:53 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 58E4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

68ms
66ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:02 GMT
expires: Fri, 17 Nov 2023 15:28:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:01 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C48C 111 KB
39 KB 190ms
53ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 05:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 18 Nov 2023 05:44:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame C48C 11 KB
4 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJelVB0Iwo-o9N0FZGlg7MJy_RKyqu7dU1cHWmcM10m3soi652HN2gt_unmP8HjdbIeRR2UpcuGth7iXLyRWyitXX23nFcLXACLntmHOJH-SXjJYszo0kW478nue5r7-hkM5FjNO4kasngsmjm19GF5va4THe7MzFc5XjoPOUQwJQ8zf0&dbm_d=AKAmf-CZjoy87ZsHy5eOL0iRTXLlzmhaNtl8yseqCRb0yk1SI0bVI1EK2rHS-sWO3xHjYdCTGIvi_02cT_WXxCyKzSJlIW101u6GPaqdhW2FBM9pQd7YnkoSn7YGW4oY-1MTJt8aeQFdob-Xnoy5tzQtnuoeCUc05umSOn2aOOMSeFH9X3dWuAl0I10MTjGU3X7A8pau2Jr-9sqyWhqC-wEdjhbEbiL-XL8Ad-MTPgbF2AMVd7baC96jc5eA-1RJ6rVM5-ddB3d_f2QXhI1AQJm17A_Mxx5dHcyu5VDxBZbWnOKaQ1RQobFoga-XhHMga5hSd5uf9UdrfXhC4mSdg4XBcRS15pztbSpqFflx2TWIDQpb8QtfxjhqqdbAO688Rhl8xdXclepbyQ9SpKeDB3TljyZKffYtfyakR-W1Y8wTKHTTFR91fW01tr-dhlv4FptVMdTYqVCoIW57npsxITDQwwb5kWd1a75qfDK5itSWsD9Q7-0BhVhNwcy6MnG600NFGQFG90alqOOd811zheOXaNQ0wAcOirbgnihtC6ZkXRd7Lqu6KL0Ezo_82IB2LwqYBoNldItV2QKOt46qCCmtjGOQgrBuhNKswRFJZihjw-1o8IvFJ4gcKtt66DYOcrXTv60hMTvLyiknfKE-4KL54wTg0hP12v5YvU989BK-VxjMYMxD94mzLlC0176MP-8OPiLIBrBsj4jdVnPpXJypyS3ge490Dg5Wm00N2C_KEnz4okiBS_ETXAVuW_F_bjrMkgYOPV1KdkPvLrfbixWd3WQR5FrMiWCxRTpO5nGCLtkFJCtwbfHAAnLFPGjz8X8AenX8NsnrHMe8bK3aKHuxW5DJ5xatOTpvAVJy2wNkRyBbGqxVHaGzNuZm8_lHvfsa8jiZRzmbdBhRD8CvV3wJQG-Iv85gD3TqbLouJIvjUa6DMT9KWr3fG4-mtTgoY3Rqgy-ONcQtBGbaJ37b6jhDRJCDw3gUOP4j8rSoIOBDaw0aO2_8ce5Dyum2TZ0WAD_pwrUUG8kPbhoi_uHIZ4AHglKaXfewHKOa8iGzA8NNv_AwnLwsG8k6LvAZwCNekMzxFOj7piWwX_97CRhDi4blMFbqWrDf25tg-8JqzKbyDAFPhfbCOg7QlpAV0sYotmzQoY6BIlF2ZCcb_PoCUXv393T5Q1g85AWHMlSIdUfFAUPziSRnpSn5Ekm3oE3PJ-RTY08YXAngjNKwu3wcD0BawKynJWZAyNrvt8H7Vb5VSFRbJ1H7FAvHaDspXqEDgYz2avPZKlL09PP-sBOwu1H55KORRZ0hjdNsam9jFGSn7oMXORAlJRRvc-yZzPw0nxmCRsJxaHKVUyVXC_3uOc9PdaWQTjhzEQ_YdsalFip28ikiP6nKqGnH01J0h4jIf571BDCO3JRNsb1itxICgHJwtkjB42CZAF2rV9563S-cgZgwEtAxK7wwnC37rK-L-QrWjNWk1e3NZ1L9mmfN54yxryo4tduY3Pu5ItrJKyM11WoX-74pgA_aq22CETg9T2Rg0dk3ZYRNJcRRwuHLIeRjv9bZgoBrn4dRAx2jmt6sxDgb11mb5SDlHROTNQSHHywS22n98z_dRIoYqI6kl86G9vqW6qvSCRc8CSEwhQNkSzBBYet6NmvYD0aP4IhC8twP9Gr3xoEMelMWcOiFJIgq2bUROLVGLiRNSOTjJoO_XkMnu9bN4piukm9DcUMGwmnsuxp5OyQKO8Ra6yWwxCeZz8OOr7LKFuWwWdIJI3YXQ_I5xbNxpaJ4-dn_PZ_yQ9vryUMf6_Rz8j8yTwS6M4k4mmcF9jizO1GDrc68mJ9NIGLvFfmBsSmkmqaH2OFLd2JXv_B3xQ00MBiM91L4UcFD4kBrPZ4SCbAWlkuGVpGLboMRZTRQ3Fb1uOzAzJV2NmaME3Y7QQkidCMcZz4WbF_2uuDBedBiQBKTwW-u6ZqtbiiaEByCviHPoUVzGbzI5sHBoBQ8rSENOfqLzpX51R_xA_hLqRTaXnu41CUTKmvYXb7FCk8KUX5lN1nluIk2VV_pLt5Fpi4vrZCghhJlr4A7I0KUkd4SndEEloiIkNm3UqNcoVpX6FWR6PmSiBAqNGEylzVa6nrfoi-Jp5cYDTMmCr19-HAZdPncVro1MjXkSPs4E46mVir5JjB7CYf2qiSjiq3f42bMFJ9-94QghvbWVIse4d4_74_Pd7y9Dam0TJyhZrFXTvMzt8NtLbEnPh1JxyDuGXLpUUsLkEHoSXQ1k_rEki0-gRtFpX9czizm8TAWKg3dwxoDNzpSb2hc1Kk3N0Y-988R2c1RG1j3TbB6Fb5OuQHCZJKo8lQ6bB5lOiSHV1cmw777SsTmojEEAJKjacZI9HFyGca-5QKyAkIvoe-U9L-Se6KfEaN8h_wSdloFOIVkyfFBa-6ZqAj4aV3WIFZ5ci_jxM5Q5cTwb4tQOXtNU_2fotKAK44frvpqhAfwsw3D-PKWGLYPT0I3MLUwAISDXPMuJ0Th28ufPzvYBji9toj3aRyKDCwYEwHZk1V0IQ8ZWiJdNZqnm5X3qNyGAIjvDPWbMPejSqg63VifRjU2qB4bGcPdYgtQy5XBvAblNBtQEbPXmRng9gV5SxbvEPW3-RC9rNKw4kOOw23B5J5DmZAb2lHEKMbG9KbUZdi4X0k1YrShpoxwDPMdEsN7E2AAqthqiOFzgZ7rvKMYbx4N_Ar1rzA1H5ClWfNgTvFN3JhpRs_HQ907ttvg4a2U3If3Wa3NPl-uTKAxPkFKIkuukMdwN5Vs5kiAFHVBk57p0oNccJlQluSWvTAjEs0UzYMdEAKEh6pyoy8TGYipabPuc8LpbVhnO1lTW6Y_JIAXEEVatiENQwOoTdoNF5jG792-VBAqdzhS-1qZIRrCwRr8wiihbI3VNL-fVKUhkwbERXP7t-jFhUOuPFKQmAy1upnPOR7GPxkZCY6BO9n6iuZQZ8q4IdHtCvH-t69f9lnOhP-rDc780yGm4GedatXM_xE1lUPPOEu0BxiTNCnoCaH49NxIjhW97_wkBM_ncGFUZFUgY-OfhLd26KGT8pOGvg2WJzFDXPDhGipr9hTXZymHKfmc1UzKa4zeUFV1H8igNXmhY3a3d9cH39yZNPTfIst56Lk6_njm5vQM-3dWdnXTzYBg9O4NQFSQDiErM2CpmEvNKunHkym7Yh7sxvvJhblR4J8UPW8jV3BEz8dAAn8hyA1ATaDhui7vvmuJXsJJs5q1BhsWoNNaFm1bwlY6uToYSFrZ1DOMn0ePwWzkAekVVqa10BprPLmQXMT6-OFwhIGCHEn5yAc5vdVU8cZitWQMKEUMF8KF7uRwgzgm5MbaUwudEoykQq3hmJPDKNWyDflzZNXvarcREN9kEmWAmNnkc-Ic08S1zq8ToRXBzPEONIw0ZZ33lUuq5cmOWVnLGHOJxpmg0Et_dV5tlk831bnfdqIddm4k2cFFCpJOG2-ZD12lEtB1xq3vaj2WWx_zm342jKbiRFIpC6UyCQUp3dPP9N0hxozIuJ6137P8Om9v8nGWTPPUEWAxH55w9Xbab7TdYLAtKUB8_gCmBP_CGkHTHeh0TOEHGv0HomLBeCRHKezHHAS-7Pm7nw_BQp5CmhcWO4-qmWmQizD1Xz0iScCa0kXoF6IZVy5VqWP7Irww8VyPId2NaOypmTQHtRR40xUnpGlC6vxS_vXkL_Kf449CKWmj&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=1126878060032665500&adk=521587874&idt=146&cac=0&dtd=25

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 16:12:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:12:43 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C48C 31 KB
12 KB 63ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 16:03:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:03:46 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C48C 41 KB
14 KB 66ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 384973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C78B 2 KB
1 KB 55ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVeGgQAEqQYGrSm_AAGXlLEEPuX2tGr76ri_GQ&u=%7C5wcN1Cu1QHVrB33oVvfvplKftgpypLoQK1VCl9NoTnk%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC86wYJKbg7yT2hRD2l8DRmMZSv7VrMzdxGvJ8JcCAUBvKKaYsZ9LZayWWV9ihXZTtNZFis_Qe2jHmgiDgGsJPkfnwSgtI_QoJBKum28goAOxc9JZrT4IOvlvX25_GKc2sJXmrwJ2dNeTUV1ehab23oBjuuSTwRsPuPlZHF9l19lCqoFL4ppOq63x022d7kDpDZh18ngGPk-Ub-u0Uog_WO4mJX9haNxMLfrCWLs6CggWnnCz6tnMtpLaVUZgbJUfz8kAUEHHLTZKYQFE5R04WXWtqzKhp4HwHS3POKJ2a2c-S_Xcx72ctDko8RYkb7hhvBEqM3B1qLs_LOwSQC7Cgj-JXaKi9QDN71wCUpsC-zfAQrGO0Sa6xJOwB9g_Cns9fAXF4IteciuVqjzoLimPbLRZPmkMLM6f_qcIAgYaL6RP_eNatl_u3Y6Hsh83LBxRIuR1BXgVz55D5Zr1d-Y7BihZj8_4mJM5EDjmZ3QLvhtzESNZ2yQikUBzpR1fZUu_BAtH1cIQN4g_IVeK0IWYtWOX4tH3YMWQNDOV4tV9IqxSqjv9lZeM7ovyk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRI1DgYZXZYbSEr_TtOUPlK-GmATJntKxXM3hkvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMDUzMTYzOTMxODgzODbIAQmpArslBQjVM7I-qAMByAMCqgTHAU_Q1h9J9D50mvZeBBCmWT--CtdLkCxPmLhkocn5Tzkky2D4_RzfctYDRBCvu0OaOSbEJOfi1LZ3BT5ejX3rj12x3aLAJ9pg6dBu-K6rOTOmVPurBgqowXKV4EwS1bAx94JluzOa5S-MNKdzfub9JN-dRxBwLqstW_BdsPrlwkIRjkddiIVZjzjrSbnZxhQXORTF8bQnOt_hhx9fC3zCYcBbcN4WP_CLxxWg_Ev3ZmFlm0EDY1Vu2pwwnwVaMtLdT5TI7OE3dvOABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3TjPI8sJ8Wjlbt_HiwP7DAkFI2Nw%26client%3Dca-pub-4105316393188386%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C78B 2 KB
1 KB 56ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C78B 308 B
636 B 15ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C78B 293 B
621 B 16ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame C78B 43 B
348 B 66ms
16ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=f7Hk8LJJ1NWGcSKhkbfRcEAoML2WZCu4ZwxqyVqsLKaQy6ukK1LAXc4a_u7Ym5uS6Y5WvTKSGurBcaNb-IhQR7u_q0U8kWR4ktBrM6PqF_SfwJa27XpmLuIuG9r-kkyBxfMoDX6jabs7YUYHEmQ3I_546DdrDFVTL8hkZjndbig0RA9ct-Zg97mVy4I-Rv8ThAa5U42DHTmKDdr42PyiHhlU1inpW_hg_1Pv1k-6C_scpfXSZ89Vu83IoJ4XtGXAG4_Nkk0hUPs0FEWPAPmLNbaNdzCHpNPh6dzCaHNrmcycDXbKSTxL6MSqJrSy3fhI6lbfc53A93qNSGxgzk-t2SurSwC7wFaVtHkRxnMb0138AK4mP2mJoh2-ViAenWUo0a-JqcFxi_gwLBFU393-bK7QqOCH2TGjCVucNciTWrG0QePh

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1605971
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6D73 42 B
64 B 197ms
89ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3xri6dGNc4j5t9foPksIESAb-BQ8SeSzYq3_JyfcXzk-IYD7KF801WZkW_pxqiK4oUpCjALOL0JBTrz2Fi8fin9t3pT2BJvxWfOGfBLACBJVYJL_g1dBZghR3sINv-UA&sai=AMfl-YQ4GvujyXLCVsKtuPG7vyhe1U7RZvwfQkeuXG2n8w2BaHMcb8Yt8kpFfvB9YKYdDMmBRWXi619pkedBBWCG4-7yGA67vo0H0GIYHLRLNY_n58HO1L286y-Bst_FoT2IPkbZruIqW40WrrWt-Q4ugfIsAvxKRli1-gA&sig=Cg0ArKJSzMXop5tH-s3VEAE&cid=CAQSTgDICaaNb9HqtqTBCoe7Ski4OsmJNsqLIiEXn6GQe_FOGbbFfCzmxnpLJ2Du9hxTdULVnryIb5jF754RJpA0IyDMPQoXXJTtg0VDO8HqVxgB&id=lidar2&mcvt=1164&p=0,0,90,728&mtos=1164,1164,1164,1164,1164&tos=1164,0,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=749540655&rs=2&la=0&cr=0&vs=4&r=v&rst=1700234879427&rpt=1613&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2C5C 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7bf60218c281806f89bb35e18db19b4e336f69162c27ec36f81ad71d5f85487

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame A3DE 111 KB
39 KB 91ms
91ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 05:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 18 Nov 2023 05:44:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame A3DE 11 KB
4 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CV2V5zWKHQHOPviMS-wvaMv9u1f5DOOEZoJB1n30eA_OxEjsk1Op8RPE83X7Aoy3O4P9_rwh9RDbpdsQb-8pI9JL8lzWAHhqJM9BUNiKy68iEIXoKSgn7XCW8uljqhzo7mJQVa-OKXiYOHsDw92Vkd_klwcUOBNYkpeYfCYznw_7qODrY&dbm_d=AKAmf-CyucAvoHkj7aP0Zjc9v4czxi2Nt5oEnP7RGa6zbTFq_HJKjJV6AkEWXZG2JNeA0TNrfqVchFjboHdD5RgpNOURAtElF6gdpZir_JzS5zMnqsAKNgKBQqGbd3bwOtN91LBXWZRjgyhQsF0lJqgEx0c8hKgmAuo0BjjFrEBBVWIv-QJovE4QUhpK0MNJyjPFiQ16gJIuLLw6DY3eye4-YSO9mIOReLh1x8vAT7fA5DuLKV2ymoVDAWvX4btEEZQsbCcMyc5Sbpyr8EazSD4AZRUJCE7jmJlAr3yxU4ITyJSedQM3Wq-N7n6tKEVWy0o8Oh1I43n1b54pjNmhS6IH7aSheF297jBSGZVpsdZ4BpSfr3ZAn-QQcceXdhC0FOxMB0hTcLx7197MdRjP1nR1soZ-R6prWDRtqGW_i1Oj0bLgnHnUebDrcXuiPrL5YndH61gryPf42JGEuhs1ejnhLjXThoQVxcH37_YjMjcBIW4etdjHJY6Qa1knuK3u7dfFWItJ8ICAsyvSGDXAE2QzVYjG-gIsiBovAp5M14ERvj9XKLxkWLojPiziT6wtOPOtLETuBI1zbzu-dDkfqj6QTp3BWobyo_-FSLYsieCfNBv67-9h6Zu-o3vGl_7D6ANw7-3vgLX9850yh6h8NQKuLsZNwRoCVOa0tvhFnAzdtfFvdRksQu5TieojLwNwyTTQ9UkhcOPKqEwSt_Nbah0xOLXE-AVImDVB13CEFdFxF8YfpAX-EJenKQ9jSwjz3d5ffxKpJLBwR3QrT8EDwUYv5qHAVOCC9hB5VN3OrEQrPZIcaeYoUmY77Sm_iK2AWfM1cEbbJK9f4pWI885Hm88Ejemz3wupBIeR7SLHkQ-N9a2W9lf4jdocbgz8kcqxXEA84Q1JzDtttX4hckvBusNQdJxurTzgE38T1UkTKAxHVPQ0nuOp_5zAeIBY0X-3sWkZqkzXoJgNV__0TVSskuw9gSTXjO38NqcX4uvFk2_lsofLXe_LXKuE752utFqURT3HMrqw3XyxGNOQMGREpLzRRC17GZeFPb3kFJEJCKZRJMtBKZ-CKmrbGzZI1opTlqh0FuHCzWAXZgPuwvmyy0ZiTbhLn-bF6UDABkKRPUpmHz03Lhm1vCOsUveX3ffNqWrRO_OOaSLKW97DKhjiaWzt_qVky8qcCbYUxIyFvTc8owizmkaf8xd3l_6YAk-5a7NajnqVVsSYW2ReFxTmg5jkEYj_wIY-824-YvIhPLWYGmFWl9qRUTr8NbN4yIdSrphW1rpMJWMwt3c63y0b3ecNvGVsxeFJry-Jxu25yfCeF74B6MDjX1tO7i0ndVQwdDCtvxC4-3y0QqbjJqIwDc5lkoGKefb6dUsK2vL79x3Z7_nB3zyS-VioBkv94NDHxU1iIUQ2vsgi1Sb1VFLX9KXUGON8SMIdmKKi_91Z26p2yYxyfXy6FI_zjb68L5rNRYaycQPCzvuF_Px_fxdl0wXqBGloFMwVVoJ9sopwv3Oq3GQUJuO6UOHDmMTmxgeXhr1xzvaW931EJnxVBNGRj1I3eLUqimuQUKA6q0xN8qHdP4Y82Zda5ZXt1Y6slxy_OlqwzwHMXGGoYr2rAR1g0hC-GDPbzCfxyiAjE5xLCGMFzwsDFfotYWKE6W9e3FjKDCKAIod_D-RcFrIg4lKMHwMHxEy1um3h-aUNrvHpt-_vhk8oPGdrSbcf7woTonvZqjkhQA-PyjzV-kR39bwTHtGH6VXMnBF2tZi3Fx4jUJ6n5MI99dimDj0xN0wRiSDGBwppbEaMbfltB9PBAE6_w1gjZ8WrsVoN-LsXStmvVs6ER2FCJPeSflRxVPN0M4NGGOWKF06jEfSxofwtHaUIsAtbI874yMa-fs3RPUVpF4O49u1dQpnVbzeu_oRetHNE_k-Mu3FBafdKnSk8ftgLUQiisdMIfJjRRPKQE7HH9IZWYEGyG9P2wFZuS6Pg0k5iy9EpRkUJUA-873xhoXkKcpUFuT9LW-D1OvhWUT-ImtlaRqWh4a-z5_Co1SH6qiACQZ6MJDqjKR3hi6gxU3aGzWzoop_zYqBytK5rSKAhOQ4RQy7SGHw2WS1NXspisxrO_D-XvsGIYfdfwEh0N84lu8jrDokXmWVNyKQHh1j6HHXctvu6TzSUI2Hz944vLL9NV4t4b5Fz8dyFV5_DWkzNabq_5zU8G6qSG8fiUVh5x0kYVxIU86ZOVH0s1DzVaHPL6cRM9JXz5m4aaveSRiQUe4rRg2s1DQMjiEkbRtkOlzctf7Xgp2rNNfFE0WEyRTB8z6Skbn31XbOaylbAnvOVAjjj7rOxUS9-uD0t4y7yLZWpdqFqGNd1O20xzW65XCEEi2E7ZuR4sWHlZd10TW01lbWr-423bGVrzSWZx03aF9jUuj2fZZn4WbHMcVHrUhpHrZMbNsys9Ng7fGlouxASDLiZZCs4ORdnCesJZBVvgAhdZ1mDLjggdZOmaNX0OSsqaRuLD4QwkFyU8rGEJwXROgaF9R58nkdhs1SN0-CQ3kWfFgij4WRaTPtHyJ12onFwuzN9Qui0MSSYuFYZYJumvFRAvNXRwlma4eJ2w0kbxHNmfwqHKYZ9SSkStgF2VkR6Gtyv6Po0iMi0TGH3rebk2vIlC6X8LnL48Ga2723JeQEeZyU8_5DMoVAGVDgCPDLW9KG2_L5T092UmlxgxVhmD-Jko0cWk_Wmew56N-rSgK9wbgNLOSG12Bhe7KimQ2kQnn_RvxmhzFkNUVb6zuGidR2tSDMBpn_EG32Kz6bRbamjsZdEogXbr3QaO8looBJWJBbA3IJPY_nRI4S9Ey3HURwxFFaxow05qUqFVLhnu299q9Pvo-bm0_X2Ll82mxaKwU-ZvZXHZ6nO3ZD9lj9MSm9rjy99xU_0VLjq91PMRz-OTtgUpeKMJuR_MtMznkKzgrLNL83r7Vv1Ra1wJH0B2XxwskeNhRKv3d-1fdduB1NnFgXeytnxHfS6D2-UC25eaiBxAAjwh7sOmFMZlYwrHT7U-cV5LEy0uAf76Zp6EMEspIpLm6O1GShvRPjZu0wGGrtlioBpSU5anY1t8dxGvipBPfmI3pymZduFMgcqLkA4ZU1yhKBQYv5oE9YKlKIzUaiyJ1VpURB6J4EziRu9OnNt9Po1aJvYTKZzUuHlq3aKGY8qG6w_VGyeudRY1mkiM_p0zkIpv1dQDtSXv1xwIrYRFsZ3VzGJ0x7b9h0GOShfkx7t199kQQlmI6gXQUYd_HYmkLtO64Jq0KZMVOkIqsE9ELjnGqWcTmCqyqwEygA2ocqVbV5cTu-cmGxxoaBgHKdGltqltJzsLBYS0GDHk8AhZhNsQWpcr9GmSPgCkvN9NMC2fZxlY5WlFZKF3R4gQLcRlz6GGK8166yNjN_mdVtvN62pRfuWd9lz7sGeOvQ2YQ1OqhXABElixHUXoGoriOUv8cxSBoUMGBxLIU521y4-C8kv94uVmSnyFhMME-XnT8QiDadR1OWOH5fiReNAqdECGc0UlN_8XZ5XEoq4e3h6nmABekI6tidxRtPuw6P5gmxI_bzXBJnhmupfg9CPzHFVbAfCHaqo9fEOhS7rgatFaGbGUFHNjg&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=15211146504769497000&adk=1877897943&idt=189&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 16:12:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:12:43 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame A3DE 31 KB
12 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 16:03:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:03:46 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame A3DE 41 KB
14 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 384973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C78B 12 KB
6 KB 21ms
20ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H/1.1 200
OK lottozo-gorontay-andrea-vivien&op=1 Show response
m.mobilgo.eu/ Frame F76E 842 B
991 B 1272ms
1022ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mobilgo.eu/lottozo-gorontay-andrea-vivien&op=1

Requested by

Host: www.mobilgo.eu
URL: https://www.mobilgo.eu/x3.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mobilgo.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 524
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:28:02 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK muemlekek1968&op=1 Show response
m.mobilgo.eu/ Frame E0B7 842 B
991 B 251ms
26ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mobilgo.eu/muemlekek1968&op=1

Requested by

Host: www.mobilgo.eu
URL: https://www.mobilgo.eu/x3.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mobilgo.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 524
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:28:02 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK elektromos_toltoallomas_nagyatad_107452&op=1 Show response
m.mobilgo.eu/ Frame A31A 842 B
991 B 249ms
25ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mobilgo.eu/elektromos_toltoallomas_nagyatad_107452&op=1

Requested by

Host: www.mobilgo.eu
URL: https://www.mobilgo.eu/x3.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mobilgo.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 524
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:28:02 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK nemzetidohanyboltok002802&op=1 Show response
m.mobilgo.eu/ Frame B53F 842 B
991 B 245ms
26ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mobilgo.eu/nemzetidohanyboltok002802&op=1

Requested by

Host: www.mobilgo.eu
URL: https://www.mobilgo.eu/x3.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mobilgo.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 524
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:28:02 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK muemlekek1020&op=1 Show response
m.mobilgo.eu/ Frame 6FCA 842 B
991 B 243ms
25ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mobilgo.eu/muemlekek1020&op=1

Requested by

Host: www.mobilgo.eu
URL: https://www.mobilgo.eu/x3.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mobilgo.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 524
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:28:02 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vend_csemege_budapest_30&op=1 Show response
m.mobilgo.eu/ Frame B9E8 842 B
991 B 241ms
26ms Document
text/html 193.201.190.54
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mobilgo.eu/vend_csemege_budapest_30&op=1

Requested by

Host: www.mobilgo.eu
URL: https://www.mobilgo.eu/x3.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.201.190.54 , Hungary, ASN62214 (RACKFOREST-AS, HU),

Reverse DNS

s01.okosvarosok.eu

Software

Apache /

Resource Hash

f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mobilgo.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 524
Content-Type: text/html; charset=UTF-8
Date: Fri, 17 Nov 2023 15:28:02 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=0; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 6D73 16 B
209 B 71ms
62ms Fetch
application/json 18.132.19.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.132.19.32 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-132-19-32.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 114ms
19ms Preflight 18.132.19.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.19.32 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-19-32.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Fri, 17 Nov 2023 15:28:02 GMT
server: nginx

GET
H/1.1 200
OK viewability Show response
hal900012.redintelligence.net/ Frame 8FD9 0
150 B 39ms
15ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/viewability?s=40579400101818504444550012511012&a=23b6d151&vb=v
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/request_content.php?s=40579400101818504444550012511012&a=b1149b7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 dpixel
cms.quantserve.com/ Frame D56A 35 B
463 B 65ms
12ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENTyQ0tyf5i6680R--93CQU&google_cver=1&google_push=AXcoOmQq_3lCFcR-mL_UTZBfi0SeW16GtAubeMM1gjuio0-ZT_xPHKcQi_BybNivfl2b5pdqZqAetqKHoqBdZdOi0JiSzyrxvUMuIO0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame D56A 0
104 B 102ms
24ms Image
text/plain 2a02:fa8:8806:20::2040
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEIZqhPZEQxVUEsmZkN0OdNY&google_cver=1&google_push=AXcoOmQrJLuqpbz1ePcs1wtWrV9dHaqfGzOTHJgVbAtldPmMw8NDICv5rSXmiePziY_K8NWUV-hXC3oTcIvvgd-NOmsiOcdEkCSKbw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D56A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXl0emtSRHoxUjQwTGc1&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cver=1&google_push=AXcoOmTyQWKOJnATDeHGwuji2Bf587mvNW33b14erWXrZre...

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXl0emtSRHoxUjQwTGc1&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cver=1&google_push=AXcoOmTyQWKOJnATDeHGwuji2Bf587mvNW33b14erWXrZrepKynH4ANcafdDUPn8l82gXxiS4KNgIBEdBnOaRftGpJ5W5q0YAqzq3ZM

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 17 Nov 2023 15:28:02 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-029f22d856dc4e10e@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXl0emtSRHoxUjQwTGc1&google_gid=CAESEFtMmmFpwPmklyskbxejkqQ&google_cver=1&google_push=AXcoOmTyQWKOJnATDeHGwuji2Bf587mvNW33b14erWXrZrepKynH4ANcafdDUPn8l82gXxiS4KNgIBEdBnOaRftGpJ5W5q0YAqzq3ZM
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame D56A 70 B
149 B 113ms
29ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKKaNXdMjDWfw7lTAj3CT7Q&google_cver=1&google_push=AXcoOmRQjnj4qMdC6a_OCAFsETqCBwnGEMFC_O3ePNHltwq-MRvIH8aWjZenV1tm-EeF76IGMHzeNEwTmb9YQJ8MaFvbxW-v6lRnY9s
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D56A
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEPNt6Y3-Vdy6WCKTunjnHjk&google_cver=1&google_push=AXcoOmRjA8wAtnA5gZ7xkrqP--XXpRjJ9xzsKhp-A3At-WSpKEUBFUILUfC39TKp88lCaNOD6RbRgk4kDt5Db4fMgYPcQPG...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRjA8wAtnA5gZ7xkrqP--XXpRjJ9xzsKhp-A3At-WSpKEUBFUILUfC39TKp88lCaNOD6RbRgk4kDt5Db4fMgYPcQPGNomKETQ&google_hm=eS1RVkVGY0xoRTJwSFp5...

170 B
188 B

53ms
52ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRjA8wAtnA5gZ7xkrqP--XXpRjJ9xzsKhp-A3At-WSpKEUBFUILUfC39TKp88lCaNOD6RbRgk4kDt5Db4fMgYPcQPGNomKETQ&google_hm=eS1RVkVGY0xoRTJwSFp5QUsybGIxVi4xNmtVYU5SeFRDMn5B

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRjA8wAtnA5gZ7xkrqP--XXpRjJ9xzsKhp-A3At-WSpKEUBFUILUfC39TKp88lCaNOD6RbRgk4kDt5Db4fMgYPcQPGNomKETQ&google_hm=eS1RVkVGY0xoRTJwSFp5QUsybGIxVi4xNmtVYU5SeFRDMn5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame D56A 43 B
363 B 66ms
15ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRxpWaQc9CA8vbyKXoxbTtKEEiKysGRAKfVeF3Dxo9-pupGUNfxFUA6K58YiHT_U7xZS7ufF2Btc2olYpznfHgOEYA-YMX2jII&google_gid=CAESEDrq7dAWTaGh4frYbnZLz8E&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 197427
expires: Fri, 17 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D56A
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKqVGcPkuPLQnOeKIT28jfg&google_cver=1&google_push=AXcoOmTnMLWBvLcx_hEYvIKtvN2u5Ykqsi5KbNQmfePP9e8tXcJdWBaq4HOPxoTpSIfoBRaveBmrmoj43DYZ...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTnMLWBvLcx_hEYvIKtvN2u5Ykqsi5KbNQmfePP9e8tXcJdWBaq4HOPxoTpSIfoBRaveBmrmoj43DYZFwAkVi0jiKoy-DxzbL8

170 B
188 B

52ms
51ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTnMLWBvLcx_hEYvIKtvN2u5Ykqsi5KbNQmfePP9e8tXcJdWBaq4HOPxoTpSIfoBRaveBmrmoj43DYZFwAkVi0jiKoy-DxzbL8

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTnMLWBvLcx_hEYvIKtvN2u5Ykqsi5KbNQmfePP9e8tXcJdWBaq4HOPxoTpSIfoBRaveBmrmoj43DYZFwAkVi0jiKoy-DxzbL8
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D56A 0
12 B 51ms
51ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KC56Xpy3HLGnQb73i9mxYfK8fpjBLjWf7GYmKVGDABZVuNlw4kxvdSGK96lfksnfA5vRUj

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 3 KB
3 KB 62ms
15ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F9292%2F5048790%2F411021e816b7434f8f71ebb18eb8e2f3_kare-spassamwohnen-2020-clean-rgb.jpg&v=3&w=196&rid=4&s=3IkWnM2SkKurYzke8bV4aWrB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7954fe9614832a5c8356adb849ba452f10b14a1a7b84daa41aaca52207b04a84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 3078
expires: Fri, 18 Oct 2024 12:23:00 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 23 KB
23 KB 103ms
56ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F9292%2F5048790%2F4a9cda8f8b50497085a203e9ab9dea44_2023-09-native-ads-puppet-players-640x360px.jpg&v=3&w=1200&rid=4&s=0njbUnyeGdsUk7u6u2hXHnEE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9f17206c06c3f260ff0a492af2db6b94597a4912e269039691e403402f96b256

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 23404
expires: Fri, 18 Oct 2024 12:23:05 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 84 KB
85 KB 108ms
61ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F28cdec48592007aeb1404086d89e84e9b0628439.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=CP5g8G4FpyX1ixNSkfHWei_K&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6b2d9cdcfdf0ca4d3a16b10497131ec1dd50acf075386cc576d3c690394f4363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 86518
expires: Sat, 02 Nov 2024 09:15:27 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 89 KB
89 KB 103ms
57ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F2924b88260a8a04ba5033702854734e54e450076.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=GvKbLtJRKTsac0CCqc63CLC9&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f94889f70475955a7e6eceda16ef4ad33870a5b968fb90f6a2bdd1debf7249d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 90996
expires: Sat, 02 Nov 2024 14:48:03 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 101 KB
102 KB 107ms
61ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F1863b951ebd5739144c828a117eceab02882e30c.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=4gKP3_hDH00NIQMtZjgcEmi-&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

48ef1c63ec25d82163c8a88d2f67122d60715848092e0b34794189970dbe4f9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 103834
expires: Sun, 03 Nov 2024 09:23:53 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 99 KB
100 KB 70ms
24ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2Fa130c5d7fa8dffc72f7c6bbde2420064b2e3cac0.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=VO22FyaSScdICJIk5gRsyj-K&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b7554cdbb96fd76ab5e8c40547dd05f31d0f20a6c13d396b2a78fcc69d1d95ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 101640
expires: Sat, 02 Nov 2024 07:12:32 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 10 KB
10 KB 59ms
55ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2Fb4dc99ce35be9ab553b83733f69dd63b98e27eb2.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=CPnuYGr-y9Zw-WSYhqHNvkGF&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5859de66be1fc989c59aae1663ae698c1eb4ceb2793d0452a8c93603ecc725f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 10286
expires: Mon, 04 Nov 2024 14:13:09 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 21 KB
21 KB 58ms
55ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F46ff070b01e474a9d75ef2c1eb85a7c845f6ff3e.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=5zgMJ4B2BGCJ3SmKpeejfCrO&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fc4bfbf142883b5334abb3b52022b6c7ec26b992870367da8d786960723ad9e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 21122
expires: Tue, 05 Nov 2024 15:38:30 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C78B 0
128 B 81ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=cgTusB-nKTgpmPJ2Z3TAnLb1ujX_ysE4yS7WA-6j6WJXPLp739rRxr752WQhTTlr2cV1cPjvMgWQ21GnrdKCRjGQ3YwSh5IpW45ISnHAfJ0jdhXdAQzTkoDkoT_diMPl4hTRrmsSfohdEM0jp52PoypWm3dy7OOLb7gy6l1u7Go6CRy7SmqQC82FhXikbdKwQQKgulPJKOPXNSsHu6KmCRKav-9udduwTf8qttvHGzqHgxllIiWMotcDkmLUK7rYbRHoEg&sds=2&rev=89278&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C78B 2 KB
1 KB 26ms
22ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C78B 2 KB
1 KB 20ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 11 Nov 2024 15:28:02 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E00 41 KB
14 KB 62ms
59ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXhAOXiNsEn3wlINSlFwqSDw8TZfKBb7QJXV67FGqKx9gBZ6ARcY92uGXwDQfEEVefQSbi63IcMUy81CSElukn6pMJZPZhOuIlzOP2ananMIUsRLFQKc-NmSneuEk2HF_qqZ9CjOhLfJXQqYAH5OYXA_9klzFB2SMZBI2qnW4r8_weBoM&cry=1&dbm_d=AKAmf-At6R4ijwtfBG2aoK5gnRB4F0-Mp4zMIuSQ7KR-AGECDwE2wHn4D2kKPhKVngrxvqtWvYc789iGJW_K171launTZgQu5jNQ2ViVk7u2A7JvlOybiBMvyP95ohkWEd6No93cKb86Ll2yW7QLTJSker_YKe-xqShKOs52NVn4DDpsszTaqZfkgHPwHEP7T9RSk8Tf86rYnmimCZZo19GkHMWolz5yNWRu2QaeYbX9kuy5fsaQVvvHWi_-3RaoYwCnmqUqobS2X7YTBlwVvxPgukHMAcEUjx59aXU4rcDMfZPBKhbBZuulbwZl6Zn5fFUyWeT9354cOgWGQkUmFWSE71WaqTqfhqGSQJesFCxjVghzfKiwVSf5pcdF-KVU0sywS5GrTfso1grrcZ0Soux-LjKaagOSVEiLKjAsXqQ_tNrJ6uDppYAR2vqBtepHr16QlbndKxAlIMfmrt0ZEZFVLPKXg9pCyZaC3ZhL2IOfQX135lQgzxkoUmdfsmJ5BlXEMokGlCd1J86NeHOh-wQtHAxC9RfbO5phfHoRxBiB0INz-j2Weo36gN-7_na30InPpnocgbz0d5YfIMcVrFSenUr3XnXJiIyxRlWA7JW0JJNzf5659UzM8BRaL_0MKcqQd-_R-nWOZDYNcCZClc2BcSJONOg9tG_tUYTnE89MKm21gFeHvzblM9pQrvUvnGzvBSTDN3xrXEQq0eq3Ifi0KtKi6wCmGLxLmpWA8SyDu6sz1YrYLlF4hSJsi6dou4k2l3ZdEUmtCVEt6_xFty1Q1HRM-uR9VQGmp_YtmIk7b-PN_2ZzhmE2G42ld_Z8DHFLQddTSB7dzhk5vxp_J0WA_twdjtbBtXRmnUj6a4wIEbmr75amFN4I8V_dY8xEOYnTLPIiN-mwNKSEmfQ0STdyuIdv4IdZOHVXP0YWju6O4j9dx4pbs5jn2tZcx8NpZ7fz-tHdO_7lRTxT4bI3l5Dwy2aGhL6UooFSMyYYbK8nT-BJRmAAzmCKA6HtAWJfIKrhvahmmQl9Q3XBBjUcSVneolISSTKTqCB1AGXGA72KFxd2yahV4cpgC4kpU7e0yAiZj5Q_rSTWnanhr4rjCMDulz6dJAzw5hwRYnOH-e2G1Kr2lamnjT5yBqdkQ9llrB2iJPR7au892ez88JQqOp2z3NFT2bb3Nb4RwW_bUgCQUXfqZNoq33oR29iyuXDnappSKwHO31G6mEnwSFQ8m5lai_Nq1LYCQzNHFiZiPiXl6bIG2C-mzNFQpJs90C20kiSQ6s_xU5yaJm2hHVpUUBeYT_B7qJl7KViYPTWbpinXHVznG69Ovw_Hho3Ms9oJZcrLmomxp_S4eyEgsJcK0yckLLIl_sWgXAem4tM8KpliJqDUPTwbUpNggcgGTvVyef8zqaNQAUHt5O5JgBXHhhTHaz8dtw10KPxyDjietXATbsk5kmPXANxJ70egS0mAQPguTLD73RwykCsLB6sx2xuNSzDIWYmq6u7ojdDfFVn5jpEojlOJ04o791rJVQmrFlp4CzgRsLqsdIJxRcQV-frnydDDQKBF0A_Eeew6Wz7kzhUwrEDO0bryukO08lAolCBODVM-c0eUDnHYn17e4IXmGgOwpaB7jI_e2GvNkxsa-EbL1fqdwxOA7Q0FzTT5ktw_ziq_nMGhIeqN2sjpdGsxfRarxf0Sua7ouq-ydmIGzHL8JhTYp-lNxsbzCdYY-jYGWigAPQ3bn6lLSj8MXzoI8jzXJiKA2b7h4MxALL5GW5_LN3NiCFvoPU2M-fgKHAIfebQKMCdu40z72P-8cqhPRUZmTaH7GgSvzn_aIMrS4ha1nLx1k2iKIPWhAifoLGzFKIom7nWepqUSB5oO3aUPrce_LJ_UPmpWInVxWaBQ8c_e154fFJ6hgbYcp-e18t34u0OY5V6hj2rGzvOW9uAe-fkgai26mww4CS_TFhuCdIqwbCOyztH0LKIyhVPgEVMX_7BubyyoaNXYk8aURqDLZn9Ws1kjzXuRAfvMaBGs3QQL0YOgXADlD66J2lin8tO_BLFnfhk3cQmhnu9eoF4dV23kdnHHv_ABx3oN1VsG4HiDcFgECNJ-jTDPMcl6iilOtmIMl4zVSG2_dApf-rGADiSUHWqY8Wghp9nfWUJILKvlZD8Y2ptiTh4BoORNcadSBo-nGDobEgCPDR9XN6rJ6vIxuCfNEt3EwxZtWHmWF09-715WbQb1U0t4p1eE0kUVwnT7qgBAs--ySZI-ZsRmz_SO7NMVCD__76qgdCv-NzU2JfGqdXKHy-HqJkYy_xl6HmSMzFdC9DfCCrpXwzUh8B5vFYSomy0xjhRBn8Cmt7IDcc94yHa0x-nIvItqm1xg2TXXy-dWh8kdyL91jqNIf65VjEhPAf73B-VUeVJkwpZ5iYTeQC7GbwBXgtbUWffsEM4jfK7Mad3zxlHbUdFqNQoln8Qf2De2lVG88Rs_EiV5oOeGPal4mM43AeZXjU7ilUFN0cPIH89pnoxWQZuTs7v5yKZ7wrwjFTtpANJNYq7v50zXmUuXekSDJhsf-6LYf3ZXnW94Q6s3zLWSwy1y3ITjf49iUZmEZcCl2SuaMaNR5Y9nyg35pBmEU8oEZ7EUzegERqnq0NnXy00Mi8m3Gra4v0MrGFbbkKFUtHW6f2PkCyfXJATVUBrbH38u6OHUhEtPqQjMlrzJ2A-251X2IZ2cJyjvp8f17Xu2ZG49Wo8H7JyJoPKTuPs9GfM8jl4x39CQtrzQzwS4keqIMX5NPgfIOmL3OJh3RSfVxgnWxYPFQ-bpBsfWWelUhghAe0q5ICBbu2GyhMFrHfyYAkJlaDSltlrWnSrLtsTtOyhy76CCgwy0os40OsDqg47-xjT98rniEPq_-LjDJSC9sJffApmsq-mi-X5OF6wdcD6dEUbk7iTyo5YsICA5eFzl1PpM94MrtDyC_DmLG2w1RZ3ADpHRYLwMca2mwIatAGQziP8VjpE8kce7n0OhDkoqmLgG8lQndn1mMeNzueHdzEMg_7Dd5GhUGJvoZQby-4r8UFwWcMHNhh9FXifGtGtqT2l-SYEfF6Ur96zzUp1qV8m9KZbWWi4Hik-_yyGvICpOMPK9CWvN8BjWDnUOBkHkrE9FgnfmbmWoXbj2B2-8ZL977yVOY-7UxhSeyGDDDVZ3DM8Qo8y6uS_WMBnXPf8v6tQ5nImNspkmRyz-joN-RnC4Yf5rfR7aKGyyfRiUvgAvQHWGylbf9hI5nvhGuHFBTHHM6TduuWCUbIGwGwHigbrp-xJY_-QME5vpZn3smbx3yhrm2H7X3XJa22oVVkvxhd9H-5pKCcM1EihVtv8A2-Rg4wvKOcUPmMJjQadg_WXX1VHVHE7UmcbIw65vn3xK79psH5adyRRunAP9a33Slec3Rjzj6FVGo09zzmvlS9kVoWkP6w6QLBciwgLoOwfUY4aPEUFaRjzXQAz-f8tEzY6JOJo8ypkjC3bQIL55v1C204B_Xww6i3Q-a_LauYlzlxIIOPZ_8X0U1UNQEblC0K2Nhr8QfQ2RfO8cma9VOYo3yvZBdWsYabmeeErN7XaN6KVc2-WJZU2qXyRTJCenKg51rTKaXYkDmkeK8-_beFd_8020l9hVPiJmBLaBCPG582B574M85pF9RXnkwoMpwB6oXF4aHyqgqr5Rwd6gYJ2LzrTqy8QSz84uh7KhwHF_SHiAOQVx990bO27RmZxHmLjbI-hJAOoo0fIRKjSURu2A462FhiE1L5vCichi6jvr78hSzq4EKb-uk6dGZfPEaf-GNtNclKfFA5gTGtqon4QFTZBom0y0IjaBbSKAU2KjRuiQhpdH-8XEz3BIjajw4xtwB15KyiUzqGiqF9M5spO5riMZLD7XwOQ&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.mop-veins.tk%2F&ds=l&xdt=1&iif=1&cor=15539817034796330000&adk=929882891&idt=218&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 384973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDIzNDg4MTkxODY4MQogIHNlcnZlcl9pcDogMTc1NjExNDY1CiAgcHJvY2Vzc19pZDogMTg5NjY4ODIzOQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5ODQ2NjYz...
ad.doubleclick.net/ddm/activity/ Frame 0E00 0
503 B 79ms
76ms Image
image/png 216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDIzNDg4MTkxODY4MQogIHNlcnZlcl9pcDogMTc1NjExNDY1CiAgcHJvY2Vzc19pZDogMTg5NjY4ODIzOQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5ODQ2NjYzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9kYWNoZmVuc3RlcmtvbmZpZ3VyYXRvci5kZSIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMzQ1NzkwODI5MTAwMjA1NDU4NQpkZWJ1Z19rZXk6IDEyNDAxMTUxODc4MDE4MTg0NjUyCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0xNyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDk4NDY2NjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzNzgwOTAwNzgKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQ5ODQxNTU4NwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyMDYxODMwMDA5NQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDUyMzYwMzM1NAogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kYWNoZmVuc3RlcmtvbmZpZ3VyYXRvci5kZSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3ZlbHV4LmRlIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGFjaGZlbnN0ZXItcm9sbG8tc2hvcC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xae1e4fc4e34372180000000000000000","13":"0x3b5eaf4d38959c730000000000000000","14":"0xcf6d7d1094f8a3fc0000000000000000","15":"0x8e00c8d4e0c8a3090000000000000000"},"debug_key":"12401151878018184652","debug_reporting":true,"destination":"https://dachfensterkonfigurator.de","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["9846663"]},"priority":"0","source_event_id":"13457908291002054585"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 impl_v99.js Show response
www.googletagservices.com/dcm/ Frame 0E00 59 KB
23 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v99.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 00:21:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140763
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23872
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 14:22:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Nov 2024 00:21:59 GMT

GET
H3 200 IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js Show response
pagead2.googlesyndication.com/bg/ Frame 9844 39 KB
15 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 01:48:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15051
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 01:48:28 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D73 0
20 B 92ms
91ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4406057998413&version=m202309260101&ct=77&x=1&cor=815572986666956900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/902398463278760126/ Frame 7D93 15 KB
5 KB 183ms
57ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ca28888526316e78e39f4b63e65bba9dc9348b97051a5a1b7c77e84697b9225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 230833
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4939
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 23:20:49 GMT
expires: Wed, 13 Nov 2024 23:20:49 GMT
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C48C 0
0 211ms
83ms Fetch
image/gif 142.250.74.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstiHHnSq9LGR6VhP0js-V-1hz3IwKiiaVQ5vyq169micVupUm0mFqV7Dt26eR3ahYpLx-JAg7V1K91EjRDYFROU5yxNWW7RLzb104x0IWugN-Mok6EZ2pgurZvAnoxv7DDwzVUnowTbfW_02j_seE9_TfeQQ2JspeLIAp6oYL_j-l011vaZeVuPa534TCvqlYIQvL6mUPtd7_znUT3vQVUkdodm77WK7eKTEchn3bbdozK3d1crPbDv8dJjX_9-3AWvUz05iIhcqHD8tANtD33XNwv3hxVFT18uu6uO2WE3hcqyQ6fydAMjF_tpWMJiWMHNRxiL5qUEknSHki-zlkOfJaQaDvFLJ3bMzhqx8RfOrSOrOWxcgOV77Y_Uv6SeyY2D4zHk38qm5eUDZdJKpn_-cEd19ABIM3-YUMuHoFSaNxFv_bCpuRqW4_cMVngtdbg3jjcNaFzKGwNvif4rvubCWWu8Yh8S3OgNl0i6JJ_K6VQpOpqweBLZLrGLh4y8ITIxB2WJLGXIKqxyXzsILjdO8sr_Nyk2hRBAE3bd23SuJoPVtg06S8kv5wklvv9gzZHd0i8eKONOBJn2I3rEEJ6KbCmKhMj1k-skxoraJChCummasuYSv4fNMFvC7gvZqJLFnFIDrY-0QPrrm7EjXiiSLkgYFKEdwhTkH_RsWLxwM7N851EXyTUEdGAFrWiv5koB4h5t_79PbEEjBRqmYa2oZav9twp5U16gzzvAbuKqvIXvO6A7a12AdayeY3VBXvZ5aNU_nPtTnteiiEreCS_FqPyYYVb4EcaMj8xs3IxnJD8RpdTM-RGFFtgn3Hh1fXDfd6qL_x9uOd21I0YLaEYZJ01Z1gv4k-fFEN7VotaVT0JunLby3D5VuWUYlZG2qmX4kDEV2K7FPpmT1RBx_qwGs8t6xlZwSn_-HXCh5Xkln8nHfQWh2DY6ujBwb_l1gGFsGGr-Wj2Yp-ufrRCyeeVnwO1UuGxY5Ai5KRcRbclY8ntqPmprf344_XnNoO5munapaz0XPDGeK_W6GY9P8BXqREQsde9ZxDPkheUwYB9hrC8Yhq5jIaEBMdoLouUjhWoJAV376iiG5kum4-4ipOX7ESRWfT2XPf7PZXZVbuDNFYu5hbHvGJQaKH8Xts3wqxt-S8A7ecTcVyChSyQVYf3i1Ujqw2KYKWo3I-oIrsWGN6ohXzz-YpG4B1FLtIWbE9hFkXiiRQpGYhoc1n6l1TlFCABdAY4enZUcjhIvYNSpJYc78LSEDc13gv255c9SA_lrll9eJO5dqPibREnqQA&sai=AMfl-YR7zUVEBb3TZ7Zo8d2TqFJAjjLj5438rF-dFItYlBs3dd1oocP0AfBjZwmXF7WsYQ79jwXaWMz_dsiNKG7CXO1jaNAlHtTncNuCXMMKzMvi-BCkGRbneuaDKtJsNZ373MDu90B2u4MLwI1psYp8SK8mEe5YyJ0yMTO6BGx3L6ZUPlZbxCngC8Vnr4Q9L9BBw0IRHl4AwH0-1y1E8pvarj8wv2j9kK7AS60CeVyKAXLVxY1g5savB2slMZZx3EhF3xu2h0xKNoIT-WnqfLzc7CWpa2Dz0uwLzlE7lA&sig=Cg0ArKJSzB2U5iRorCpUEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=449&cbvp=1&cstd=445&cisv=r20231109.84815&arae=0&ftch=1&adurl=

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 15:28:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame C48C 60 B
60 B 92ms
19ms Image
image/gif 213.202.235.9
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=1014574277&extPm=526274901&extCr=20700705264&gdpr=&gdpr_consent=&rnd=662341003

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 15:28:02 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 17 Nov 2023 03:28:02 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 923
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

firstevent
skydeutschland.demdex.net/ Frame C48C
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=662341003&gdpr=&gdpr_cons...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=662341003&gdpr=&gdpr...

42 B
732 B

39ms
39ms

Image
image/gif

34.242.172.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=662341003&gdpr=&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Server

34.242.172.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-172-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-089284889.edge-irl1.demdex.com 6 ms
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: vikjMI4TQdM=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-06695c737.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: RWldYLOJQw0=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=662341003&gdpr=&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 3 KB
3 KB 25ms
18ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7954fe9614832a5c8356adb849ba452f10b14a1a7b84daa41aaca52207b04a84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 3078
expires: Fri, 18 Oct 2024 12:23:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/902398463278760126/ Frame 2810 15 KB
5 KB 158ms
55ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ca28888526316e78e39f4b63e65bba9dc9348b97051a5a1b7c77e84697b9225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 230833
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4939
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 23:20:49 GMT
expires: Wed, 13 Nov 2024 23:20:49 GMT
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A3DE 0
0 192ms
83ms Fetch
image/gif 142.250.74.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEqfQcPMNDE2yMS_5BciccPW5rzyx0qpEbJ_ljG_F0DOG4o7m7u5noBV4UXHAaR0lu_rwwek0Qp0R4nyGsNCNUdyG0CPbN_y9zevbPnuZ2AtoV7vJn1Udkvc-gt_yHwjAwWgzkRK0OfExa8YaVjYuygeegVRLK0MYLep1nY3ek_VtipBDlP3S8ejYGd-0EiasztfEZ7UfHT3sq8hF5DqZNUqDc6uxmStLCZN3PJZbGAFB0qPo3-TdexxddMG3bY1m_IgmBWqT0qXOVr9ZinHFkyAP7dANSd0eCqg0HBMLpKOJ1tYb6rE35H1HUHZLuqXMAhpJIsBcTC4UDqmdfVWVvry5UvrFO54uAZJcUrISUK6HvgP283PCl_NHDngf2jUJp2TNBJBH9f47GIcrnKCP2CAlz24xf7QDWAvftuiBX0BD83kXH1u-2yaUcpnfiH3A6AgcQnAI0CfGohcoEDPwA9dHAar03MbqDuaS414nb7XrhIlk5PGdJfnDZVnPVZ_To1YeaAbUgWakh4LbFeuHa9bhI9gzkMj7ijDJazRFdwW_OQYrL_zugkqVdJig9yiP6Gv5jiyuDbbWIrqlyMmN0lm15-sIbztfySaf1xb4d_n3f7oovg9rtmD_nhH2D4omzgXt1PXlwNoWYK9s9L00TlxVAGDkpfxUYFYiWmex5ahMuiMtyDAHbwGuLOhJPnWwdFe9I3J2FsV2tNLlfHmbQKCvHtRqsQWYHwt1LbwgYPIcLrYBsHGUa8VqHJ8c-4KfZh0R96S-HF_JBNsNfyR29F5eG6w2-z26Z3NYqLhl0vWtBvOFYGq_yr4eEfRad9qZ555bjewxKOZokOTQKpR20qLAi2LvVYC8hEwDKSS0sS3bgjPRUh1MpaMqU1iEjsBEpyCPbYwLXXgI51luwbbUcFur2F3xq12v-zAcAeelUHKoPrdRJC2Y971BgkWbC-67vlMcLqjCrfJvFG-P6QNmOgE1Ky1gRZNJdTxVXkC8g4eo85VBDqpzilwxdnoui8e6R45ZurwyMOSjY3nryyzskGVkWFzq6Y4t-pThtn8KVwA_ROyGHnuzqLRuOhoGq0TWUmAtJd6LNidGFBXkJWLnc-4YNmIM709H1d4hoRzkhGU4of2BJUwe5_vmKcitOkuYY-dYdXWroK0mWMeHWstgoitPXloHpzD6C1TuvUptgQtNDVzOtB3Sx9gLrPUF48m_7NSJMR18h0YugoG14KFLeQXMhriCGgvsehQT-NPzZw2JMCVAVWOFGiCBLn0uDunh1gGUN3NCo9dEW88PcjQ&sai=AMfl-YRKnh30cM_-ZmkA3dIBYBWLEt9tgqqL2jRpm3TijQ3UuqoZm9Ly2ejOIU8QQt4fAcI60VgrPLpWR0GLDdAdosMrPZlSq9A_y5l2-l5H6D0FPXZY0clAlIB3pwdybosRO9oyBykpMtCQ7YQRQmPpz8ciUrY1nmQWVBKXd_IY99Xv-bWgyiZRjRqIsuUEzFoqhBkh0z2zM6v_g-fjWnyExsGF-m3-tzE5xfpF8bcmur2n4Xfvr9Wpd2998G9xIYM9k9ONPbTT5IfesazYG82bHx9ld6iEvMH3SLTltg&sig=Cg0ArKJSzKDOjPcJsURGEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=295&cbvp=1&cstd=292&cisv=r20231109.31198&arae=0&ftch=1&adurl=

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 15:28:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame A3DE 43 B
1 KB 77ms
21ms Image
image/gif 213.202.235.9
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=1014574277&extPm=526274901&extCr=20700705264&gdpr=&gdpr_consent=&rnd=3472482522

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 17 Nov 2023 15:28:01 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 17 Nov 2023 03:28:02 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

firstevent
skydeutschland.demdex.net/ Frame A3DE
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=3472482522&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=3472482522&gdpr=&gdp...

42 B
732 B

38ms
38ms

Image
image/gif

34.242.172.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Server

34.242.172.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-172-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0d743c645.edge-irl1.demdex.com 6 ms
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: wB8qhvmjQLg=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-037a2ac12.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: OrPb6z8lQvE=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=202823080&d_placement=379092375&d_campaign=30858369&d_bust=3472482522&gdpr=&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 9AD5 38 KB
13 KB 75ms
65ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 35022
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 05:44:20 GMT
expires: Sat, 16 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 99 KB
100 KB 24ms
17ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b7554cdbb96fd76ab5e8c40547dd05f31d0f20a6c13d396b2a78fcc69d1d95ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 101640
expires: Sat, 02 Nov 2024 07:12:32 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 23 KB
23 KB 23ms
16ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9f17206c06c3f260ff0a492af2db6b94597a4912e269039691e403402f96b256

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 23404
expires: Fri, 18 Oct 2024 12:23:05 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 89 KB
89 KB 25ms
19ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f94889f70475955a7e6eceda16ef4ad33870a5b968fb90f6a2bdd1debf7249d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 90996
expires: Sat, 02 Nov 2024 14:48:03 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 10 KB
10 KB 23ms
18ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5859de66be1fc989c59aae1663ae698c1eb4ceb2793d0452a8c93603ecc725f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 10286
expires: Mon, 04 Nov 2024 14:13:09 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 21 KB
21 KB 22ms
18ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fc4bfbf142883b5334abb3b52022b6c7ec26b992870367da8d786960723ad9e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 21122
expires: Tue, 05 Nov 2024 15:38:30 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 84 KB
85 KB 23ms
20ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6b2d9cdcfdf0ca4d3a16b10497131ec1dd50acf075386cc576d3c690394f4363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 86518
expires: Sat, 02 Nov 2024 09:15:27 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C78B 101 KB
102 KB 23ms
21ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

48ef1c63ec25d82163c8a88d2f67122d60715848092e0b34794189970dbe4f9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 103834
expires: Sun, 03 Nov 2024 09:23:53 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 061D 38 KB
13 KB 61ms
61ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 35022
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 05:44:20 GMT
expires: Sat, 16 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 B30678728.378094554;dc_ver=99.292;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=929882895;ord=fgagcd;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzw0Sf4ZXZZSpJsXOqQGmrKbYD... Show response
ad.doubleclick.net/ddm/adj/N1138786.279382INVITEMEDIAINC.D4/ Frame 0E00 79 KB
33 KB 81ms
80ms Script
text/javascript 216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1138786.279382INVITEMEDIAINC.D4/B30678728.378094554;dc_ver=99.292;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=929882895;ord=fgagcd;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzw0Sf4ZXZZSpJsXOqQGmrKbYD_2e0K5z883ttvcRv8qivcABEAEg9Pm1FWCV4pCCoAegAd_oy7ACyAEJqQIKZfeuGDWyPqgDAcgDmwSqBOgBT9Cg57fm9mdZfnXI-Lll9O03a5DMHKhIlbnrVm1jCDDo9AtS32NkWxdhC-57i_0Dv-HBokW6ItnqNPZLeh-7Om4lOmvHxua8d-dPZU29VBQ6Nb-nCXo02jftpYwjpA48XLUjMMGyPVCab7bt4_ZD8Av8H3Q4kDElKtw3eZHPXTDsV_ArIupMbB6ckrXh-ojg418GcX2CISz63o1aBb9vAHImw9dDjNJ1rf2B1I-Eaa9qyxNeQ95PwC-eiwPMLWAKwTGLnXKatKrnvjRu2yYjpJwor9EjHgwg_DqlUj7f9RpheZlBXiHikcAE27-Njr0E4AQDiAW_lcnnTJAGAaAGTYAHiZe0zwGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbAT89GDFcgTp8_X4wPQEwDYEwrYFAHQFQH4FgGAFwHoFwU%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB%26sig%3DAOD64_2SZ-_QOTJj7S2-tRM8wRPBG1df5g%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-Dm1__xvcXO8gtpKyZIYDyUldk9o9TZqa-G7Oaq6byNN1oFRi4cANi6neplUM0lhXWTRO9E4QXPnakoNKpmWLdyTYUnFC6NF6JpwzOqKySWpUMPR0FX6ryZh6r_eZgvrAhehcEM38crTbDZVx9huHdJNi0dnkPs2wDHxoboRV_GgU4W7OM%26cry%3D1%26dbm_d%3DAKAmf-BFEqL7PG_KdtxIepb2tJ0I4lSGvJmSHaQX7NeBwPXjHrqcqJrIvkVsqcTFjWwoCc-yeeiWhes66x0N6GZDJZXBE5fq1VOGzP6F4j9d2x9CMxT6_2SgQ1XFaC_E6vKClIL6iuk6bYji7ORoxARibTy_T-uSeffkcPN8CIpBwDWw9D7O4VVvSSML5nGbcTPMsQvHPmJBSvhBWKa3vbWDwXYFuGhaZx2uHcOyb6tcTAfPitu5dRL-K2Rx-A2eJCym28j6bGzz5P7LIxVguF5NvmD2zUN44BZ0svxRiYKDYUYyvvSYyhji1eD0oifn-BiStt64hzHkXrosTdOEfO3FUEonAx1v_n_rcujZGNBaAWTXrU5m3VZNlgRFmBVI28rLyfDeWBsgj3Kk7m8RwpMXdygD9db_JWS2nzylXDFQtmPcK70n0BXwUkT7gyW2igT_Tm-_Elkpmrc9FFDFcByG9mdRUWk-u2BAKRrtr8-6HZi821XKYW544mRwNRpGMx9YbuIl_ed6QVhsG2uvUybGbTzY3B9y8yUWt1h2nRQ1XaLzQk17C7Q%26adurl%3D;dc_rfl=2,http%3A%2F%2Fwww.mop-veins.tk%2F$0;xdt=1;crlt=L3TpiGxXmO;stc=1;sttr=231;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v99.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f6.1e100.net

Software

cafe /

Resource Hash

0e7b619787c5f27ec0828279fed4ed941679e07bf566e32bb52ebdbc50cd6d10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame A31A 273 KB
91 KB 71ms
70ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5812QZHH14

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/elektromos_toltoallomas_nagyatad_107452&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ccee6837d46551a4d53673620420c14ebcad6eecd6b5d01b21e2358221e6fc49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92668
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame D335 38 KB
13 KB 60ms
55ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 35022
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 05:44:20 GMT
expires: Sat, 16 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 6FCA 273 KB
91 KB 71ms
69ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5812QZHH14

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/muemlekek1020&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ab2c27889eec3d69ff8602f31bf09e8731433d920ac37b5b825ec0281542bd0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92665
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame B9E8 273 KB
91 KB 92ms
92ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5812QZHH14

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/vend_csemege_budapest_30&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ab2c27889eec3d69ff8602f31bf09e8731433d920ac37b5b825ec0281542bd0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92665
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame E0B7 273 KB
91 KB 139ms
138ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5812QZHH14

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/muemlekek1968&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ab2c27889eec3d69ff8602f31bf09e8731433d920ac37b5b825ec0281542bd0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92665
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame B53F 273 KB
91 KB 110ms
110ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5812QZHH14

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/nemzetidohanyboltok002802&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e06aeed928d4fe80ee8216e2a2693016c54cea21ac4d6178a09af010c44ecf7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame A31A 52 KB
21 KB 67ms
65ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/elektromos_toltoallomas_nagyatad_107452&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5901
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2810 236 KB
63 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 7D93 236 KB
63 KB 110ms
109ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 15:28:02 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 6FCA 52 KB
21 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/muemlekek1020&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5901
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame B9E8 52 KB
21 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/vend_csemege_budapest_30&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5901
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame E0B7 52 KB
21 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/muemlekek1968&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5901
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame B53F 52 KB
21 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/nemzetidohanyboltok002802&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5901
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0E00 111 KB
39 KB 60ms
53ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 05:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 18 Nov 2023 05:44:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0E00 11 KB
4 KB 57ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1138786.279382INVITEMEDIAINC.D4/B30678728.378094554;dc_ver=99.292;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=929882895;ord=fgagcd;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzw0Sf4ZXZZSpJsXOqQGmrKbYD_2e0K5z883ttvcRv8qivcABEAEg9Pm1FWCV4pCCoAegAd_oy7ACyAEJqQIKZfeuGDWyPqgDAcgDmwSqBOgBT9Cg57fm9mdZfnXI-Lll9O03a5DMHKhIlbnrVm1jCDDo9AtS32NkWxdhC-57i_0Dv-HBokW6ItnqNPZLeh-7Om4lOmvHxua8d-dPZU29VBQ6Nb-nCXo02jftpYwjpA48XLUjMMGyPVCab7bt4_ZD8Av8H3Q4kDElKtw3eZHPXTDsV_ArIupMbB6ckrXh-ojg418GcX2CISz63o1aBb9vAHImw9dDjNJ1rf2B1I-Eaa9qyxNeQ95PwC-eiwPMLWAKwTGLnXKatKrnvjRu2yYjpJwor9EjHgwg_DqlUj7f9RpheZlBXiHikcAE27-Njr0E4AQDiAW_lcnnTJAGAaAGTYAHiZe0zwGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbAT89GDFcgTp8_X4wPQEwDYEwrYFAHQFQH4FgGAFwHoFwU%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB%26sig%3DAOD64_2SZ-_QOTJj7S2-tRM8wRPBG1df5g%26client%3Dca-pub-4105316393188386%26dbm_c%3DAKAmf-Dm1__xvcXO8gtpKyZIYDyUldk9o9TZqa-G7Oaq6byNN1oFRi4cANi6neplUM0lhXWTRO9E4QXPnakoNKpmWLdyTYUnFC6NF6JpwzOqKySWpUMPR0FX6ryZh6r_eZgvrAhehcEM38crTbDZVx9huHdJNi0dnkPs2wDHxoboRV_GgU4W7OM%26cry%3D1%26dbm_d%3DAKAmf-BFEqL7PG_KdtxIepb2tJ0I4lSGvJmSHaQX7NeBwPXjHrqcqJrIvkVsqcTFjWwoCc-yeeiWhes66x0N6GZDJZXBE5fq1VOGzP6F4j9d2x9CMxT6_2SgQ1XFaC_E6vKClIL6iuk6bYji7ORoxARibTy_T-uSeffkcPN8CIpBwDWw9D7O4VVvSSML5nGbcTPMsQvHPmJBSvhBWKa3vbWDwXYFuGhaZx2uHcOyb6tcTAfPitu5dRL-K2Rx-A2eJCym28j6bGzz5P7LIxVguF5NvmD2zUN44BZ0svxRiYKDYUYyvvSYyhji1eD0oifn-BiStt64hzHkXrosTdOEfO3FUEonAx1v_n_rcujZGNBaAWTXrU5m3VZNlgRFmBVI28rLyfDeWBsgj3Kk7m8RwpMXdygD9db_JWS2nzylXDFQtmPcK70n0BXwUkT7gyW2igT_Tm-_Elkpmrc9FFDFcByG9mdRUWk-u2BAKRrtr8-6HZi821XKYW544mRwNRpGMx9YbuIl_ed6QVhsG2uvUybGbTzY3B9y8yUWt1h2nRQ1XaLzQk17C7Q%26adurl%3D;dc_rfl=2,http%3A%2F%2Fwww.mop-veins.tk%2F$0;xdt=1;crlt=L3TpiGxXmO;stc=1;sttr=231;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 16:12:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:12:43 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E00 41 KB
14 KB 60ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 384973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 63c51e1aeaeb06ed73452eca
measure.lamp.avct.cloud/measure/ Frame 0E00 0
0 113ms
29ms Fetch 52.17.134.215

General

Check archive.org

Show headers Download Go to

Full URL: https://measure.lamp.avct.cloud/measure/63c51e1aeaeb06ed73452eca?mid=651e6b2507e337ed959d3bc2&mt=1&d=www.mop-veins.tk&c=0&r=0&evid=0411d820-642e-4ece-9460-62379580486d&vmet=IntersectionObserver&seq=0&sev=start&sst=2023-11-17T15:28:02.968Z&h=90&w=728&sh=1200&sw=1600&sah=1200&saw=1600&vsum=0,0,0,0,0,0,0,0,0,0,0&vmax=0,0,0,0,0,0,0,0,0,0,0&trk=false&tid=651e782707e337ed959d3bc4-1-19&cp_lineItemId=20618300095&cp_creativeId=523603354&cp_extSellerId=1&cp_extPublisherId=1&cp_extSiteId=126390448826&cp_dspId=dv360&vts=
Requested by: Host: cdn.lamp.avct.cloud
URL: https://cdn.lamp.avct.cloud/attn.js?mt=displayBanner&aid=63c51e1aeaeb06ed73452eca&mid=651e6b2507e337ed959d3bc2&tid=651e782707e337ed959d3bc4-1-19&cp_lineItemId=20618300095&cp_creativeId=523603354&cp_extSellerId=1&cp_extPublisherId=1&cp_extSiteId=126390448826&a=&cp_dspId=dv360&api_frameworks=[APIFRAMEWORKS]
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.134.215 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
content-length: 0

GET
DATA 200
OK truncated
/ Frame 0E00 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35b9f4b08e55cfecb7af67ba47360c134997559204b3de7ccf81d3c3f4c19d68

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 9AD5 39 KB
15 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 14:56:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 14:56:44 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 061D 39 KB
15 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 14:56:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 14:56:44 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame D335 39 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 14:56:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 14:56:44 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E00 203 KB
64 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 15:28:03 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 6 KB
2 KB 75ms
59ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abdeff3f6b80e43233abe7678ac77ae09b4e04abbc10ad9cae8f472b8c12d151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 408199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2089
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 22:04:44 GMT
expires: Mon, 11 Nov 2024 22:04:44 GMT
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0E00 0
0 74ms
73ms Fetch
image/gif 142.250.74.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstkTlVuFwZOGHOmpwAHQp1sBHoQ7CdVy3HEvnWo5tlAxO5iope3gZh4PMZg6KlJDaH0umMZYQ3Y0DhjXNs8AzwZeNgjRRWnovVFziSDqhAhUyHWOhBBitwBaQwiS7BA3Qow4oE9ngC7EhsoVenjdUOWx7hyRUV8E_jFX7ExmYc&sai=AMfl-YRkFHNz7Pn6FCzPBnRdVhpV16bwf4IUxXwAU5a5s2NWMxPBHUGVbES39Nl-Q1-3i8AraT7dsJHm6ZIf4Y2OEBBjPeKdVYGV-YQ-Nw&sig=Cg0ArKJSzIzD-6g5uEcxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=331&cbvp=1&cstd=329&cisv=r20231109.90404&arae=0&ftch=1&adurl=

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A3DE 0
0 76ms
74ms Fetch
image/gif 142.250.74.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEqfQcPMNDE2yMS_5BciccPW5rzyx0qpEbJ_ljG_F0DOG4o7m7u5noBV4UXHAaR0lu_rwwek0Qp0R4nyGsNCNUdyG0CPbN_y9zevbPnuZ2AtoV7vJn1Udkvc-gt_yHwjAwWgzkRK0OfExa8YaVjYuygeegVRLK0MYLep1nY3ek_VtipBDlP3S8ejYGd-0EiasztfEZ7UfHT3sq8hF5DqZNUqDc6uxmStLCZN3PJZbGAFB0qPo3-TdexxddMG3bY1m_IgmBWqT0qXOVr9ZinHFkyAP7dANSd0eCqg0HBMLpKOJ1tYb6rE35H1HUHZLuqXMAhpJIsBcTC4UDqmdfVWVvry5UvrFO54uAZJcUrISUK6HvgP283PCl_NHDngf2jUJp2TNBJBH9f47GIcrnKCP2CAlz24xf7QDWAvftuiBX0BD83kXH1u-2yaUcpnfiH3A6AgcQnAI0CfGohcoEDPwA9dHAar03MbqDuaS414nb7XrhIlk5PGdJfnDZVnPVZ_To1YeaAbUgWakh4LbFeuHa9bhI9gzkMj7ijDJazRFdwW_OQYrL_zugkqVdJig9yiP6Gv5jiyuDbbWIrqlyMmN0lm15-sIbztfySaf1xb4d_n3f7oovg9rtmD_nhH2D4omzgXt1PXlwNoWYK9s9L00TlxVAGDkpfxUYFYiWmex5ahMuiMtyDAHbwGuLOhJPnWwdFe9I3J2FsV2tNLlfHmbQKCvHtRqsQWYHwt1LbwgYPIcLrYBsHGUa8VqHJ8c-4KfZh0R96S-HF_JBNsNfyR29F5eG6w2-z26Z3NYqLhl0vWtBvOFYGq_yr4eEfRad9qZ555bjewxKOZokOTQKpR20qLAi2LvVYC8hEwDKSS0sS3bgjPRUh1MpaMqU1iEjsBEpyCPbYwLXXgI51luwbbUcFur2F3xq12v-zAcAeelUHKoPrdRJC2Y971BgkWbC-67vlMcLqjCrfJvFG-P6QNmOgE1Ky1gRZNJdTxVXkC8g4eo85VBDqpzilwxdnoui8e6R45ZurwyMOSjY3nryyzskGVkWFzq6Y4t-pThtn8KVwA_ROyGHnuzqLRuOhoGq0TWUmAtJd6LNidGFBXkJWLnc-4YNmIM709H1d4hoRzkhGU4of2BJUwe5_vmKcitOkuYY-dYdXWroK0mWMeHWstgoitPXloHpzD6C1TuvUptgQtNDVzOtB3Sx9gLrPUF48m_7NSJMR18h0YugoG14KFLeQXMhriCGgvsehQT-NPzZw2JMCVAVWOFGiCBLn0uDunh1gGUN3NCo9dEW88PcjQ&sai=AMfl-YRKnh30cM_-ZmkA3dIBYBWLEt9tgqqL2jRpm3TijQ3UuqoZm9Ly2ejOIU8QQt4fAcI60VgrPLpWR0GLDdAdosMrPZlSq9A_y5l2-l5H6D0FPXZY0clAlIB3pwdybosRO9oyBykpMtCQ7YQRQmPpz8ciUrY1nmQWVBKXd_IY99Xv-bWgyiZRjRqIsuUEzFoqhBkh0z2zM6v_g-fjWnyExsGF-m3-tzE5xfpF8bcmur2n4Xfvr9Wpd2998G9xIYM9k9ONPbTT5IfesazYG82bHx9ld6iEvMH3SLTltg&sig=Cg0ArKJSzKDOjPcJsURGEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1072&vt=11&dtpt=777&dett=3&cstd=292&cisv=r20231109.31198&arae=0&ftch=1&adurl=

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C48C 0
0 74ms
74ms Fetch
image/gif 142.250.74.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstiHHnSq9LGR6VhP0js-V-1hz3IwKiiaVQ5vyq169micVupUm0mFqV7Dt26eR3ahYpLx-JAg7V1K91EjRDYFROU5yxNWW7RLzb104x0IWugN-Mok6EZ2pgurZvAnoxv7DDwzVUnowTbfW_02j_seE9_TfeQQ2JspeLIAp6oYL_j-l011vaZeVuPa534TCvqlYIQvL6mUPtd7_znUT3vQVUkdodm77WK7eKTEchn3bbdozK3d1crPbDv8dJjX_9-3AWvUz05iIhcqHD8tANtD33XNwv3hxVFT18uu6uO2WE3hcqyQ6fydAMjF_tpWMJiWMHNRxiL5qUEknSHki-zlkOfJaQaDvFLJ3bMzhqx8RfOrSOrOWxcgOV77Y_Uv6SeyY2D4zHk38qm5eUDZdJKpn_-cEd19ABIM3-YUMuHoFSaNxFv_bCpuRqW4_cMVngtdbg3jjcNaFzKGwNvif4rvubCWWu8Yh8S3OgNl0i6JJ_K6VQpOpqweBLZLrGLh4y8ITIxB2WJLGXIKqxyXzsILjdO8sr_Nyk2hRBAE3bd23SuJoPVtg06S8kv5wklvv9gzZHd0i8eKONOBJn2I3rEEJ6KbCmKhMj1k-skxoraJChCummasuYSv4fNMFvC7gvZqJLFnFIDrY-0QPrrm7EjXiiSLkgYFKEdwhTkH_RsWLxwM7N851EXyTUEdGAFrWiv5koB4h5t_79PbEEjBRqmYa2oZav9twp5U16gzzvAbuKqvIXvO6A7a12AdayeY3VBXvZ5aNU_nPtTnteiiEreCS_FqPyYYVb4EcaMj8xs3IxnJD8RpdTM-RGFFtgn3Hh1fXDfd6qL_x9uOd21I0YLaEYZJ01Z1gv4k-fFEN7VotaVT0JunLby3D5VuWUYlZG2qmX4kDEV2K7FPpmT1RBx_qwGs8t6xlZwSn_-HXCh5Xkln8nHfQWh2DY6ujBwb_l1gGFsGGr-Wj2Yp-ufrRCyeeVnwO1UuGxY5Ai5KRcRbclY8ntqPmprf344_XnNoO5munapaz0XPDGeK_W6GY9P8BXqREQsde9ZxDPkheUwYB9hrC8Yhq5jIaEBMdoLouUjhWoJAV376iiG5kum4-4ipOX7ESRWfT2XPf7PZXZVbuDNFYu5hbHvGJQaKH8Xts3wqxt-S8A7ecTcVyChSyQVYf3i1Ujqw2KYKWo3I-oIrsWGN6ohXzz-YpG4B1FLtIWbE9hFkXiiRQpGYhoc1n6l1TlFCABdAY4enZUcjhIvYNSpJYc78LSEDc13gv255c9SA_lrll9eJO5dqPibREnqQA&sai=AMfl-YR7zUVEBb3TZ7Zo8d2TqFJAjjLj5438rF-dFItYlBs3dd1oocP0AfBjZwmXF7WsYQ79jwXaWMz_dsiNKG7CXO1jaNAlHtTncNuCXMMKzMvi-BCkGRbneuaDKtJsNZ373MDu90B2u4MLwI1psYp8SK8mEe5YyJ0yMTO6BGx3L6ZUPlZbxCngC8Vnr4Q9L9BBw0IRHl4AwH0-1y1E8pvarj8wv2j9kK7AS60CeVyKAXLVxY1g5savB2slMZZx3EhF3xu2h0xKNoIT-WnqfLzc7CWpa2Dz0uwLzlE7lA&sig=Cg0ArKJSzB2U5iRorCpUEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1250&vt=11&dtpt=801&dett=3&cstd=445&cisv=r20231109.84815&arae=0&ftch=1&adurl=

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C48C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6e107b39f7e40f831c879508286d8f4d339964be70bc8156ae3ea7183ba581e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A3DE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f1b3cca7fa2290220455dd66dc432ad36b81656375699c8cbf2e48f7f724c65

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5653 38 KB
13 KB 69ms
59ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 35023
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 05:44:20 GMT
expires: Sat, 16 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame F76E 273 KB
91 KB 61ms
60ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5812QZHH14

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/lottozo-gorontay-andrea-vivien&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e06aeed928d4fe80ee8216e2a2693016c54cea21ac4d6178a09af010c44ecf7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 15:28:03 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame F76E 52 KB
21 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.mobilgo.eu
URL: https://m.mobilgo.eu/lottozo-gorontay-andrea-vivien&op=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.mobilgo.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5902
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 17 Nov 2023 15:49:41 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3A13 236 KB
63 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 15:28:03 GMT

GET
H3 200 728x90.js Show response
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 9 KB
2 KB 65ms
65ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a14d925b35bb3035cc21f39d7f34f8d83e5b1b2ad0bdc965d9d5e2ff7922fae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 03:54:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41639
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2264
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Nov 2024 03:54:04 GMT

GET
H3 200 _preloader.gif
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 673 B
700 B 67ms
67ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_preloader.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da18849e09ca7517671f0244bad6aff6299f6c320ea5b37213e76963ffeddf0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 22:04:44 GMT
x-content-type-options: nosniff
age: 408199
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 673
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Nov 2024 22:04:44 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 5653 39 KB
15 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 14:56:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 14:56:44 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9AD5 0
20 B 96ms
95ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8luKgYZXZdiXL9SEjuwP1rqsmAIAAAAAOAHgBAI&bg=!ExClEF_NAAZxrfrxUa07ADQBe5WfOHZsWdu1PeHspSwoc8Oy4RN8PbovuhditCG1GuI0f5ypQEU2Yk5jNMyGyDZ72bnzAgAAAWtSAAAAA2gBBwoAhJN6CNR8U6WXv21U9kXVvuJL2U14np4AC_7EhPfD7E6KQEonDKTcK4sHk3K0MUnrjSpl6cfd3FU2PRbHQpX8GUPtKByYh4mWtDDwDCtg4LOyLvyuu2A1OnLJWMNH3XCQEB2wxlpqkY8-YgKR98COH_iQc4CffLj7za46FQE3ynGzpy2GipkDAeTvESYWhNVURzNP3w3Z4TjPsv9KZMPlufFxKkD2XyWdLOe3jiv14uTmI1jmDBwMDxzqhdEB7Dm45XidR_lkJUHZ_s1b95NMzP_b8AWQQ8VV29XPagLS1kAWjl508lYCzK5f5uAipff6bdMdq2QmZs72T0wl7YZkGUESMN9So-cNPSelW2nLz-ol-mjxnicZg2-9qAZkzCvzcBgYE3fuP-KhO4WXB2Nyfw9cdeSYCgoILu62wJ_EsU7-9-qWaCV0fC8vHAZDUJNmeq03rskoMFukp3fs9PEYzFHaQjdWsxurikoIhT_jbwi5YLkxfspCvg56huvPkGKIAyH7N8Q2DEagdzGhtEauQqy96tiq3yjK_c9Yzra5DU1vIzBRnJq2toMQjrwz0ZJT8jpsckidUr1I5E-cVU3O6FjHhD3wn9bCl50M6h9Gdl3oM_OYFd4X6Y5aMsw9wuUpQbAtY3mN9PyWGwse2S6ZiO3_TYrkdxJV4IO7QpNmMRcvh6HDaWFhQZRs1YIijqDjKvn370rIlFDgPtMzZOpUXVZhy-SWmKIyB5QhfacWdqP8Jvn3DQmsAh1BXKxzx5Lf5Zr0ArOa2tcItuHsVdXG4p08Y0XKkYZ6MDqEEAyx1m5cqYCwb0dGN7nRt0Fks8tlrQZryRvlUIHz3hCz8V-prRtMIieZSKUdnde43uYtT2R4jcGbLZHYv7DMgHu-TwSfNawShG7emLTxcRdCgek9DUIirLCsDrkQIk5TNtSYzvTQAFaCEhIw8aalyhHtn7xXEzfR23XCUHnvhBVbVX6_WzSQ2etCzoxrXgUqF0tl4BQHrW3uvXLCH69PRw-vgb_2oyyKxCdkEfjjtbAB0JO3uN6xI4UTRfBjYoFbChr_jJId5NkpnSpscA0ccJ7TSjEj75dWJu8KJsq744tCP6pQPTfbGmt_MR7bbK3DCysOR4-zkeSNR3GHxbYOFAazMMLajxtUiwCCrPonBzuMDjVTi2WudyOJNJnfU8z9IAwAo7j6YAoLkV3SYh4

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _728x90_bg1.jpg
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 15 KB
15 KB 53ms
52ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_bg1.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d921015568f0a3b71ce30f6efad2fe3cfcdeaa9c17a683946e13d0924748da94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 22:04:43 GMT
x-content-type-options: nosniff
age: 408201
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15762
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Nov 2024 22:04:43 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0E00 0
0 74ms
74ms Fetch
image/gif 142.250.74.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstkTlVuFwZOGHOmpwAHQp1sBHoQ7CdVy3HEvnWo5tlAxO5iope3gZh4PMZg6KlJDaH0umMZYQ3Y0DhjXNs8AzwZeNgjRRWnovVFziSDqhAhUyHWOhBBitwBaQwiS7BA3Qow4oE9ngC7EhsoVenjdUOWx7hyRUV8E_jFX7ExmYc&sai=AMfl-YRkFHNz7Pn6FCzPBnRdVhpV16bwf4IUxXwAU5a5s2NWMxPBHUGVbES39Nl-Q1-3i8AraT7dsJHm6ZIf4Y2OEBBjPeKdVYGV-YQ-Nw&sig=Cg0ArKJSzIzD-6g5uEcxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1062&vt=11&dtpt=731&dett=3&cstd=329&cisv=r20231109.90404&arae=0&ftch=1&adurl=

Requested by

Host: www.mop-veins.tk
URL: http://www.mop-veins.tk/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 99ms
99ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7a4996b722e3031114d989afde25a177621b5d92fa1d1b981645d789b7bbe4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12330
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0E00 42 B
64 B 99ms
99ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYpoWmteMxNCG_QmqFuiUzaQmr3jrwdvUKqqsaS-nfFIDc7SeJrcaHNmgvycJRXCLNQvb_FbFzzjCKA8GBJEnEb3aUTfTU2bOuKeRYyuiYPwLKIyT0qgBe97o99mEwuJmqvgfRhL-FLXL3&sai=AMfl-YQgV_ruiDv18Y0FGCI9StyJuNdoDmlfeLAMU4hjWTEUVTJkv1SDY6x9eTCgiWpLqvYqngRotXVRqM88Ox9shgpPmiUiVKaOr01CSBNpQQm4G8OFHxNAzwxNmCSrJyTGKdjAhrE07akSGwlqud5N&sig=Cg0ArKJSzATUkPKLEmsLEAE&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&id=lidar2&mcvt=1083&p=0,0,126,728&mtos=0,0,1083,1083,1083&tos=0,0,1083,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=0.71&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1700234881525&rpt=1486&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _728x90_bg2.jpg
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 16 KB
16 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_bg2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d288569d31c44c2b5bf3971e7c4acab9d27401efb7212afa97b10e3e3ccbffab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 22:04:43 GMT
x-content-type-options: nosniff
age: 408201
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16447
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Nov 2024 22:04:43 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 061D 0
20 B 90ms
90ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BJW0LgYZXZfKGOK_CjuwPxfGm-AMAAAAAOAHgBAI&bg=!8POl87zNAAZxrfrxUa07ADQBe5WfOPVIsVdLLVvfoMh_1_CUzMqxqARTd_vTE6PksDYFUuRqX5UljtElGyX4JD2yCB18AgAAAcBSAAAAC2gBBwoAfItLtgdYkPU1tinN1SDxrfnv0KwtVe3ulkydGTuaHmWnvnE1-ICKm6l2Q8m2AhDh7hPZZ4ib9u8O-rsW2igeP4BcOuS45n8zNg6Q4duX4OrSGUmHEp4g8LXcRVltvWZhMNsWrpK6gN3wo6GMPghZghO6CCe-dWarFDV8n06ZAw4qdfmVpWa3TitKTvFv14-bbqJYyjgyVI4DtbIF90ZOLikbHU18hj1HlqjHskQGybxlCdSeuZxc-z8KJo4pve_JMvgRp1twBoxDt3-qgpUmdoQY77T7aX5CKxISKKd4n6a8ptIooWlf24lQ1IRsmEmSjZtjS6LiNgb0gRbYXjuFzzIk7qM6iCResqOJDaU0MYCcUTquKOW-aMLiZ3hcwEo0gmDeQaXV1QcIHlsg_kyybO3as0TYonyPEoTucvGoQ-s68uDt729rqIaPXzgWCG0MeIPHaqibtdXev1VvfN3Aze0QgTDETrRSsX_41PeRZZiiy0I-Wam_XMdK-It9n2GrtVjW1iHYfH-sIatL2Qqtldm9CttBOwnsWJt-z5Ksc6HM5632zBe4S8RJIAlNf2yQo304_Fb43detBU0pd6HLuL3nZRGxvYJxZwpx61_kamI373ifRlU3LhMuy8YUc8U0jXArOVjhX2v4Ye0pEUsHUthqvkWwC7zKKsStWSoTq_ffn7N03XUSYqM0CYzn8aGa0LMb5FzgK1jdCQweZ1h5rcr-IK2XvSvbXumkAMoP2tM3dHVttCllVV-dljb-AgPNX-Ltv0Yqzhc8dOIXMSh1GSOZ8rvW8uHI0O747apWG1R-1b5KImBafCfr76iFQxpeltUcFZ1kV3-Ti3Ireacrs3tSwvXtOsLMD4za5dQrRUtgXE_Qv9u9NFnr-FU-NwTwQGetyq3ZyPWk-bxEJWbRk2l-SvqW1KVzZl9jMlqGD_g8E9fTZ5R59RQKCYMaioqr34nuD2vhNDlTiTakjsXqdx57JpyB6vOVf7kVaj4H8WPqfupJs0vkc5Vdc9d1M85bO8VSXzfHcB4zEiEl5iU2y0PII49cLVv0WgvfR1tcc5Yz5hVxI2vgKs1kdu1gb3v7gGrcZ_zOl9kss4IFNO-6v6u5CcPCgez_nAL_f3_PPwgK6MUAyfdlfMNCMWL6OKwOXskrfTdYeFvWDQ19CKk5xeATdafdVTl0-MofCokcIcAxaff_BIXwFcEGIOAoyg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 96ms
96ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.mop-veins.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Nov 2023 15:28:04 GMT

GET
H3 200 _728x90_btn.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 1 KB
1 KB 53ms
53ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_btn.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

323e5af8a33b9e65da9de11179875c91d6f4db5cfc79e2e444d8a7d98b353400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 21:05:37 GMT
x-content-type-options: nosniff
age: 325347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1261
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Nov 2024 21:05:37 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A926 13 KB
5 KB 56ms
54ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 15994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 11:01:30 GMT
expires: Sat, 16 Nov 2024 11:01:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D146 829 B
998 B 63ms
62ms Document
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bef44be22e912609c2a12ecf0973ef533e3fedfbafd55e07ba63692fdf46dad5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3CO50ipNvBINSD3H2Lft6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.mop-veins.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-3CO50ipNvBINSD3H2Lft6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 15:28:04 GMT
expires: Fri, 17 Nov 2023 15:28:04 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 _728x90_logo.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 693 B
720 B 54ms
53ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0be0aca44bad073453d3f107123dc563fa9f6d92889d2ef3b2b2d27a6a643457

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 21:53:06 GMT
x-content-type-options: nosniff
age: 149698
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 693
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 21:53:06 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/902398463278760126/ Frame 2810 52 KB
11 KB 53ms
52ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bda5aba191e5dc24473aa8b36c989c8a29dc98e0cc87c1672007dc7c7dc3ba09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11690
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3DE 0
20 B 89ms
87ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=968672044044&version=m202309260101&ct=76&x=1&cor=15211146504769497000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/902398463278760126/ Frame 7D93 52 KB
11 KB 52ms
51ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bda5aba191e5dc24473aa8b36c989c8a29dc98e0cc87c1672007dc7c7dc3ba09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11690
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C48C 0
20 B 87ms
87ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3135773349921&version=m202309260101&ct=76&x=1&cor=1126878060032665500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _728x90_t1.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 1 KB
1 KB 63ms
63ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_t1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff39cab0ad3ca8bc174726bcf9c7ef2e1de32ce43d0f786dcc94062a747e3c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 22:04:45 GMT
x-content-type-options: nosniff
age: 408199
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1082
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Nov 2024 22:04:45 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D146 0
0 90ms
89ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=2630715632995750&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/902398463278760126/ Frame 2810 9 KB
3 KB 52ms
51ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4acd2a885abaf71baef00bebebe1414f623eb90349253e09cb5b04ea58ff9fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2727
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/902398463278760126/ Frame 7D93 9 KB
3 KB 52ms
51ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4acd2a885abaf71baef00bebebe1414f623eb90349253e09cb5b04ea58ff9fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2727
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame A926 39 KB
15 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 14:56:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1880
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 14:56:44 GMT

GET
H3 200 _728x90_t2.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 1 KB
1 KB 53ms
52ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_t2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13ea63c90cacf953e3eba54a5083eeae0a4ee8e1b67fedbd594e7f3128eaaa1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 22:04:45 GMT
x-content-type-options: nosniff
age: 408199
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1055
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Nov 2024 22:04:45 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D335 0
20 B 91ms
90ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BxhiqgYZXZZmJOMm83gPv1LSIBwAAAAA4AeAEAg&bg=!8vGl8b7NAAZxrfrxUa07ADQBe5WfOHGNBG9MQ2MxDOrje2uf2jfVKbsZoZiHy7SLtCQVzmRtss8l2HsyHq_7lTkcmphGAgAAA1VSAAAABGgBBwoAVZjLpV9fjmDftNxROr9JIA2nCsMwN_tDDRfjjtn-xxQKhNXjnXOlxu612Gm5ijezEWxiBpm2YKyIYhljKFL1LUGv47x5KXz6EtxcWgTrxSiJWgCshGyZAwcsBpP8_M9ENB9v2qQsEBB0_3JFv9wFRuRz48XgoZPWf3v0_Eh9fXnp0CXqCrn8QDAwX7GaBHj4LAfR0-jEszcgFudNGgO2tOFh8vIIgueL7mPXbcA6vu0sToK6cPHZ7q1pb86zvUcXR2LN5Ax0qA43J_SUfSjt9ueEhHKuAZ6xrfgNTUAvy9aj7OH-zeCgAyLr3UcBo04DcV6NCBTj_MvfLOJcdo6JxLdABOeALGIkSx35NPYWjd0cIit4-zUlJNWjpeIjuzwxfeb4BT-A3iwwUEh6xEuLs7vPSVY9mYl2xdFa6s8WFbp43aPoojw1Rze809aPlIN0LUK7T6sj87GqrD_cZk7RPc9jajcabAQZdCgJO7NXWV72Gq5U5qIUGw27BxBbjcP6bE6-5b4vG51JOxIMP2GrwGGfzGOwD_quVoRCVNLqKQ6ccHA0S9sdz1bGzxYTEdtDjDD2pG0UKwC44PtlWueufDIJuCV3UnN7mKvIg8G91VEsud3o2wYUuU9lWrV0Y5iuQ1ypqcwThwJhhN0ZeD2gJdcLILv_GNDvRc7sj8mpgHwYHL6VGLtfM9BVtkNVVUcl0mD2lMXXCggdStlF0J5JDsWVU84VXun-167WKokJkAcAgjJTyB_tGYS3Btt5E7dSPKbz9bEX8gJTc_at2FpyjK0v_TXnCW0OrTSs9_V6Tvl64AGgnpASavi9ak0_nBYtvFsnFSDH5FPRjH1dTW7QBdHmzeLgZUM_VRDIRidTyBUPkCZZ1-qu0PGFy6qC9GTmgKUxKXqQRKGSwBRgqfynVjZ6JCrjOcczTqfW_QOj8aKCqvx61cCrmcwkUNV-xBDC16GNpE-3LO3Dhx2NVeJqsuAxJIph3IItTfh7FK1apXI0KZ-1sk9iRVxPU8SpAlabk92E5nnZH3d1wD-Rem5py7SazHlGGUySNT_Hy8UcWFbS1xChH1xCpR7_zqr6wO_jIOLvS3cdTCbVexyD9pe1_qtFMYyVTTLxmxoB8mQK36-mWS0gJDTVeFyg7ZKvvpXc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C48C 42 B
64 B 91ms
90ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthUly0iUSvn4eEfmZx_tKlDUWAhzEctArjCCnBQEC8qoJ0tZ9JZCq0agnZX6smJISg-56mEfODdTlJ2J32-7XwGiNfFnAWIzoX9GLjq3cTHK78RZ7Yy_xbavP23uBaAaCa7hkqEECun_z6&sai=AMfl-YTekgnkbb6nK7jHOJqcuHVz6mCUsy_2yOMnBeJencdeFNNDs8Qsac1PIBBvL6d6jNzFzJ4nqD_3uTe5AMWiPzGOryebE8TCM_qUvYoVhW5Puewt9VlJOaeSGojK7vpy6WLkRXlKsaO3jHPW74CU&sig=Cg0ArKJSzD4sem_HlsX1EAE&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&id=lidar2&mcvt=1002&p=0,0,618,160&mtos=0,1002,1002,1002,1002&tos=0,1002,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=0.97&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&vs=4&r=v&rst=1700234881462&rpt=695&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A3DE 42 B
64 B 89ms
88ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssz-b9O-89TsLTBQ7k8I6_HuPVaAZrMoPcInbpzGAqMU6sTIfv4X3vv5RS4vK0v98hpBxlQaJ9IInOSbsG6S12tmUwRzloeZanzHIXzwLkYBPA-Aw1fVjDdFlmSboW7hZlHnedlzE6kNHRM&sai=AMfl-YQHB0Q6kZz9lcqT1HBwAL1cn5k3X0AE0MIH7yqhEAWSMLr8Disd8XNNfqDohmDycb8WCMxjJ2c5_pmtqRWPo-nXPD2w6iEdvW_TwTsnpONCaqA-3IArr7GgXJy5L2W8U6vZBo3AKagwT2y2dONq&sig=Cg0ArKJSzKKApeNqB7u5EAE&cid=CAQSTgDICaaNmSUHkJHKrR26OqqzkUi6HLNkRtsgZVkJFCxLnYnC3rvk7_dBMedGZc8Sqgq1zkJxUNLb3zQdINBNEcJbOIKBuj2HWzDxb78c7RgB&id=lidar2&mcvt=1005&p=0,0,618,160&mtos=0,1005,1005,1005,1005&tos=0,1005,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=0.97&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&vs=4&r=v&rst=1700234881488&rpt=834&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index_atlas_P_1.png
s0.2mdn.net/sadbundle/902398463278760126/images/ Frame 2810 23 KB
23 KB 53ms
52ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/images/index_atlas_P_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da1cb0997e6d8ffb09444eaea9dce0e1d1d91507f629df1af30e0e8e2b3592f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23165
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

GET
H3 200 index_atlas_P_1.png
s0.2mdn.net/sadbundle/902398463278760126/images/ Frame 7D93 23 KB
23 KB 53ms
53ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/images/index_atlas_P_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da1cb0997e6d8ffb09444eaea9dce0e1d1d91507f629df1af30e0e8e2b3592f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23165
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5653 0
20 B 93ms
92ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BCi89goZXZbvFLLK-9u8P2NypSAAAAAA4AeAEAg&bg=!yMuly4TNAAZxrfrxUa07ADQBe5WfODZT0fLQzbN8UMloSVjVx3mO7qq0XWBQ6gdWhJb5R5ks7XeQJZTWwSbmP3Km6zv_AgAAAXdSAAAABWgBB5kDGlVMPOs3S5IMbFf0-lwDsZ6xAD4K9fDxILBmyM8LZgDL0LiPbo3skL_YWjjNmUPZZeizKW29UF6TxMCaIzd2FPhMwBwqze3DzwqugNhXgguxeTszmUhFib3X3QYepC9uN5APSW4Ql0oeO4wo9NGch0pXBZ-N80k6k9i4lTh3aeYDvOJBJENUyiUuYTmNTrxBpexO0nXMz04_CnQM7s30Sz1CVN5oh2eLFGWTIstagNeB_7wBNYZ3AuOsAqkFsaKo27rSpA8RY0tJpNNc2c7ZF1ympUF8MkObbjOUzn5JNluoC4jk3X2jzcJhwEiekmwxyh4R_N75mCczzBM0XueQsGB54cbgEjHJkHbFhW1ysom2AA8Snuz6Ky2l0yKJXPgRR0X3lr_UxebE36HyTppqMTdEwNLt_Xn413gu2WiiYj0akCUh50ChgZYozQYxzNZccjj6iuRnSmNDozlgtkpMHRm_yhjBHKN7emBfI-rT17T0asImNPyOepvWm38BtcBV6BBGspJomvxG3t_pCVAsKY6LwW5B7rbVLMYBz3prAoHJ3UCimez4V3QIrmg_T9HOg86EOiD1dtKLhfncmSHdbeHb7h6yxIas2WHsicozwJKtPk8Jz31JJWDLBIkevvye7XQhZz5Kvv13pXiRiYu3YKBr2NXy-Lbx1wdUcPL_e473ACOGb2yJ7vtl-wYOExjBh6X_Rr0hXhfuUeldfuCQm7q0O1Y-xpx_jVVQaEvD6l_6ZGyQ6nGd9MOYj5NL3KCKrgsBg3KCXtPOtI22ODhucyyPn5JS8UBDmGOUkuzpCKv_zdId7D5qo7KxXA6vvug819odZLoKcsR26jRUF98krkDsrqTxi2WvJDOAAlfz60YUkRNROM_qDA9hQoPlhmBvTkxR-cqxf6N4Us3ChRjGXSnCIcd0lJJic_IlcEf22_6wQ8ouHdJYSrm_1jCsV8nxeyT1UwjFaUsY3qVdlHCGLXV5B0rdMY57E2kY28ySpp1oKZDrR2Qx6dKCMQfk6Phvw6CectLgHKwpX4wG_DEn1rSIG6wyprAlyoPG

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 splash.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 3A13 5 KB
5 KB 52ms
51ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/splash.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fdcadbf224bfe461644696c1eeaceb184b9906bfbe08a47a388680939df0e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 18:21:29 GMT
x-content-type-options: nosniff
age: 162395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5155
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 06:01:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 18:21:29 GMT

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/902398463278760126/images/ Frame 2810 45 KB
45 KB 52ms
52ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/images/index_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa5e817a4e28ad3e7850b95fab8652162fc7c40d98abc066fc5da93f905950ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45734
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/902398463278760126/images/ Frame 7D93 45 KB
45 KB 51ms
51ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/902398463278760126/images/index_atlas_NP_1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa5e817a4e28ad3e7850b95fab8652162fc7c40d98abc066fc5da93f905950ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/902398463278760126/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 23:20:51 GMT
x-content-type-options: nosniff
age: 230833
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45734
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:36:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Nov 2024 23:20:51 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0E00 42 B
64 B 89ms
88ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst6MtZZTi4XASxMABn-99Th2wLI5d5oOa90ZW_IsI1mx_U0AjRMBlIpa-1PKa_e2jL1X-gvYnu6Lh4AcWBjR7SlYXx5sUJZjoAQu8OvWPRR3LTqoFuX4x_qvQ&sig=Cg0ArKJSzHYoMipqIVNiEAE&id=lidar2&mcvt=1018&p=18,0,108,728&mtos=0,1018,1018,1018,1018&tos=0,1018,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=0.8&if=1&vu=1&app=0&itpl=34&adk=929882895&rs=6&la=0&cr=0&vs=4&r=v&rst=1700234881525&rpt=2202&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A926 0
11 B 54ms
53ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?PtCo_A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:28:05 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E00 0
20 B 88ms
88ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2694845573210&version=m202309260101&ct=77&x=1&cor=15539817034796330000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 15:28:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mop-veins.tk/	1970-01-21 01:53:14	Name: _ga Value: GA1.2.510651855.1700234879
.mop-veins.tk/	1970-01-20 16:18:41	Name: _gid Value: GA1.2.1357289584.1700234879
.mop-veins.tk/	1970-01-20 16:17:14	Name: _gat Value: 1
.mop-veins.tk/	1970-01-21 01:53:14	Name: _ga_K89DWMDNXG Value: GS1.2.1700234879.1.0.1700234879.0.0.0
.doubleclick.net/	1970-01-21 01:38:50	Name: IDE Value: AHWqTUnJVOVrD3JI0N6OrDIOrsSyUvBRc2BrbrNAxMOObZCWW_7m-FDpafuhvN0q
.adnxs.com/	1970-01-20 18:26:50	Name: uuid2 Value: 2982757294556567388
.casalemedia.com/	1970-01-21 01:02:50	Name: CMID Value: ZVeGgPWDlW0anNfSGF8j4QAA
.casalemedia.com/	1970-01-20 18:26:50	Name: CMPS Value: 2182
.casalemedia.com/	1970-01-20 18:26:50	Name: CMPRO Value: 2182
.doubleclick.net/	1970-01-20 20:36:26	Name: APC Value: AfxxVi4_p_D7uVsrObI-2yiORg4UfjZ3hnmVDlry1w1Yy49flk82WA
.redintelligence.net/	1970-01-20 18:26:50	Name: 8lcfmzhxc8d6_uid Value: aae59a7f81e7d709
.doubleclick.net/	1970-01-20 17:00:26	Name: ar_debug Value: 1
.awin1.com/	1970-01-20 16:27:19	Name: awpv11601 Value: 113440\|1700234880\|e48be451-855d-11ee-b3f6-2239b4908fbf
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.office-partner.de/	1970-01-21 01:53:14	Name: source Value: {"webgains_webgains":{"timestamp":1700234880906,"clickCookie":false}}
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: tdd22rubdip5aebgm2jwhjtj
pb.media01.eu/	1970-01-21 01:53:14	Name: DTU Value: 53726B37C52947C58A01EEBDC408F7BC
.mop-veins.tk/	1970-01-21 01:38:50	Name: __gads Value: ID=12e0cad9f3864e3b:T=1700234879:RT=1700234879:S=ALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ
.mop-veins.tk/	1970-01-21 01:38:50	Name: __gpi Value: UID=00000cca5b2078ff:T=1700234879:RT=1700234879:S=ALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg
.adnxs.com/	1970-01-20 18:26:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2H`bG]9!'!A#F0(<j<dINiYhTyXnfi8FW/hVlv:6R>9E6:3?2gg`+<4gM%<3R.VOu^ME]%(2K:$doS]%6lNR>HN[g
.doubleclick.net/	1970-01-20 16:17:18	Name: DSID Value: NO_DATA
.quantserve.com/	1970-01-20 18:26:50	Name: d Value: EAsBCQG5KoEA
.quantserve.com/	1970-01-21 01:47:29	Name: mc Value: 65578682-77371-e52cc-e69c5
.w55c.net/	1970-01-21 01:47:29	Name: wfivefivec Value: aytzkRDz1R40Lg5
.w55c.net/	1970-01-20 17:00:26	Name: matchgoogle Value: 5
m.exactag.com/	1970-01-20 18:26:50	Name: exactag_new_gk Value: 9a00ca77c14549a385505b8270d6a76d%7C16.01.2024%2015%3A28%3A02
m.exactag.com/	1970-01-20 20:36:26	Name: exactag_new_uk Value: 7e050147d2f241a397c6f8cb560feea9%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 2535146d5b7b4f7d829ef841
.yahoo.com/	1970-01-21 01:03:12	Name: A3 Value: d=AQABBIKGV2UCEDzcWqFUlmhOBKaewlSI3UAFEgEBAQHYWGVhZQAAAAAA_eMAAA&S=AQAAAspBK4guqgmuDuRIdxuQ7ww
.demdex.net/	1970-01-20 20:36:26	Name: demdex Value: 87535269916620393952480178000722206099
.skydeutschland.demdex.net/	1970-01-20 20:36:26	Name: skydeutschland Value: 87535269916620393952480178000722206099

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4105316393188386&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1700234881&rafmt=1&to=qs&pwprc=6733228914&format=1200x280&url=http%3A%2F%2Fwww.mop-veins.tk%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1700234881179&bpp=3&bdt=2512&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D12e0cad9f3864e3b%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_MYxNFcI1JNoQTVOtbPyotwN_jNZHQ&gpic=UID%3D00000cca5b2078ff%3AT%3D1700234879%3ART%3D1700234879%3AS%3DALNI_Ma1ewV4e8hi0vThQMWgEqEjqDeHrg&prev_fmts=728x90%2C0x0&nras=2&correlator=3231655308189&frm=20&pv=1&ga_vid=510651855.1700234879&ga_sid=1700234879&ga_hid=211620996&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1645&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44809003%2C31078301%2C31079756%2C44806141%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&psts=AOrYGslN9vhbgqqystL-JBszhJSo_3RvqqHEEXKvBI8oAOOI4lG_duWVZBWwSiWetR6lNNE719lEPX-3c_HPdMPs0jK9krAY&pvsid=2630715632995750&tmod=69430443&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=12 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 92) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ads.eu.criteo.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cat.nl3.eu.criteo.com
cdn.lamp.avct.cloud
cdn.track.production.webgains.team
chris.tauri.hu
cm.g.doubleclick.net
cms.quantserve.com
csm.eu.criteo.net
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900012.redintelligence.net
ib.adnxs.com
imageproxy.eu.criteo.net
m.exactag.com
m.mobilgo.eu
match.adsrvr.org
measure.lamp.avct.cloud
onetag-sys.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.adsafeprotected.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
region1.google-analytics.com
rtb.fr3.eu.criteo.com
s0.2mdn.net
skydeutschland.demdex.net
static.adsafeprotected.com
static.criteo.net
stats.g.doubleclick.net
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
us-u.openx.net
whos.amung.us
widgets.amung.us
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.mobilgo.eu
www.mop-veins.tk
104.18.36.155
13.32.99.48
13.42.237.35
142.250.185.98
142.250.74.194
144.76.91.199
145.239.193.130
15.197.193.217
178.250.1.6
178.250.1.9
18.132.19.32
18.154.63.65
18.66.147.41
185.111.89.216
185.89.210.212
193.201.190.54
2001:4860:4802:34::36
213.202.235.9
216.58.206.38
23.32.185.35
23.56.205.163
2600:9000:223f:2c00:8:48e:53c0:93a1
2606:4700:10::6816:4aab
2606:4700:10::6816:4bab
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c0b::9d
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:d::c
2a02:fa8:8806:20::2040
2a05:d018:d29:3605:92f3:67ff:ad62:4355
2a0b:4d07:101::1
3.231.201.88
34.242.172.171
34.98.64.218
51.89.9.252
52.17.134.215
52.29.179.202
79.172.215.131
88.198.250.30
94.130.102.164
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09a0dea85f2a01b11163408d91530120f90eb56f8b92de5dc25f33d240ddd100
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be0aca44bad073453d3f107123dc563fa9f6d92889d2ef3b2b2d27a6a643457
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0dfbca2c5c1a3e89e8ed72df35d86429221e717de4262d4492c89c0543cfd278
0e5c3f70d47b56302aeb2bce54f9dd48084b73c6dacf350a458cdc870f2c1d7b
0e7b619787c5f27ec0828279fed4ed941679e07bf566e32bb52ebdbc50cd6d10
13ea63c90cacf953e3eba54a5083eeae0a4ee8e1b67fedbd594e7f3128eaaa1f
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1a8271a93fa586241c7d02ebfcd59c9f375bc33a1f21308ef0db72bfe6ddcbd9
1ff39cab0ad3ca8bc174726bcf9c7ef2e1de32ce43d0f786dcc94062a747e3c0
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
257d56cac28bbfb0de9772f6f9159d145cf3dd565c6bde1a00a85514ba62370a
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
2701e6f4346aeb04ffb2c428bdd0b9fdbe4de4873e35fb50afe46b2420a0876e
281858841ba8344ce914ef30955d56ecab63f1a2fbb97660e86e9efa11557c2f
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2ca28888526316e78e39f4b63e65bba9dc9348b97051a5a1b7c77e84697b9225
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d7d8669a8504ad00daf6a398529f8828dcd7ff604ac1d1581d8d639ec8d4184
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
323e5af8a33b9e65da9de11179875c91d6f4db5cfc79e2e444d8a7d98b353400
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
35b9f4b08e55cfecb7af67ba47360c134997559204b3de7ccf81d3c3f4c19d68
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39577f73425d3a1bedb2e61901a6de0a4d0266a78947f6e6df6549e6a102e122
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
48a56b3b18390376e5d7a17a9126d573860e135a0c33cd7f0823978c5df01835
48ef1c63ec25d82163c8a88d2f67122d60715848092e0b34794189970dbe4f9a
4acd2a885abaf71baef00bebebe1414f623eb90349253e09cb5b04ea58ff9fd2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d0e6ea6c6b0c97f6cd2fcea5987369304f675bfb776a8c1e0db6f78d6d494bb
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
518d13d06f89e2d21ed1fb5d447089b92e5419c50f41aeee74040461e1fde281
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5859de66be1fc989c59aae1663ae698c1eb4ceb2793d0452a8c93603ecc725f6
5ab127fa9650a6bef6d6a2a0111e8d24556901149002547fad11da0ec55f6d60
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
6330e7f7120aed7b1686b171f6ce73e162e91e8fa6e4787a4c11925a96d819d5
6b2d9cdcfdf0ca4d3a16b10497131ec1dd50acf075386cc576d3c690394f4363
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b
77ca6322ae9d07efe17882c04469a2a69629aa48496de240b8a868ee0ca869ac
78b3955452d6cb84e05b3357cc723faeff4f28b1d5f0b8856a3981f489ab5a9a
7954fe9614832a5c8356adb849ba452f10b14a1a7b84daa41aaca52207b04a84
7a14d925b35bb3035cc21f39d7f34f8d83e5b1b2ad0bdc965d9d5e2ff7922fae
7f1b3cca7fa2290220455dd66dc432ad36b81656375699c8cbf2e48f7f724c65
88d6d52950d15f2aa22a87b2d1619376104b083f75ff02fe9461ff6d8cf9e04a
8a30710606df0e96a6fed5ef1b8d243058e3e2adeddb6edf2d5ee1c2cf755e98
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
92fdcadbf224bfe461644696c1eeaceb184b9906bfbe08a47a388680939df0e9
97ce93d1133eaad74cd8663e5b4d2a0371fb3e1953c0a8035ebbbb993239a9e3
98d6ccddc99d3b8fe3a6f75ea01ec68a6bfcef5e4442e8e54682577b5ae2974c
993b27f420c9927f68ed5023acd39625568458745e2ce23c7ddafcde66cd3e29
9a6ca90cfd38a578bcd19e8a64f55346b8c39ab70e38bbb614829ccd6d980584
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c991bd785f4ab396919fb62908a96434d7c8547845fc634488a41b588e1acc9
9f17206c06c3f260ff0a492af2db6b94597a4912e269039691e403402f96b256
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1ddb4baeb81e218f32cd1f0ce079d01388b05547d25a6d734f2bb4598d8414e
a2bb12e88266c40aa8e4b1b0cd7204b23f0bbd8e8b4eabb96806116b590949cb
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
aa5e817a4e28ad3e7850b95fab8652162fc7c40d98abc066fc5da93f905950ba
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab2c27889eec3d69ff8602f31bf09e8731433d920ac37b5b825ec0281542bd0a
abdeff3f6b80e43233abe7678ac77ae09b4e04abbc10ad9cae8f472b8c12d151
ae021a8d6f0b6e068a252d9c857ecc70cd9c9c6202803d1be959da9008da3fca
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6c33c2d2ec8694c31a5df76f22dea27584eb4086718646d43f06109bfebb8e8
b6e107b39f7e40f831c879508286d8f4d339964be70bc8156ae3ea7183ba581e
b7554cdbb96fd76ab5e8c40547dd05f31d0f20a6c13d396b2a78fcc69d1d95ec
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc86db442d52bb08d80ba6967bc1f08ed7d6d954e374291ad19b8dd1a8bed27e
bd5af22b0724902da6ceb31665e1822817b88f1f6cbe14c405285a73a789c3d7
bda5aba191e5dc24473aa8b36c989c8a29dc98e0cc87c1672007dc7c7dc3ba09
bef44be22e912609c2a12ecf0973ef533e3fedfbafd55e07ba63692fdf46dad5
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
c1f01c392b1780cd46d0704b1c0c3bac211d676d12855ecd078d96adf2bf9c30
c3c6c07a63f714d29412e5d3065c9e9e231b2d392124f12ae9c320cf930c68ac
c7bf60218c281806f89bb35e18db19b4e336f69162c27ec36f81ad71d5f85487
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ccee6837d46551a4d53673620420c14ebcad6eecd6b5d01b21e2358221e6fc49
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d288569d31c44c2b5bf3971e7c4acab9d27401efb7212afa97b10e3e3ccbffab
d3749ca2ee6ed51d8da45099c81a6a031deadac7de7ea1d595bc54b74ca6dc6c
d921015568f0a3b71ce30f6efad2fe3cfcdeaa9c17a683946e13d0924748da94
da18849e09ca7517671f0244bad6aff6299f6c320ea5b37213e76963ffeddf0e
da1cb0997e6d8ffb09444eaea9dce0e1d1d91507f629df1af30e0e8e2b3592f6
daad809833438a83d44f2f36fc2f329367f14da0713064bcca1e52e203e2cd7f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e06aeed928d4fe80ee8216e2a2693016c54cea21ac4d6178a09af010c44ecf7c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd132cfce7d9d864685ea940ae50de5728a453a53406fc72f668d6ed2d81b93
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
f7a4996b722e3031114d989afde25a177621b5d92fa1d1b981645d789b7bbe4c
f8daf24eebca0055cddbe70db00a77f4efe746a38af5f88e0d90c8d6a3fc3a4b
f94889f70475955a7e6eceda16ef4ad33870a5b968fb90f6a2bdd1debf7249d9
fc4bfbf142883b5334abb3b52022b6c7ec26b992870367da8d786960723ad9e6

www.mop-veins.tk Open in urlscan Pro 185.111.89.216 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

266 Requests

87 %HTTPS

46 %IPv6

37 Domains

55 Subdomains

51 IPs

10 Countries

4359 kBTransfer

10138 kBSize

31 Cookies

0 Outgoing links

Redirected requests

266 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mop-veins.tk Open in urlscan Pro
185.111.89.216 Public Scan

Screenshot
Live screenshot

Full Image

266
Requests

87 %
HTTPS

46 %
IPv6

37
Domains

55
Subdomains

51
IPs

10
Countries

4359 kB
Transfer

10138 kB
Size

31
Cookies

266 HTTP transactions
6 data transactions