xn--mgbg7b3bdcu.net Open in urlscan Pro Puny
معلومات.net IDN
92.205.13.122 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://xn--mgbg7b3bdcu.net/
Submission Tags: falconsandbox
Submission: On April 29 via api (April 29th 2021, 2:54:41 am UTC) from US

Summary HTTP 186 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 39 IPs in 8 countries across 33 domains to perform 186 HTTP transactions. The main IP is 92.205.13.122, located in Strasbourg, France and belongs to GODADDY-SXB, DE. The main domain is xn--mgbg7b3bdcu.net.

This is the only time xn--mgbg7b3bdcu.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	92.205.13.122 92.205.13.122	21499 (GODADDY-SXB) (GODADDY-SXB)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00:28b::3b8d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:36::15	15169 (GOOGLE) (GOOGLE)
5	95.142.20.17 95.142.20.17	20645 (PUREPEAK-ASN) (PUREPEAK-ASN)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:290::3b8f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::3b8f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
29	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
22	104.19.134.78 104.19.134.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 6	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	85.114.131.233 85.114.131.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2 2	52.28.108.245 52.28.108.245	16509 (AMAZON-02) (AMAZON-02)
21	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
3 3	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	54.149.211.134 54.149.211.134	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.85.15.23 185.85.15.23	200107 (KL-EXT) (KL-EXT)
1 1	63.33.127.66 63.33.127.66	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:8b5:c204:7431:3191	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
186	39

13 92.205.13.122 (Strasbourg, France)

ASN21499 (GODADDY-SXB, DE)
PTR: ip-92-205-13-122.ip.secureserver.net

xn--mgbg7b3bdcu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:28b::3b8d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

widget.postquare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::15 (United States)

ASN15169 (GOOGLE, US)

g792337340.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 95.142.20.17 (Israel)

ASN20645 (PUREPEAK-ASN, IL)
PTR: ip-95-142-20-17.purepeak.com

recs.engageya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:290::3b8f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

widget.engageya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:6c00:2a0::3b8f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

images9.engageya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.133.58 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 104.19.134.78 (United States)

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 138.201.63.117 (Ketsch, Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad3.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.131.233 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21037.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.108.245 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-108-245.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.149.211.134 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-149-211-134.us-west-2.compute.amazonaws.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.23 (Russian Federation)

ASN200107 (KL-EXT, RU)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.127.66 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-127-66.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:8b5:c204:7431:3191 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	508 KB
36	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	111 KB
22	mgid.com s-img.mgid.com	311 KB
17	engageya.com recs.engageya.com widget.engageya.com images9.engageya.com	182 KB
13	xn--mgbg7b3bdcu.net xn--mgbg7b3bdcu.net	149 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	189 KB
7	google.com 1 redirects adservice.google.com www.google.com	1 KB
6	ad-srv.net 2 redirects ad.ad-srv.net ad3.ad-srv.net	9 KB
6	googletagservices.com www.googletagservices.com	204 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com	4 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	3 KB
4	googleapis.com fonts.googleapis.com	2 KB
4	mathtag.com tags.mathtag.com pixel.mathtag.com	4 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	openx.net 3 redirects rtb.openx.net	992 B
3	quantserve.com 2 redirects cms.quantserve.com	1 KB
3	criteo.com bidder.criteo.com gum.criteo.com	446 B
3	criteo.net static.criteo.net	38 KB
3	google.de adservice.google.de www.google.de	1 KB
2	awin1.com 1 redirects www.awin1.com	1 KB
2	addthis.com 2 redirects e.dlx.addthis.com	2 KB
2	rlcdn.com 2 redirects id.rlcdn.com	886 B
2	agkn.com 2 redirects d.agkn.com	1 KB
2	contentspread.net cdn.contentspread.net	2 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	postquare.com widget.postquare.com	27 KB
1	innovid.com ag.innovid.com	296 B
1	everesttech.net 1 redirects pixel.everesttech.net	376 B
1	kaspersky.com media.kaspersky.com	26 KB
1	mookie1.com odr.mookie1.com	324 B
1	googleadservices.com partner.googleadservices.com	646 B
1	g792337340.co g792337340.co	416 B
1	googletagmanager.com www.googletagmanager.com	35 KB
186	33

	Domain	Requested by
29	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com xn--mgbg7b3bdcu.net pagead2.googlesyndication.com
22	s-img.mgid.com	xn--mgbg7b3bdcu.net
21	cm.g.doubleclick.net	xn--mgbg7b3bdcu.net googleads.g.doubleclick.net
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com xn--mgbg7b3bdcu.net googleads.g.doubleclick.net
13	xn--mgbg7b3bdcu.net	xn--mgbg7b3bdcu.net
11	images9.engageya.com	xn--mgbg7b3bdcu.net
11	pagead2.googlesyndication.com	xn--mgbg7b3bdcu.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
8	fonts.gstatic.com	fonts.googleapis.com
6	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	www.google.com	1 redirects xn--mgbg7b3bdcu.net googleads.g.doubleclick.net tpc.googlesyndication.com
5	recs.engageya.com	widget.postquare.com
4	ssum-sec.casalemedia.com	4 redirects
4	image6.pubmatic.com	4 redirects
4	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
4	ad.ad-srv.net	2 redirects xn--mgbg7b3bdcu.net ad.ad-srv.net
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	3 redirects
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
3	tags.mathtag.com	googleads.g.doubleclick.net
3	static.criteo.net	widget.engageya.com xn--mgbg7b3bdcu.net
2	www.awin1.com	1 redirects ad.ad-srv.net
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	2 redirects
2	d.agkn.com	2 redirects
2	cdn.contentspread.net	ad.ad-srv.net
2	ad3.ad-srv.net	ad.ad-srv.net
2	bidder.criteo.com	static.criteo.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	widget.postquare.com	xn--mgbg7b3bdcu.net
1	gum.criteo.com	static.criteo.net
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	media.kaspersky.com	ad.ad-srv.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pixel.mathtag.com	googleads.g.doubleclick.net
1	widget.engageya.com	widget.postquare.com
1	www.google.de	xn--mgbg7b3bdcu.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	g792337340.co	xn--mgbg7b3bdcu.net
1	www.googletagmanager.com	xn--mgbg7b3bdcu.net
186	44

This site contains links to these domains. Also see Links.

Domain
thechleads.pro
gecko.me
www.mgid.com
www.q2amarket.com
www.question2answer.org
almall.store

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
g792337340.co GTS CA 1D4	`2021-04-28` - `2021-07-27`	3 months	crt.sh
*.engageya.com Go Daddy Secure Certificate Authority - G2	`2020-08-10` - `2022-11-06`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
ad-srv.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
contentspread.net R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-23` - `2022-04-28`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh

This page contains 23 frames:

Primary Page: http://xn--mgbg7b3bdcu.net/
Frame ID: 5094FC6AFDD66C32779CE3EAFD1A171E
Requests: 77 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210426/r20190131/zrt_lookup.html
Frame ID: 09368CF11F0636F7A153F60A0342C7C0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
Frame ID: 2266BB467028E5E39A647001D6F295A9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78
Frame ID: 89E34258D0881568693E3011A9983A96
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&adk=1812271804&adf=3025194257&lmt=1619664862&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&ea=0&flash=0&pra=7&wgl=1&dt=1619664862085&bpp=1&bdt=236&idt=79&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90%2C1024x90&nras=1&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&dtd=84
Frame ID: CD988E414748435A216A1E9F2CAA73E1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17
Frame ID: 5321FD546776A3ABCE81535E1A97DB33
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=774654709&adf=2742576309&pi=t.aa~a.262088325~rp.4&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=748x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280&nras=3&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=2103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=NZ3I63OpKG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=20
Frame ID: A8DBA5B19C81FFA7AACE70D83045FE50
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.2185563714~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=417&idt=1&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280%2C748x280&nras=4&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4728&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=t6q5tJcs3n&p=http%3A//xn--mgbg7b3bdcu.net&dtd=23
Frame ID: DAE1284D48435E6A39D1B2C671A0D630
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CWXIW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBMoBT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxFENF5DqCXTpboGMg2PwWbDBjYAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAbIXGAoWEhRwdWItNzEwMzc4MTEzMzk5NTY0NQ&sigh=VSCc9MVqSts&tpd=AGWhJmsHV17ZzRlkZKpumlhquJwXX39Kl7la54etGD875ozU04sxEBewSIkjMoN5y6R9VySiTanDW2Vd7DeopLzmgsvdhMDjFZHOwKyUcG83I20J2BhQQoj1b6jYrH26o5GS4bIgDd_86FKLHPhGONXIaNkqTRjQDNUBRhjKHr3TA7TLPI1Xni3s1Xe_pLNmzPyCrRqHKICXoRX5QB3feZY04YmAIpwLzINZVqDDyiyWVsxoDCAoFhlgqyvdA0oVAxr1_I0hGIS-7IWs_kgNa3FQmPKPayFEEYspK9wXcy6PHQgq_ZBZVQgQf4f-HqYNd1arP94ZQZPhiu6MepZ0YzBUJrBHTINpty3pYAQ2nGuhy7wIiPOtdkeJ0_SpQYenOeHth5qy7MJuxlYnvepuoE71pYydFLJ2xZqV9HEd_l88WPU0A7KLbSt43JYvZ0oYxMJfm9mB8xDSk-UGdUlh-zsSGciRTkscdJc_57I3nhOqtxqmvidyruFSxPKmMbe896fjbstZX4GZ79UZII94yPMnXj8cy9kayW3uzrTgIGncDAYqUIv94kQW1rvws5QayVyY0KqpY7zaredeCohMXJVV69zSBziFO0_t4QpXAUX6f5ID9leyaRSIhCR6y2Pxx8dQnZLd7U71sNSx90NfHqlzX4lJFouaBa_Ij95iRunR6Kfve2r4Efi7ENYce1To7kYPpsa90gBUmNv8sl8uEO9FvkTKjcgS3X-BGvZzJx_sb_ENLjJoaVlX3EkXkrOzKPmExBkDYS85T-rKzQKr5SagovnIMdCqR8GGrzZValcoQjGc0F4hn6gQF8cpMW2ZCfYkKdLKhB5BiDGbP7LLWkWI59Ypg4VG513Aaf2BMDUdCqjy6XUecxUvjfDb6jH8fP_6VV4EgXN_iNSWFMrz2YIuvQfcfHl5EjqgRM12KmfPEZJh877qd4iAGVfF9EUUGRM8ejQjJTdEksEUtn_ed9s5uK0Y4bWCxKgBtSIcU0h6BZdJ9Y9IJ8555yfn-zBiO-H0-blUe3Dl7S3TJqcnbPXOgdWZaOqPvg
Frame ID: 28FD1432D91DF04123C6AC14724473B4
Requests: 9 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Frame ID: 829A5969F8EF496E8EFC12A2E1F65DDB
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html
Frame ID: 4CA1728EFB69919D0F4C3D27819D9390
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 25014E6DE5A0751A61FCA47E157A0B3F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 990FDAA29DA0E7EE125AA6AC76C9B0EA
Requests: 9 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1
Frame ID: 7A48B1D2029996E11573B7D5344077CA
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js
Frame ID: E9BCBDB39BF92925BA151559FF7FC75C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3B2CA570CB7C0C8C3507B0BCF5F59E97
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js
Frame ID: 93AAE256B601E247A12A49779EB931BE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 56606EECDD90533398050D56136E6FF9
Requests: 9 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=1&pref1=59283500015636301649445011579003
Frame ID: F46A387705EA52266E60A711AED9D3CA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js
Frame ID: 982B6BFADF561643AB5A32DD605E2107
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=xn--mgbg7b3bdcu.net
Frame ID: 8F049927C56E7B27F07E688001993428
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: F57763D2ABDB741B1A4C77E334DEF763
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6CBB6AEDEC315BE802B23A4678575016
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

186
Requests

73 %
HTTPS

54 %
IPv6

33
Domains

44
Subdomains

39
IPs

8
Countries

1819 kB
Transfer

3467 kB
Size

12
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://thechleads.pro/click.php?key=qa929mx314tzhrcoa0hn&eng_click=[eng_click]&widget_id=[eng_website_id]&teaser_id=[eng_post_id]&utm_source=EngageYA
Title: قم بهذه المهمة مرة في اليوم وابدأ في جني 200 دولار كل 20 دقيقة!Bitcoin UP

Search URL Search Domain Scan URL

URL: http://gecko.me/
Title: Recommended by

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164883/i/89061/0/src/211048/pp/1/1?h=inp86CcRFRdJu7Yr4Ec9p7Yx4juPJ2GpQRX95c0Pi3qUNDuBTk_uGsdCi2TlBcQC&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: A Mental Health Chatbot Which Helps People With Depression

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193504/i/89061/0/src/211048/pp/2/1?h=inp86CcRFRdJu7Yr4Ec9pw1x3V7E71Lfo5VyVQDxu-1Rnn1ieQyyu9scnwJ7JgIR&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 15 Countries Where Men Have Difficulties Finding A Wife

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164865/i/89061/0/src/211048/pp/3/1?h=inp86CcRFRdJu7Yr4Ec9p84Ci86_55JE9KrMgqxQGOJKbkFEdVH0c3ztXDWuRWph&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: He Is Totally In Love With You If He Does These 7 Things

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193534/i/89061/0/src/211048/pp/4/1?h=inp86CcRFRdJu7Yr4Ec9p1X967bNB8STswg2i40CmHZ6ZAz1uH0p4pEQpwQfbeGD&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 10 Brutally Honest Reasons Why You’re Still Single

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193501/i/89061/0/src/211048/pp/5/1?h=inp86CcRFRdJu7Yr4Ec9pz0Xne_6Gv6iNQfn4yahTulI_GRoaSKwbnivpBHlHgcW&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 6 Strong Female TV Characters Who Deserve To Have A Spinoff

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164912/i/89061/0/src/211048/pp/6/1?h=inp86CcRFRdJu7Yr4Ec9p_-3fauuz0d2jnh5XRrX9WC1Q78mqrqgbi_Hpobr_pFg&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 7 Most Startling Movie Moments We Didn't Realize Were Insensitive

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164901/i/89061/0/src/211048/pp/7/1?h=inp86CcRFRdJu7Yr4Ec9p1tUy3wsE9RCTcPTURjAcTuUk7rBB7AdEkqBCW8qKoAh&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: The Most Heartwarming Moments Between Father And Daughter

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164860/i/89061/0/src/211048/pp/8/1?h=inp86CcRFRdJu7Yr4Ec9p_gRe2fIv9TFTK9MzJwxq1S1lZDHBna3U5Ji1jpKEN1U&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 10 Of The Most Notorious Female Spies In History

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164911/i/89061/0/src/211048/pp/9/1?h=inp86CcRFRdJu7Yr4Ec9p6sxyigZhgYG5BcwhaSTKPwf2MbCgg-NtCjAk_ZSMV_3&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: Want To Seriously Cut On Sugar? You Need To Know A Few Tricks

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164891/i/89061/0/src/211048/pp/10/1?h=inp86CcRFRdJu7Yr4Ec9p4AgonoZSFoI-4j61smjJh-flrjn7jnE8Ty_2jHGDqRY&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: Everything You Need To Know About This Two-Hour Procedure

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164875/i/89061/0/src/211048/pp/11/1?h=inp86CcRFRdJu7Yr4Ec9p4fEFiY96Z7CYbRr4gc-YUcESJYgGuxXbrp5FSqdPJM4&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 8 Yoga Poses To Overcome Stress And Anxiety

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164899/i/89061/0/src/211048/pp/12/1?h=inp86CcRFRdJu7Yr4Ec9p4W0wfut2nhW_8Jpy_iXQwQ1nhovab7FHUa9sLS_R3kt&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: How To Lose Weight & Burn Fat While You Sleep

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193507/i/89061/0/src/211048/pp/13/1?h=inp86CcRFRdJu7Yr4Ec9p1UBH01C31FJqVGheBJHG9u7q6XqEEXeB5kg3rfJjEyg&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 10 Sweet Things Every Guy Wants To Hear From The Woman He Loves

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193525/i/89061/0/src/211048/pp/14/1?h=inp86CcRFRdJu7Yr4Ec9p8mwqdUSc87DV7Vtz2HJnnogT2VO_XfCkbjgmKdsLU--&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 8 Easy Exotic Meals Anyone Can Make

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193526/i/89061/0/src/211048/pp/15/1?h=inp86CcRFRdJu7Yr4Ec9p1zdJqmmly8lJ1LxYVtnKWPrnLGzn3bR1WdNgVofJhsi&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 9 Of The Best Family Friendly Dog Breeds

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164853/i/89061/0/src/211048/pp/16/1?h=inp86CcRFRdJu7Yr4Ec9p-uw5clfOvwrdyUNMwwVvFinKoAibO39-GDyXeMfvG1c&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: What’s Your Zodiac Flower Sign?

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193514/i/89061/0/src/211048/pp/17/1?h=inp86CcRFRdJu7Yr4Ec9p_wQwD-zMuDy2EzB2Gwd0780VdtEH46qu3GzoHjGOqyB&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: Tips From A Professional Stylist On How To Look Stunning In 2020

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164889/i/89061/0/src/211048/pp/18/1?h=inp86CcRFRdJu7Yr4Ec9pwUk38bJV9gC056dHLVLWx6Yvm1exAgumUlCDQk_wTI6&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: These Are 15 Great Style Tips From Asian Women

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193535/i/89061/0/src/211048/pp/19/1?h=inp86CcRFRdJu7Yr4Ec9px558kPsvz8uwC5-9aqFDlNCYBKkf_Y9k1cBVIBCoDiD&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: 12 Most Breathtaking Trends In Fashion History

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164914/i/89061/0/src/211048/pp/20/1?h=inp86CcRFRdJu7Yr4Ec9p6Uz24_BUShDSbeZaqV3gOApga6mwvkRtMFQOz31lBS4&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: Finding The Right Type Of Workout For You According Astrology

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8164857/i/89061/0/src/211048/pp/21/1?h=inp86CcRFRdJu7Yr4Ec9p4blyRsoq8ZBetpJv0SV0S9VrwumwtnPwA36n7vkEJUA&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: Is It Bad To Give Your Boyfriend An Ultimatum?

Search URL Search Domain Scan URL

URL: http://www.mgid.com/ghits/8193490/i/89061/0/src/211048/pp/22/1?h=inp86CcRFRdJu7Yr4Ec9p0vGH0TQOCWTgQDFtKXe8-8toNNyUoi0g5J1Sf08AFOE&rid=332a22f5-a896-11eb-829c-e4434b374cb2&tt=Direct&pubsrcid=211048&ct=1
Title: Does Giving Ultimatums In A Relationship Ever Work Out?

Search URL Search Domain Scan URL

URL: http://www.q2amarket.com/
Title: Q2A Market

Search URL Search Domain Scan URL

URL: http://www.question2answer.org/
Title: Question2Answer

Search URL Search Domain Scan URL

URL: https://almall.store/
Title: دليل المتاجر السعودية

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net HTTP 302
https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1

Request Chain 114

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 118

https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1

Request Chain 122

https://d.agkn.com/pixel/2175/?google_gid=CAESEK-v_yhcLQF4YT8IAj2sXgQ&google_cver=1&google_push=AQvitUJY1B58_ECUV7jCjB61CfwiCygVBnlSRX89_ZiIxy-zvliGh_K6i5oDUqDK7Tjx0G3nx-ZnLe8qjsnZLTmSBi0oDfCnnw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJY1B58_ECUV7jCjB61CfwiCygVBnlSRX89_ZiIxy-zvliGh_K6i5oDUqDK7Tjx0G3nx-ZnLe8qjsnZLTmSBi0oDfCnnw&google_hm=Q0FFU0VLLXZfeWhjTFFGNFlUOElBajJzWGdR

Request Chain 124

https://rtb.openx.net/sync/dds?google_gid=CAESEPvpiq_J-cIkPpOo2dSkyVM&google_cver=1&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEPvpiq_J-cIkPpOo2dSkyVM&google_cver=1&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs&google_hm=x2TFuJmCw6ohvkTPy_tM2A==

Request Chain 125

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHNTo7YE8ArKmdg5XnsmZj8&google_cver=1&google_push=AQvitULLtx6YSHss61e2TQmNq94VAa6ZjDQrLKaECDtUSzM341DwEPpenTiwbbSuptg4duWZOcz5axmoBmhxVUai09IqyqXpxGQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHNTo7YE8ArKmdg5XnsmZj8&google_cver=1&google_push=AQvitULLtx6YSHss61e2TQmNq94VAa6ZjDQrLKaECDtUSzM341DwEPpenTiwbbSuptg4duWZOcz5axmoBmhxVUai09IqyqXpxGQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULLtx6YSHss61e2TQmNq94VAa6ZjDQrLKaECDtUSzM341DwEPpenTiwbbSuptg4duWZOcz5axmoBmhxVUai09IqyqXpxGQ

Request Chain 126

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDGcVXV8jBmD8DfTPBB40xI&google_cver=1&google_push=AQvitUIve4uqM30Ai4ISn93jFHIJUyuz-qTvXa4AMZqd_2NwsVSPeXXIcacVDVEu_MtXKgLKALrh_2r6qK38foMbh1p7rZnJCkE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySEEtTy1MWU4=&google_push=AQvitUIve4uqM30Ai4ISn93jFHIJUyuz-qTvXa4AMZqd_2NwsVSPeXXIcacVDVEu_MtXKgLKALrh_2r6qK38foMbh1p7rZnJCkE

Request Chain 127

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ&google_cver=1&google_push=AQvitUKKfkpbmBznRdlJ9lWAZkwwvrdO0lsv0dBN7h5n9HgR_eWlOF1rk9Z-XbqS1mjT3O7TQibN_ERdic5GEAgZUarWwhNPeA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ&google_cver=1&google_push=AQvitUKKfkpbmBznRdlJ9lWAZkwwvrdO0lsv0dBN7h5n9HgR_eWlOF1rk9Z-XbqS1mjT3O7TQibN_ERdic5GEAgZUarWwhNPeA&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUKKfkpbmBznRdlJ9lWAZkwwvrdO0lsv0dBN7h5n9HgR_eWlOF1rk9Z-XbqS1mjT3O7TQibN_ERdic5GEAgZUarWwhNPeA&google_cver=1&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ

Request Chain 161

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF3vZLUTFwHHPb31F4OFOys&google_cver=1&google_push=AQvitUKqaprc_RoOHMUmeKpBsRbbLj0nPlF7eCqD3cVxdwuuh7I94eUeXQFfGxvGQVJSASpDlrJ5vpvKr60x-Ypv73srGATO620h8w HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKqaprc_RoOHMUmeKpBsRbbLj0nPlF7eCqD3cVxdwuuh7I94eUeXQFfGxvGQVJSASpDlrJ5vpvKr60x-Ypv73srGATO620h8w&google_hm=pkZ2rAt_gd7M_urjx_noPw

Request Chain 162

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUJERmNOq2bqlHS6Ljsa5gmCeNSM5BWBLWBuV_d_3Cwv3gsIZYOkuJCq8TBV3ew0DZ539_4_bgLwNmr9_lkWAmO2sb691kX1&google_gid=CAESEJD5WHvtKnuY37x7CUPlGeU&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCN6_qIQGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BUXZpdFVKRVJtTk9xMmJxbEhTNkxqc2E1Z21DZU5TTTVCV0JMV0J1Vl9kXzNDd3YzZ3NJWllPa3VKQ3E4VEJWM2V3MERaNTM5XzRfYmdMd05tcjlfbGtXQW1PMnNiNjkxa1gx HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWGh6bDRVVThGUldFUXJpNHl4Y1pmTzV0Z3l3YjhLR05XQldXb2dxbXFTNA==&google_push

Request Chain 163

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKH7tdVlV9-WKrdotUJs-CV1ccMmYZ1Ak5qMTCQN5KeaOjsxp21oDxSn1hK_sxOZLu3I9Tf0se0HYWXl3LuQff6_9ajDQ50Pw&google_gid=CAESEN_r9N3MNkJmLhkHIkdSSJg&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKH7tdVlV9-WKrdotUJs-CV1ccMmYZ1Ak5qMTCQN5KeaOjsxp21oDxSn1hK_sxOZLu3I9Tf0se0HYWXl3LuQff6_9ajDQ50Pw&google_gid=CAESEN_r9N3MNkJmLhkHIkdSSJg&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MjkwMjU0MjM2OTk4NzE2NTMyNTY1NA%3D%3D&google_push=AQvitUKH7tdVlV9-WKrdotUJs-CV1ccMmYZ1Ak5qMTCQN5KeaOjsxp21oDxSn1hK_sxOZLu3I9Tf0se0HYWXl3LuQff6_9ajDQ50Pw

Request Chain 164

https://rtb.openx.net/sync/dds?google_gid=CAESEKYnk8xEeLEQJ65JRF-2aSQ&google_cver=1&google_push=AQvitUJrDJBjRKyy665V0zHlMfsDsK28isrVCS-hDyPcfHXLrhxSPo4UR5NCnkYm-YAXWKoeeHebqiiUcgyQRZBhv0F9-cHQmaPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJrDJBjRKyy665V0zHlMfsDsK28isrVCS-hDyPcfHXLrhxSPo4UR5NCnkYm-YAXWKoeeHebqiiUcgyQRZBhv0F9-cHQmaPw&google_hm=x2TFuJmCw6ohvkTPy_tM2A==

Request Chain 165

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKAdgeDfcFwCXbvN0BesBkU&google_cver=1&google_push=AQvitULe2x_9T_eeVYV4OjZSlI1ZYtqcl88avBoz1wv4Gk7ewo8CE-CR10l3EVkjXWG-2kvkycC7ntUC_sndZ1tDCZ3k9StL4rPSVA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULe2x_9T_eeVYV4OjZSlI1ZYtqcl88avBoz1wv4Gk7ewo8CE-CR10l3EVkjXWG-2kvkycC7ntUC_sndZ1tDCZ3k9StL4rPSVA

Request Chain 166

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHjc3Swokbs8MncZ_CqtysE&google_cver=1&google_push=AQvitUKxDgCL9bv4t5tlAGL1d0CmCgeo7Gxhdn07NyTPXn-FVDc3B8A-Q4yL1dN61jSH1F5vgRaG5z8dIaHHlL4cgFdpuwrplSVr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySzMtMjYtMVFIRw==&google_push=AQvitUKxDgCL9bv4t5tlAGL1d0CmCgeo7Gxhdn07NyTPXn-FVDc3B8A-Q4yL1dN61jSH1F5vgRaG5z8dIaHHlL4cgFdpuwrplSVr

Request Chain 167

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDxHTeuWy35tC2cN0fKH7RQ&google_cver=1&google_push=AQvitUIWmFGyMQ1NN5hCss3HV1C44fYxZ7WncrVZUd1VPvMixhGs3qz-pBRJH3mCl3Z_zlTltQ9ndkyVbVd0XNz91LFE8lmG7G3X1w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_gid=CAESEDxHTeuWy35tC2cN0fKH7RQ&google_push=AQvitUIWmFGyMQ1NN5hCss3HV1C44fYxZ7WncrVZUd1VPvMixhGs3qz-pBRJH3mCl3Z_zlTltQ9ndkyVbVd0XNz91LFE8lmG7G3X1w&google_cver=1

Request Chain 174

https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=0&pref1=59283500015636301649445011579003 HTTP 302
https://media.kaspersky.com/de/affiliates/kl_kis_728x90px.gif

Request Chain 179

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF96shKLfd5O8cw8QhcpSP4&google_cver=1&google_push=AQvitUJKpyODB5gLIoWqemhUNIWAYBE7tcyaMR8bDWmuE7ADZE31DIkMFJlBatU7ySy5F5gVM0z0UkTPuFFKaco-cZGphPqr6fc_ HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJKpyODB5gLIoWqemhUNIWAYBE7tcyaMR8bDWmuE7ADZE31DIkMFJlBatU7ySy5F5gVM0z0UkTPuFFKaco-cZGphPqr6fc_&google_hm=pkZ2rAt_gd7M_urjx_noPw

Request Chain 180

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitULMtIX4Ru9FLyn63Bj1OMk0IJbnmAsfjebDSMzfR1lCkcAXFt_zFO-6VUGOVUwL7mrpJmZU_t5Wyka4UI7r0fQ8ZW8rJVtV&google_gid=CAESECL9mMmX3qWekQ2deQjdT9M&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUlvZjN3QUFCTXR4OGw4Rw&google_push=AQvitULMtIX4Ru9FLyn63Bj1OMk0IJbnmAsfjebDSMzfR1lCkcAXFt_zFO-6VUGOVUwL7mrpJmZU_t5Wyka4UI7r0fQ8ZW8rJVtV

Request Chain 181

https://d.agkn.com/pixel/2175/?google_gid=CAESEJHq_FtDwH8aDr9q3qF6Qew&google_cver=1&google_push=AQvitULWcOHqgR8HMLJH2F59thb0AogxXBPoV6smHtJOpN1B6tcJaOPi3pKpVHGGHAfRzcgAfmvYfs5OJoH-h7hQHAELXNa6BDE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULWcOHqgR8HMLJH2F59thb0AogxXBPoV6smHtJOpN1B6tcJaOPi3pKpVHGGHAfRzcgAfmvYfs5OJoH-h7hQHAELXNa6BDE&google_hm=Q0FFU0VKSHFfRnREd0g4YURyOXEzcUY2UWV3

Request Chain 182

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEANjS-906GgSOUiKVSccm6s&google_cver=1&google_push=AQvitUJBnkqZuUtxjq9JWfhiv4-BLWbRQbbcWJvrWe0DFTQWsC5PW407oirO5tVABzCqpKnX416fVoIdaOkSdkR9AHDGCWW9Wnq5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJBnkqZuUtxjq9JWfhiv4-BLWbRQbbcWJvrWe0DFTQWsC5PW407oirO5tVABzCqpKnX416fVoIdaOkSdkR9AHDGCWW9Wnq5

Request Chain 183

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBuor7xF1XWbADIcI4CtL2Q&google_cver=1&google_push=AQvitUIlKuCBjPQZVNzuK93ClatyWEzooAA8zX4IxAMEXrzKnM-waXZlg0GUZDHAPumqFEvnPrN5O9kO12ZvEyn-0bTr4nbm_O8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4yTjQtNS00VUxW&google_push=AQvitUIlKuCBjPQZVNzuK93ClatyWEzooAA8zX4IxAMEXrzKnM-waXZlg0GUZDHAPumqFEvnPrN5O9kO12ZvEyn-0bTr4nbm_O8

Request Chain 184

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBSnp4AJE0Jc2rXgprxPXw8&google_cver=1&google_push=AQvitUJwLwh7Zz03-QofooNkOf0N5aibZkW_QiFtYLxKYGo9TjgbEhhueqF-iWalnwvWQ2QNnmWdW_fRfa4UiN3OnDVt4pvVYutS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUJwLwh7Zz03-QofooNkOf0N5aibZkW_QiFtYLxKYGo9TjgbEhhueqF-iWalnwvWQ2QNnmWdW_fRfa4UiN3OnDVt4pvVYutS&google_cver=1&google_gid=CAESEBSnp4AJE0Jc2rXgprxPXw8

186 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
xn--mgbg7b3bdcu.net/ 85 KB
10 KB 103ms
81ms Document
text/html 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache / PHP/7.3.23
Resource Hash: af3bf9a23a0c8be21382fb5d8ff05b10f402679d6374c4410772ac0dfc76ce93

Request headers

Host: xn--mgbg7b3bdcu.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Server: Apache
X-Powered-By: PHP/7.3.23
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; path=/ qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c; expires=Sat, 01-May-2021 02:54:21 GMT; Max-Age=172800; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 9604
Keep-Alive: timeout=5
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK qa-styles.css
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/ 70 KB
12 KB 36ms
27ms Stylesheet
text/css 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: b813b0dc2bc80e9bfd7a8e0c604ae81d21e375e3a01f6e183804f9d3e97f0f17

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jul 2020 00:01:16 GMT
Server: Apache
ETag: "4015e6-1169a-5aa83bd3ecb00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 11784

GET
H/1.1 200
OK qa-styles-rtl.css
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/ 7 KB
2 KB 52ms
37ms Stylesheet
text/css 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles-rtl.css?1.8.5
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 67d60e82e0290b540551880e0317d1950a2b317c4858d2214a11342f9b036785

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jul 2020 00:01:16 GMT
Server: Apache
ETag: "4015e5-1d5a-5aa83bd3ecb00-gzip"
Vary: Accept-Encoding,User-Agent
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=5
Content-Length: 1704

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-118003504-2

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d2670f2fe3b29d8d3ff053b91b09b393dcc783bc3e42baeb54606072695755a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35794
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 00:34:39 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Apr 2021 02:54:21 GMT

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
xn--mgbg7b3bdcu.net/qa-content/ 87 KB
31 KB 55ms
41ms Script
application/javascript 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-content/jquery-3.5.1.min.js
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jul 2020 00:01:14 GMT
Server: Apache
ETag: "4012a4-15d86-5aa83bd204680-gzip"
Vary: Accept-Encoding,User-Agent
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5
Content-Length: 30916

GET
H/1.1 200
OK qa-global.js Show response
xn--mgbg7b3bdcu.net/qa-content/ 20 KB
5 KB 52ms
38ms Script
application/javascript 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-content/qa-global.js?1.8.5
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jul 2020 00:01:14 GMT
Server: Apache
ETag: "4012a7-5046-5aa83bd204680-gzip"
Vary: Accept-Encoding,User-Agent
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5
Content-Length: 5068

GET
H/1.1 200
OK snow-core.js Show response
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/js/ 2 KB
1 KB 50ms
37ms Script
application/javascript 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/js/snow-core.js?1.8.5
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jul 2020 00:01:16 GMT
Server: Apache
ETag: "4015e3-94f-5aa83bd3ecb00-gzip"
Vary: Accept-Encoding,User-Agent
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5
Content-Length: 1035

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
48 KB 29ms
22ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

HTTP/1.1

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b39b55f8696f4865e79b1ba6e61c5d287c670c2697af851e416983a45c990063

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 3061156273208685884
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 48343
X-XSS-Protection: 0
Expires: Thu, 29 Apr 2021 02:54:21 GMT

GET
H/1.1 200
OK _pos_loader.js Show response
widget.postquare.com/ 92 KB
23 KB 24ms
11ms Script
application/javascript 2a02:26f0:6c00:28b::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://widget.postquare.com/_pos_loader.js
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:28b::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 029949f470a38199283264cc9827e27d31875c0a91bfa5bc27de509d610affd1

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 26 Apr 2021 07:39:42 GMT
Server: nginx
ETag: W/"60866e3e-16ed1"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Connection: keep-alive
Content-Length: 23557
Expires: Thu, 29 Apr 2021 04:54:21 GMT

GET
H2 200 gr Show response
g792337340.co/ 352 B
416 B 142ms
120ms Script
application/javascript 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g792337340.co/gr?id=-MZL_V9C3KjGenLBk87f&refurl=&winurl=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash: 719d5393f1679427b525e07fafe1da265704ed22d1733c2bb32222e3f799920e

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
etag: W/"160-FuGkNZ/cZk+rAmFxBzRFco4Le/U"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 google
x-cloud-trace-context: d1eafb9cba6f66cbfa0ed86e44e4317a/13381016154227822181;o=0
cache-control: private, no-cache, no-store, must-revalidate

GET
H/1.1 200
OK vote-buttons-3.png
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/images/ 1 KB
2 KB 26ms
26ms Image
image/png 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/images/vote-buttons-3.png
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: b4ef3a11367a47a75f7cb4ed6e944472d190c86813cd2ffdb04a32358dc4e799

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Last-Modified: Wed, 15 Jul 2020 20:51:46 GMT
Server: Apache
ETag: "4015e0-5b1-5aa81178a5c80"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1457

GET
H/1.1 200
OK fontello.woff
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ 7 KB
7 KB 26ms
26ms Font
font/woff 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Pragma: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 26 Jul 2016 04:01:58 GMT
Server: Apache
ETag: "4015a0-1c20-53881f6511980-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 7160

GET
H/1.1 200
OK ubuntu-bold.woff2
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ 22 KB
23 KB 26ms
25ms Font
font/woff2 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ubuntu-bold.woff2
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 0c520384d05689f51e9846895c1f3572c39bc954504d2eed090432c4b08d6d3f

Request headers

Pragma: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jan 2019 00:38:24 GMT
Server: Apache
ETag: "4015a5-5910-57f746101e000-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 22823

GET
H/1.1 200
OK ubuntu-regular.woff2
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ 22 KB
22 KB 26ms
25ms Font
font/woff2 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ubuntu-regular.woff2
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 02e4551debbf743ff34d013ba7b0a5440fa88958b9c406105a55612721cba16c

Request headers

Pragma: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jan 2019 00:38:24 GMT
Server: Apache
ETag: "4015a9-5774-57f746101e000-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 22411

GET
H/1.1 200
OK ubuntu-italic.woff2
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ 24 KB
25 KB 26ms
26ms Font
font/woff2 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/fonts/ubuntu-italic.woff2
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 1f1c7364ef5f163cddba63301931db5e1eff87ecc1cd2e9704c10c6f92417b54

Request headers

Pragma: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://xn--mgbg7b3bdcu.net/
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Origin: http://xn--mgbg7b3bdcu.net
Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jan 2019 00:38:24 GMT
Server: Apache
ETag: "4015a7-60e8-57f746101e000-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 24831

GET
H/1.1 200
OK search-icon-white.png
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/images/ 1 KB
2 KB 25ms
25ms Image
image/png 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/images/search-icon-white.png
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 075c15c5e5b127cfd89b352a4f8e8d615d0abcc80977022ba45ad2032d26f535

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Tue, 15 Jan 2019 00:38:24 GMT
Server: Apache
ETag: "4015da-584-57f746101e000"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1412

GET
H/1.1 200
OK getrecs.json Show response
recs.engageya.com/rec-api/ 7 KB
3 KB 126ms
76ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://recs.engageya.com/rec-api/getrecs.json?cb=engageya_cb_69427924889013190&pubid=166843&webid=211048&wid=160114&recsnum=15&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&cs=UTF-8&subid=&title=%D8%A7%D9%81%D8%B6%D9%84&kwrds=&sessionid=20149608-e249-9440-c710-09bc6037c5e4&rndid=69427924889013190&psid=a2dbe7d2-6001-1c3d-6c9d-d9696a7bb54e&is_gdpr=0&gdpr_consent=
Requested by: Host: widget.postquare.com
URL: http://widget.postquare.com/_pos_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: ff8c6a4c5ee5623df035054980bd6967516764fcaa6ef582c5c78e25bc2f90a1

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK getrecs.json Show response
recs.engageya.com/rec-api/ 7 KB
3 KB 127ms
77ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://recs.engageya.com/rec-api/getrecs.json?cb=engageya_cb_16958541363797330&pubid=166843&webid=211048&wid=160119&recsnum=15&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&cs=UTF-8&subid=&title=%D8%A7%D9%81%D8%B6%D9%84&kwrds=&sessionid=b88ca196-0fc7-51a1-9416-f0f271cf50ad&rndid=16958541363797330&psid=a2dbe7d2-6001-1c3d-6c9d-d9696a7bb54e&is_gdpr=0&gdpr_consent=
Requested by: Host: widget.postquare.com
URL: http://widget.postquare.com/_pos_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: 3617a9959b658629c312c83ba9f437a070060c8e896284218515d6925b449ca0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK getrecs.json Show response
recs.engageya.com/rec-api/ 96 KB
25 KB 347ms
298ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://recs.engageya.com/rec-api/getrecs.json?cb=engageya_cb_48104910285485110&pubid=166843&webid=211048&wid=160471&recsnum=15&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&cs=UTF-8&subid=&title=%D8%A7%D9%81%D8%B6%D9%84&kwrds=&sessionid=248765cb-bb08-be78-c8e5-9f2cc92f09a5&rndid=48104910285485110&psid=a2dbe7d2-6001-1c3d-6c9d-d9696a7bb54e&is_gdpr=0&gdpr_consent=
Requested by: Host: widget.postquare.com
URL: http://widget.postquare.com/_pos_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: 4aa98956ea3e7c391521fc4a083c57b14526552f8086b8d4b8445cf36b834c4d

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK getrecs.json Show response
recs.engageya.com/rec-api/ 6 KB
3 KB 126ms
76ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://recs.engageya.com/rec-api/getrecs.json?cb=engageya_cb_49005982186409880&pubid=166843&webid=211048&wid=142124&recsnum=15&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&cs=UTF-8&subid=&title=%D8%A7%D9%81%D8%B6%D9%84&kwrds=&sessionid=d1373f76-745c-cf70-323c-d35572288536&rndid=49005982186409880&psid=a2dbe7d2-6001-1c3d-6c9d-d9696a7bb54e&is_gdpr=0&gdpr_consent=
Requested by: Host: widget.postquare.com
URL: http://widget.postquare.com/_pos_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: ea200b901c3de7db8ef78a2c4d9dcf57511eafd76f2cc475b10bada5dcf69225

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-118003504-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5067
date: Thu, 29 Apr 2021 01:29:55 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 29 Apr 2021 03:29:55 GMT

GET
H/1.1 200
OK spinner-icon-14x14.gif
xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/images/ 8 KB
8 KB 27ms
26ms Image
image/gif 92.205.13.122
GODADDY-SXB

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Protocol: HTTP/1.1
Server: 92.205.13.122 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: ip-92-205-13-122.ip.secureserver.net
Software: Apache /
Resource Hash: 07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: xn--mgbg7b3bdcu.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
Cookie: PHPSESSID=ce5e790037ca2e18d032549a51f8f682; qa_key=spelmexwylpsf3q08jsezisd2sdnhd0c
Connection: keep-alive
Cache-Control: no-cache
Referer: http://xn--mgbg7b3bdcu.net/qa-theme/SnowFlat/qa-styles.css?1.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Tue, 15 Jan 2019 00:38:24 GMT
Server: Apache
ETag: "4015dc-1e65-57f746101e000"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 7781

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210426/r20190131/ 223 KB
83 KB 47ms
27ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210426/r20190131/show_ads_impl_with_ama_fy2019.js?client=pub-7103781133995645&plah=xn--mgbg7b3bdcu.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5d13a315184e4cc69d5c495682f8e5539478b0f7331165dc63e9aa4f224add0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84531
x-xss-protection: 0
server: cafe
etag: 5298758904806933499
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210426/r20190131/ Frame 0936 10 KB
5 KB 7ms
5ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210426/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210426/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Apr 2021 01:16:17 GMT
expires: Thu, 13 May 2021 01:16:17 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 5885
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=2083578810&t=pageview&_s=1&dl=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&ul=en-us&de=UTF-8&dt=%D8%A7%D9%81%D8%B6%D9%84%20%D8%A7%D8%AC%D8%A7%D8%A8%D8%A9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=483069870&gjid=83068616&cid=421693466.1619664862&tid=UA-118003504-2&_gid=943849679.1619664862&_r=1&gtm=2ou4l3&z=11266713

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://xn--mgbg7b3bdcu.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
91 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-118003504-2&cid=421693466.1619664862&jid=483069870&gjid=83068616&_gid=943849679.1619664862&_u=YEBAAUAAAAAAAC~&z=1996016349

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 29 Apr 2021 02:54:22 GMT
content-type: text/plain
access-control-allow-origin: http://xn--mgbg7b3bdcu.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 209 B
646 B 83ms
30ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xn--mgbg7b3bdcu.net&callback=_gfp_s_&client=ca-pub-7103781133995645

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210426/r20190131/show_ads_impl_with_ama_fy2019.js?client=pub-7103781133995645&plah=xn--mgbg7b3bdcu.net&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

3d245ce697efb53e117a0ab996a98ca8c677df99b925cea13b428127c0acfc6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
14ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xn--mgbg7b3bdcu.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 37ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xn--mgbg7b3bdcu.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2266 13 KB
6 KB 183ms
168ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c47f634d796769edc25c5e834a7cae43d2448ce1722a2eabb0a875a586477301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Apr 2021 02:54:22 GMT
server: cafe
content-length: 5879
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Apr-2021 03:09:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 36ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c76a6cc9369273b7e5f07285be49006b00775eefeefd725334e4235c4c29c9cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631702402874"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28201
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-118003504-2&cid=421693466.1619664862&jid=483069870&_u=YEBAAUAAAAAAAC~&z=1808505395

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-118003504-2&cid=421693466.1619664862&jid=483069870&_u=YEBAAUAAAAAAAC~&z=1808505395

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 89E3 58 KB
20 KB 283ms
277ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b161e93529afd591967447b7bc2d3a45db033bf483ced61e550864a12cbd42b9

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COSBkOa5ovACFUtO4AodrrwP6w&gqi=3h-KYL_fCqmvx_APq66K6A4&layout=/sadbundle/%24csp%253Der3%24/17023595765794078720/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COSBkOa5ovACFUtO4AodrrwP6w&gqi=3h-KYL_fCqmvx_APq66K6A4&layout=/sadbundle/%24csp%253Der3%24/17023595765794078720/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Apr 2021 02:54:22 GMT
server: cafe
content-length: 20228
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Apr-2021 03:09:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CD98 6 KB
844 B 47ms
47ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&adk=1812271804&adf=3025194257&lmt=1619664862&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&ea=0&flash=0&pra=7&wgl=1&dt=1619664862085&bpp=1&bdt=236&idt=79&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90%2C1024x90&nras=1&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&dtd=84

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0ad466a3d91ec9a1782a0b6b229125e0621e67600d875e99e71d8dd7e198328

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7103781133995645&output=html&adk=1812271804&adf=3025194257&lmt=1619664862&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&ea=0&flash=0&pra=7&wgl=1&dt=1619664862085&bpp=1&bdt=236&idt=79&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90%2C1024x90&nras=1&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&dtd=84
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Apr 2021 02:54:22 GMT
server: cafe
content-length: 821
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Apr-2021 03:09:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

GET
H/1.1 200
OK eng_crt_loader_new.js Show response
widget.engageya.com/ 13 KB
4 KB 14ms
6ms Script
application/javascript 2a02:26f0:6c00:290::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://widget.engageya.com/eng_crt_loader_new.js
Requested by: Host: widget.postquare.com
URL: http://widget.postquare.com/_pos_loader.js
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:290::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 202984635510749607871fe7743cbdb4908318e86e94822ddc7f8e0920bf80d7

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 26 Apr 2021 07:39:43 GMT
Server: nginx
ETag: W/"60866e3f-34dd"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Connection: keep-alive
Content-Length: 3291
Expires: Thu, 29 Apr 2021 04:54:22 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya11bca6eb-ee3f-4471-b31f-1f31c04ab738_new_post_image_241175_17.jpg
images9.engageya.com/a7/d6/website_219443/ba/ba/f6/ 10 KB
10 KB 124ms
118ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/ba/ba/f6/images9.engageya.com.engageya11bca6eb-ee3f-4471-b31f-1f31c04ab738_new_post_image_241175_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4c78d7f75ef039efd8381a69f1acb0ffc5e1a41804f748d9d2199ac085ad1ab9

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Tue, 24 Nov 2020 04:30:20 GMT
Server: AmazonS3
x-amz-request-id: 3M525VHXXYF6BRMN
ETag: "bba696e09a1b7c06bdd999870ee046de"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10079
x-amz-id-2: Akr/uGA2IxwXBy5HjwnANqI6HqXj8XPD9X2Gaa58xBrWamsf4Sep2cTsGMNNPboeuF3yNbYsGew=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK logosmall.png
widget.postquare.com/img/brands/gecko/ 4 KB
4 KB 6ms
6ms Image
image/png 2a02:26f0:6c00:28b::3b8d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://widget.postquare.com/img/brands/gecko/logosmall.png
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:28b::3b8d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a01d8b7ca6b54b65249b97435040a6202bed90eb499171362fe6b08600791a41

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Mon, 26 Apr 2021 07:39:43 GMT
Server: nginx
ETag: "60866e3f-ea0"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3744
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK images9.engageya.com.engageyab6b998ef-328b-4637-8bf3-36fbaa7dff9f_new_post_image_843688_17.jpg
images9.engageya.com/a7/d6/website_219443/b2/55/06/ 15 KB
15 KB 13ms
8ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/b2/55/06/images9.engageya.com.engageyab6b998ef-328b-4637-8bf3-36fbaa7dff9f_new_post_image_843688_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e008cb52a651c7b98f9f0f4c10b962fc69a37be69bb24f14bac03159bdb1c15f

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Tue, 27 Apr 2021 04:23:10 GMT
Server: AmazonS3
x-amz-request-id: QAPHNV4MBRRTWHVC
ETag: "e419f49b804591630c4f83e220359c87"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15320
x-amz-id-2: E0izFy/yh2w4Hp3jBB6c5rrnU6LaurBBe9I238OjKV91Wlfs9ZFTYddoeHKvuVfnn5VPKm4ubX4=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya83997798-ca96-478f-ba22-3bca7726ca8b_new_post_image_640570_2.jpg
images9.engageya.com/a7/d6/website_219443/1d/59/42/ 12 KB
13 KB 79ms
77ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/1d/59/42/images9.engageya.com.engageya83997798-ca96-478f-ba22-3bca7726ca8b_new_post_image_640570_2.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a99e457aff5e7b529954833cd8a465c5a59abe35acec8180b5f4b45c6fdf8e39

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Mon, 12 Apr 2021 08:14:46 GMT
Server: AmazonS3
x-amz-request-id: 3M5EQBQWJVHHGW0P
ETag: "3fbc44a85d4d4e48461f5df33ad1068f"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12581
x-amz-id-2: NhRi9+3eUK6Tegw7VI7FfUSRHZwasoWe1ypom0OOTKe3yClTpqgDmTSyAu9kPO631NPTAWFgQX8=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 114 KB
37 KB 39ms
15ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: widget.engageya.com
URL: http://widget.engageya.com/eng_crt_loader_new.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:29 GMT
server: nginx
etag: W/"605322dd-1c9d1"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 30 Apr 2021 02:54:22 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xn--mgbg7b3bdcu.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
14ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xn--mgbg7b3bdcu.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5321 76 KB
26 KB 238ms
238ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70988066b7d67b6de494fe2d21e973083158411a0e4a272f0dff37ef9ae0d5ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Apr 2021 02:54:22 GMT
server: cafe
content-length: 26227
x-xss-protection: 0
set-cookie: IDE=AHWqTUmLGmS8Q3WmvaFbedJkBtq73qWoCa48W6SpkdJvJPrtW5jllzmSWqgQ61Y-z5g; expires=Tue, 24-May-2022 02:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A8DB 71 KB
25 KB 527ms
526ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=774654709&adf=2742576309&pi=t.aa~a.262088325~rp.4&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=748x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280&nras=3&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=2103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=NZ3I63OpKG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=20

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26322ccb7eda19ff491445b26525a8a30814c6357ddcfa766098a79d3dc10a61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=774654709&adf=2742576309&pi=t.aa~a.262088325~rp.4&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=748x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280&nras=3&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=2103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=NZ3I63OpKG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=20
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Apr 2021 02:54:22 GMT
server: cafe
content-length: 25690
x-xss-protection: 0
set-cookie: IDE=AHWqTUlOBxuUXZoFB6-AT7My1RWkttX1D9ThFpU1zq75EdTBv7JSTEfinO_ANoFGxbM; expires=Tue, 24-May-2022 02:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DAE1 75 KB
26 KB 454ms
453ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.2185563714~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=417&idt=1&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280%2C748x280&nras=4&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4728&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=t6q5tJcs3n&p=http%3A//xn--mgbg7b3bdcu.net&dtd=23

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b4c355e64440c8b4e77d178a5a70549a4f9c5f85bcb9a0775452b8fc5508df0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.2185563714~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=417&idt=1&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280%2C748x280&nras=4&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4728&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=t6q5tJcs3n&p=http%3A//xn--mgbg7b3bdcu.net&dtd=23
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Apr 2021 02:54:22 GMT
server: cafe
content-length: 26342
x-xss-protection: 0
set-cookie: IDE=AHWqTUlyVt2EGqqtC_xCKLnKM8_mkziB_-V61nIsJuuQij7VpBBsZNPK5YlR9nOENTM; expires=Tue, 24-May-2022 02:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
148 B 50ms
16ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=106&profileId=184&cb=7339973429
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: http://xn--mgbg7b3bdcu.net
date: Thu, 29 Apr 2021 02:54:21 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 28FD 0
0 17ms
16ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWXIW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBMoBT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxFENF5DqCXTpboGMg2PwWbDBjYAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAbIXGAoWEhRwdWItNzEwMzc4MTEzMzk5NTY0NQ&sigh=VSCc9MVqSts&tpd=AGWhJmsHV17ZzRlkZKpumlhquJwXX39Kl7la54etGD875ozU04sxEBewSIkjMoN5y6R9VySiTanDW2Vd7DeopLzmgsvdhMDjFZHOwKyUcG83I20J2BhQQoj1b6jYrH26o5GS4bIgDd_86FKLHPhGONXIaNkqTRjQDNUBRhjKHr3TA7TLPI1Xni3s1Xe_pLNmzPyCrRqHKICXoRX5QB3feZY04YmAIpwLzINZVqDDyiyWVsxoDCAoFhlgqyvdA0oVAxr1_I0hGIS-7IWs_kgNa3FQmPKPayFEEYspK9wXcy6PHQgq_ZBZVQgQf4f-HqYNd1arP94ZQZPhiu6MepZ0YzBUJrBHTINpty3pYAQ2nGuhy7wIiPOtdkeJ0_SpQYenOeHth5qy7MJuxlYnvepuoE71pYydFLJ2xZqV9HEd_l88WPU0A7KLbSt43JYvZ0oYxMJfm9mB8xDSk-UGdUlh-zsSGciRTkscdJc_57I3nhOqtxqmvidyruFSxPKmMbe896fjbstZX4GZ79UZII94yPMnXj8cy9kayW3uzrTgIGncDAYqUIv94kQW1rvws5QayVyY0KqpY7zaredeCohMXJVV69zSBziFO0_t4QpXAUX6f5ID9leyaRSIhCR6y2Pxx8dQnZLd7U71sNSx90NfHqlzX4lJFouaBa_Ij95iRunR6Kfve2r4Efi7ENYce1To7kYPpsa90gBUmNv8sl8uEO9FvkTKjcgS3X-BGvZzJx_sb_ENLjJoaVlX3EkXkrOzKPmExBkDYS85T-rKzQKr5SagovnIMdCqR8GGrzZValcoQjGc0F4hn6gQF8cpMW2ZCfYkKdLKhB5BiDGbP7LLWkWI59Ypg4VG513Aaf2BMDUdCqjy6XUecxUvjfDb6jH8fP_6VV4EgXN_iNSWFMrz2YIuvQfcfHl5EjqgRM12KmfPEZJh877qd4iAGVfF9EUUGRM8ejQjJTdEksEUtn_ed9s5uK0Y4bWCxKgBtSIcU0h6BZdJ9Y9IJ8555yfn-zBiO-H0-blUe3Dl7S3TJqcnbPXOgdWZaOqPvg

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Apr 2021 02:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 28FD 5 KB
3 KB 109ms
36ms Script
application/x-javascript 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRVMk1tVTNORFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzcyOTk0NjA3Mzk4MjY3NjYxNTMvNzUxNTc1MS81NjM3MjU0LzQvWEszaWhia0JmMS1kaXMxeS1LbTdmN25WREtZUTR3aXBLQXBBODE0TnowOC8xLzQvMC8wLzExODM0NzcvMC8yMzQ0OTUvNzQ2MzQ1LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMzg0MDY5NjIyNjAwNjIyNTEyMy96cmgvMC8xODgwLzIwLzk5OS8yLzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MTk2NjQ4NjIvMTYxOTY3NzQ2Mi80L3B1Yi03MTAzNzgxMTMzOTk1NjQ1Lw/iCaJ0zcxkUVFMdmz6Y6Dvp3Yqas&nodeid=2630&group=eu&auctionid=7299460739826766153&sid=5637254&cid=7515751&bp=a_aebhah&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.84&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%26client%3Dca-pub-7103781133995645%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 120034900f89db02074d3494748eafd00f7125e94b982f5037eb26b7b6941de0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:16 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1619664862
Last-Modified: Thu, 29 Apr 2021 02:54:22 GMT
Server: MMBD/3.197.0
x-mm-latency: 1 (1)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x42, zrh-bidder-x144
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Thu, 29 Apr 2021 02:54:15 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 28FD 2 KB
1 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:52:28 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 28FD 116 KB
35 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 28FD 13 KB
6 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:18:14 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
148 B 16ms
15ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/csm/events
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: http://xn--mgbg7b3bdcu.net
date: Thu, 29 Apr 2021 02:54:22 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 pixel.gif
static.criteo.net/images/ 43 B
260 B 12ms
12ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sun, 24 Apr 2022 02:54:22 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ 43 B
260 B 12ms
12ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sun, 24 Apr 2022 02:54:22 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya80d381f1-95b0-4329-8a1e-f4d9832f73f4_new_post_image_305118_17.jpg
images9.engageya.com/a7/d6/website_219443/be/a6/80/ 11 KB
12 KB 15ms
11ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/be/a6/80/images9.engageya.com.engageya80d381f1-95b0-4329-8a1e-f4d9832f73f4_new_post_image_305118_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6a1d8020c1cc51f7fd4a5287ba822984c7fe1afabf48559c7d9b01a5f793ee07

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Tue, 27 Apr 2021 04:23:12 GMT
Server: AmazonS3
x-amz-request-id: C2PN7CQ2P1NJHNM7
ETag: "8bbe31f0c6646f5bbc12f5d5856321b2"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11677
x-amz-id-2: 32bZ8bPZs0ZJAG/nbyvK3cecatISEVwQ7dqFHwyXFk+Ixh85yvwf0+1bb+QHA1os9FVbOELBooM=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzIwOWY0ODAyNmU2NjY1ZjAzMWRlZDMyNzE5ZWI1ZmEwLmpwZw.webp
s-img.mgid.com/g/8164883/492x328/0x0x492x328/ 12 KB
13 KB 43ms
25ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164883/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzIwOWY0ODAyNmU2NjY1ZjAzMWRlZDMyNzE5ZWI1ZmEwLmpwZw.webp?v=1619664862-NY-BqQ0ArhQXIcf_2qGkRhr3lxB96e1srxsgD6UAjiA
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8c3f71afbeeed7e2dd4c4f436a8f1b75b8cc09a9849ef2f842016500d0f4788

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 6278560b-c5be-46f8-b75c-0bb5e0f62304
Age: 148829
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12392
cf-request-id: 09bd25951200000c5d489d9000000001
Last-Modified: Mon, 08 Feb 2021 10:20:19 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ece8e580c5d-AMS

GET
H/1.1 200
OK images9.engageya.com.engageya58fb3cb0-e7c3-461e-acbc-7623ff260aea_edited_post_image_646846_17.jpg
images9.engageya.com/a7/d6/website_219443/d0/ae/45/ 13 KB
14 KB 14ms
9ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/d0/ae/45/images9.engageya.com.engageya58fb3cb0-e7c3-461e-acbc-7623ff260aea_edited_post_image_646846_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e242d5baa05b1a00ba6f0e18896dd6604635d501a84f2cb81ec9b35786e37fb

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Mon, 29 Mar 2021 08:09:39 GMT
Server: AmazonS3
x-amz-request-id: C2PWC2T9K8288SSK
ETag: "ed54e39bd3bfd9776bad1586b844bb50"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13656
x-amz-id-2: QXyTPY+wVjZhumTUfQ0FUPW1A0S42jpksBX8UqJRa4E5ZeW34jhK8UjBooNvbn9oE+uDk4jYe44=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMTEtMTQvMTAxOTI0LzhjZjZjYTM3NjE0MjljYzE4NjgzNWE1NjhhY2ZhZTY1LmpwZWc_dD0xNTEwNjU1NDgxODk1.webp
s-img.mgid.com/g/8193504/492x328/88x0x631x420/ 15 KB
15 KB 47ms
29ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193504/492x328/88x0x631x420/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMTEtMTQvMTAxOTI0LzhjZjZjYTM3NjE0MjljYzE4NjgzNWE1NjhhY2ZhZTY1LmpwZWc_dD0xNTEwNjU1NDgxODk1.webp?v=1619664862-NCo6cl3qL0xEcIKqRDV2EBDFHCqbah2-bJTkeFpS8Es
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 714e4b742a1ddc3565cfb472ac59b37a1bc03dd471e5d51a13647bfced2dbf5c

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 9b2a9c88-1669-4160-b496-190838587b01
Age: 148848
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15046
cf-request-id: 09bd2595120000c76189b08000000001
Last-Modified: Wed, 10 Feb 2021 07:15:20 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ece8861c761-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp
s-img.mgid.com/g/8164865/492x328/0x0x900x600/ 21 KB
22 KB 44ms
26ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164865/492x328/0x0x900x600/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp?v=1619664862-xXWR9WUBhY-AsO9MMA1uq2GqGNem-4FKLqQsHkdwHOM
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbe28a1b807c1e7e6c98e4c5900817dc26fe9ee04cd549d97c9cdb057003ab78

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: f59f0b42-0199-4bfc-b3df-3ccb92ae7ef6
Age: 148830
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 21892
cf-request-id: 09bd25951300001fe6dcba8000000001
Last-Modified: Mon, 08 Feb 2021 10:20:17 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ece8f261fe6-AMS

GET
H/1.1 200
OK images9.engageya.com.engageya83997798-ca96-478f-ba22-3bca7726ca8b_new_post_image_640570_17.jpg
images9.engageya.com/a7/d6/website_219443/1d/59/42/ 15 KB
15 KB 110ms
105ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/1d/59/42/images9.engageya.com.engageya83997798-ca96-478f-ba22-3bca7726ca8b_new_post_image_640570_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0cbb945ebe2c56e7ce22121d094201a07a38196ddf6d424eac5f0e2bdfacdbde

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Mon, 12 Apr 2021 08:14:46 GMT
Server: AmazonS3
x-amz-request-id: 3M5C8CKDJ5J6YENE
ETag: "16348d77986a3311a723e6455a6cae9e"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15032
x-amz-id-2: UrTECXxiaa9HhOJFis7dj5JEgWDKfclP+W/e1jT1DWuLDWtF9xJrl5rmaOb6t5dY/ZxBMSpXv/4=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTgtMDctMDQvMTAxOTI0L2Q5ZThkNjdhM2I4MmMyMmI4Zjc3ZTg5MDczMWQwOTZmLmpwZWc_dD0xNTMwNzIwODE4MzE5.webp
s-img.mgid.com/g/8193534/492x328/0x124x788x525/ 10 KB
11 KB 43ms
25ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193534/492x328/0x124x788x525/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTgtMDctMDQvMTAxOTI0L2Q5ZThkNjdhM2I4MmMyMmI4Zjc3ZTg5MDczMWQwOTZmLmpwZWc_dD0xNTMwNzIwODE4MzE5.webp?v=1619664862-xj6di6qtJiTy_lnn0-fzmj9kcFCx64mKvCKMqUXBO_A
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73991db92a15dad0a560144a65fdaf8621ea00714a0fbcc0034c5af6ba0448f4

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 488d1614-5953-4f13-9172-b4eb41ae9504
Age: 509012
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 10362
cf-request-id: 09bd259512000000ba67ae2000000001
Last-Modified: Wed, 10 Feb 2021 07:15:54 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ece8ca300ba-AMS

GET
H/1.1 200
OK images9.engageya.com.engageya5b7503c4-af9b-4c67-80ca-7952f5e22b8f_new_post_image_174477_17.jpg
images9.engageya.com/a7/d6/website_219443/1d/36/9c/ 13 KB
13 KB 18ms
10ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/1d/36/9c/images9.engageya.com.engageya5b7503c4-af9b-4c67-80ca-7952f5e22b8f_new_post_image_174477_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45741efb5a359d94a28eb92a45ce54db6aa63ad7c12254f19988944165365948

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Thu, 04 Mar 2021 08:37:02 GMT
Server: AmazonS3
x-amz-request-id: 2ETYYQPG53NTWHA8
ETag: "9b1ae891c7f539fce512cd0f4b9cfbbd"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13116
x-amz-id-2: f+BcsXNack3fAR1hxLFArTgHOc7GrPCR1+k98hY946A/ETP9gRdH3hmhhFQNv9cuSFmGdH/qV1c=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK images9.engageya.com.engageya96fc1565-c472-4cdd-820a-2e320add58a7_new_post_image_407730_17.jpg
images9.engageya.com/a7/d6/website_219443/98/e4/40/ 11 KB
12 KB 108ms
99ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/98/e4/40/images9.engageya.com.engageya96fc1565-c472-4cdd-820a-2e320add58a7_new_post_image_407730_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d6908b64e810e421319da0bf6ecf5941b0a050e499056ace7ca8f8af806107b

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Thu, 15 Apr 2021 04:44:05 GMT
Server: AmazonS3
x-amz-request-id: 3M5EXSBJ0HCYGW96
ETag: "8a7541bf100b6a071d0f8790bb508fe2"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11602
x-amz-id-2: pzXZVEF/U3R2tmqQHAUwMrFbGGI8nmCewFYxIarV6TX6zzrNdCCfRDJKeDjuKsjX7cbgVhrSQ2U=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDQvMTAxOTI0L2QyODY2NTUxNTI3OGY0ZjM0ZmM4NjhiZWY2MDc5NzYxLmpwZWc.webp
s-img.mgid.com/g/8193501/492x328/16x0x492x328/ 10 KB
11 KB 42ms
24ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193501/492x328/16x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDQvMTAxOTI0L2QyODY2NTUxNTI3OGY0ZjM0ZmM4NjhiZWY2MDc5NzYxLmpwZWc.webp?v=1619664862-1t8rKyIFt_Qhnl0EjFHMxpu5hFWGdQjK2QsFyr1r3w4
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca24e2680f2545b64cfd196089e9e5ac5a3b6c9eec852492210239bb07402904

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 33995acf-2101-4231-bd28-74cde6207ebb
Age: 148847
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 10278
cf-request-id: 09bd25951200004c3e2201b000000001
Last-Modified: Wed, 10 Feb 2021 07:17:19 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ece8bd34c3e-AMS

GET
H/1.1 200
OK images9.engageya.com.engageya5c18cb88-9743-431e-9254-1f4c171287b1_new_post_image_156866_17.jpg
images9.engageya.com/a7/d6/website_219443/c1/03/66/ 13 KB
13 KB 95ms
94ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/c1/03/66/images9.engageya.com.engageya5c18cb88-9743-431e-9254-1f4c171287b1_new_post_image_156866_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8bd9ef7089736394c9757075d85b927bd3d14e6790cc39a4a65224e47674899d

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Thu, 15 Apr 2021 04:44:02 GMT
Server: AmazonS3
x-amz-request-id: 3M5E0XWE8N7733MN
ETag: "22944074883c6df9537a2f5db63550d6"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13239
x-amz-id-2: bN1Bd6rvyCrDWagrqQYgqHYO1yV1p/K5MsLBptcePlDUaLQc5S/VERJuQOBNnwBn0vqJKNfyIwI=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDkvMTAxOTI0L2I5Y2U2M2E3ZDIyNjFlZGEwMzQzZDRjZGViZDNmN2Q3LmpwZWc.webp
s-img.mgid.com/g/8164912/492x328/0x0x1081x720/ 12 KB
13 KB 36ms
22ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164912/492x328/0x0x1081x720/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDkvMTAxOTI0L2I5Y2U2M2E3ZDIyNjFlZGEwMzQzZDRjZGViZDNmN2Q3LmpwZWc.webp?v=1619664862-I8W21PESii96glg8hU9brqrKODOPRAtiUqPgqi1kmE4
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9890b523125c63685ab6e157e022072740363afb75a023b694cec0b986a25481

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: a9b8b4bd-ba2d-4d54-9fc9-83ab4f127e05
Age: 508385
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12790
cf-request-id: 09bd25951c00001ed6f833a000000001
Last-Modified: Mon, 08 Feb 2021 10:20:16 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ece9d1c1ed6-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTAvMTAxOTI0LzMwZTFkZDE0NjhhNDUxMjZkNWQzM2RhNjYxODI5ZTRhLmpwZWc.webp
s-img.mgid.com/g/8164901/492x328/0x65x849x566/ 14 KB
15 KB 23ms
22ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164901/492x328/0x65x849x566/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTAvMTAxOTI0LzMwZTFkZDE0NjhhNDUxMjZkNWQzM2RhNjYxODI5ZTRhLmpwZWc.webp?v=1619664862-sROf_SGzLuh0Y-nTtXnvQow6SmlF-Vq_ZLuyM2_SV90
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf10a3f6fdcb1babbab751e304b4cffca3ccbc67ec9090fe0a529e07211a1b08

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 7765681e-7353-448c-afa8-1a8f211e009c
Age: 508385
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 14222
cf-request-id: 09bd25952b00004c3e6b2e2000000001
Last-Modified: Mon, 08 Feb 2021 10:20:27 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753eceac4c4c3e-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0L2QyYzViNjdkODVlNDE3ZDM0YWVmN2Q3YjhiZGEwZmJjLmpwZWc.webp
s-img.mgid.com/g/8164860/492x328/0x0x831x554/ 9 KB
10 KB 21ms
21ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164860/492x328/0x0x831x554/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0L2QyYzViNjdkODVlNDE3ZDM0YWVmN2Q3YjhiZGEwZmJjLmpwZWc.webp?v=1619664862-G0JZwQ-xRFrXawL66wfkDaEmvyXNL33ZZAoGH9bN57M
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89e8c9f38453550ebee24fafe934daad8cc913a3e55b941db1b72a97b49554ac

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 830eeecd-76b3-4bfc-8859-b308ab716af1
Age: 148255
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 9726
cf-request-id: 09bd25952b000000ba5d012000000001
Last-Modified: Mon, 08 Feb 2021 10:20:23 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753eceacc000ba-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp
s-img.mgid.com/g/8164911/492x328/32x5x928x618/ 6 KB
7 KB 22ms
21ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164911/492x328/32x5x928x618/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2ZkNjNmZDY4NmUwMGVjZTk0NWNkZmI5MzgzOWVkMmEzLmpwZWc.webp?v=1619664862-vvf-X1F0LEsnOFDV1ETu46DC4HIIPSsfwb_zCOncytQ
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af2d1eefa16495893f5cfbed9041d42ba3851f52c117931ae5196f81a5777f7b

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 46a4fd85-462e-4514-bf17-6cc2df8091a0
Age: 148255
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 6484
cf-request-id: 09bd25952b00000c5d29203000000001
Last-Modified: Mon, 08 Feb 2021 10:20:17 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753eceae760c5d-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0LzM0OTg5ZTIzY2Y3ZDJmZDkyOWY4Mjk0NThjYzE0NTk4LmpwZWc.webp
s-img.mgid.com/g/8164891/492x328/59x0x1083x722/ 8 KB
9 KB 27ms
26ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164891/492x328/59x0x1083x722/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0LzM0OTg5ZTIzY2Y3ZDJmZDkyOWY4Mjk0NThjYzE0NTk4LmpwZWc.webp?v=1619664862-mlk0XW_sIuV9W11LzHiMFnEECreYc22ULC6a1qjVMYg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cf263a6b7d7b1515ff043483a7c8e3d465466acbbbc6ffcfce78dac396a0d6a

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 21b25d8e-3d74-498b-b63d-f6c48e6f0978
Age: 499622
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 8382
cf-request-id: 09bd25953b0000c76102b09000000001
Last-Modified: Mon, 08 Feb 2021 10:20:35 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecec872c761-AMS

GET
H/1.1 200
OK images9.engageya.com.engageyae42aec29-88d2-4dc8-81ee-e66eab6993df_new_post_image_397339_17.jpg
images9.engageya.com/a7/d6/website_219443/ff/79/2e/ 14 KB
14 KB 118ms
118ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/ff/79/2e/images9.engageya.com.engageyae42aec29-88d2-4dc8-81ee-e66eab6993df_new_post_image_397339_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ba2c3f3d797cb7e748d90b7f71d225a3021818b504162c9fea41706477e986b4

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Thu, 15 Apr 2021 04:44:00 GMT
Server: AmazonS3
x-amz-request-id: 3M522PFFKX1RVQ32
ETag: "11d8fb812376e1237c10b0ce01983d37"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14327
x-amz-id-2: OgsBeREokEZve7zgVUuKnF8s8XGobDm3+QQLYIdR+Aqgor54IsokwSJSmoCvAit0k66NyqIPjBk=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2E4OTM0ZjJjZjhiM2Y2ODc5ZDI5NmMyZmZkNmMwZGEzLmpwZw.webp
s-img.mgid.com/g/8164875/492x328/0x262x564x376/ 10 KB
10 KB 25ms
24ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164875/492x328/0x262x564x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2E4OTM0ZjJjZjhiM2Y2ODc5ZDI5NmMyZmZkNmMwZGEzLmpwZw.webp?v=1619664862-1gBRlPLHu2ioqj5BY3Mwn-kw2prdG7ACAuTeEJHD-5k
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac38b4b5c070b298e1d24f9118905724a535dc9d82aae8b06f496462b3ba9ae

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 6399e6de-a9e3-477a-8eb0-ed464d037de6
Age: 491037
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 10026
cf-request-id: 09bd25953c00001fe682ba0000000001
Last-Modified: Mon, 08 Feb 2021 10:20:23 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ececf551fe6-AMS

GET
H/1.1 200
OK images9.engageya.com.engageya3a04013e-8195-4f0e-931c-ad53bb45c894_new_post_image_295448_17.jpg
images9.engageya.com/a7/d6/website_219443/75/1d/d3/ 11 KB
11 KB 10ms
10ms Image
image/jpeg 2a02:26f0:6c00:2a0::3b8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images9.engageya.com/a7/d6/website_219443/75/1d/d3/images9.engageya.com.engageya3a04013e-8195-4f0e-931c-ad53bb45c894_new_post_image_295448_17.jpg
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00:2a0::3b8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c5cdf964af96880050ef7bc9d9a9a68f190b86a387afac401c4922fb1e68198f

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Thu, 15 Apr 2021 04:44:06 GMT
Server: AmazonS3
x-amz-request-id: 5259BYS1VT84C6BT
ETag: "183f66618664fceb8d731372c64bc738"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11039
x-amz-id-2: XNyc0h6FlkKBGWMKUGmUcQj04P62LUtgIqMhjC6rBs9B2Sqoe3leRson7hY6psk7V1FXnqB0TMs=
Expires: Thu, 06 May 2021 02:54:22 GMT

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzc4NzAwMjJjM2IzMDY0YTBhMzdhZDAzNTVlNzEyMzcwLmpwZw.webp
s-img.mgid.com/g/8164899/492x328/0x39x564x376/ 29 KB
30 KB 27ms
23ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164899/492x328/0x39x564x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzc4NzAwMjJjM2IzMDY0YTBhMzdhZDAzNTVlNzEyMzcwLmpwZw.webp?v=1619664862-SzUyezfUTVo8Vb9x4bPDnr2Z48ubATaQX1_wJoJszf0
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02f4e744bf2d5c62fdf46c942adb8eaeba1cb799c8cbd08c8b3406e3cdf2bb6c

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 1ae9fd3a-0a50-4b94-815c-b77983681f62
Age: 498377
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 29856
cf-request-id: 09bd25954600004c3e092c6000000001
Last-Modified: Mon, 08 Feb 2021 10:20:22 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecedc864c3e-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90ZWFzZXIvMjAxOS0wMi0yMS8xMDE5MjQvYTMxN2FjZjhlNDA3NjMyY2JjNzY0OTQxMjU1YTcyMjguanBlZz90PTE1NTA3NTkwNTAzMjQ.webp
s-img.mgid.com/g/8193507/492x328/37x161x526x350/ 12 KB
13 KB 25ms
23ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193507/492x328/37x161x526x350/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZWFzZXIvMjAxOS0wMi0yMS8xMDE5MjQvYTMxN2FjZjhlNDA3NjMyY2JjNzY0OTQxMjU1YTcyMjguanBlZz90PTE1NTA3NTkwNTAzMjQ.webp?v=1619664862-wZL1glrKrovscuo4jTJLwdIxiOugl66s-NoevJSCfOA
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4732cf5a10c079b3240d1b05f4e517003a06d2bad56056bd2ef7755ca83af53

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: cc2690c5-ec9a-403f-9164-1bf61c76b446
Age: 482052
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12724
cf-request-id: 09bd259546000000ba84aa3000000001
Last-Modified: Wed, 10 Feb 2021 07:16:05 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecedce900ba-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2Y3YjcyMzU4OWJiMjVhMzQ1ZTNmZWQxM2ZjZTA0NzE2LmpwZWc.webp
s-img.mgid.com/g/8193525/492x328/0x311x684x456/ 16 KB
17 KB 31ms
30ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193525/492x328/0x311x684x456/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0L2Y3YjcyMzU4OWJiMjVhMzQ1ZTNmZWQxM2ZjZTA0NzE2LmpwZWc.webp?v=1619664862-l0u5Qc_1SaC0DowTXFDlPjKJtrjhJya_S9UER4jWeIo
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32288afbbd582a50540b8ff709114b8ecc273d16be5364e4e5e0ad9f8904630a

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: b24a3fa8-89e3-46ba-b7e3-f05fc6098088
Age: 148254
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 16692
cf-request-id: 09bd25954600000c5d4c174000000001
Last-Modified: Wed, 10 Feb 2021 07:15:18 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecede980c5d-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzRlODVkMWNkOWEzZTVmYmNlMGViM2QwOWZiNjU3ODM4LmpwZWc.webp
s-img.mgid.com/g/8193526/492x328/0x26x798x532/ 19 KB
19 KB 22ms
22ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193526/492x328/0x26x798x532/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzRlODVkMWNkOWEzZTVmYmNlMGViM2QwOWZiNjU3ODM4LmpwZWc.webp?v=1619664862-i24cU3cNskkaJbqq4gLxCCINQtI9KGsS-RYiVxKl9kU
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8882124ecc46145f8dd2c4723888f2510a0ef0fc2ad527786b21b7ea6801361a

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 8fea146d-5f32-416a-91f4-6c42749277a5
Age: 508510
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 19080
cf-request-id: 09bd25954a00001ed63131b000000001
Last-Modified: Wed, 10 Feb 2021 07:15:55 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecedd571ed6-AMS

GET
H/1.1 200
OK aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTAyLzEwMTkyNC9lOTYxYTZkMTdlOWFjNTE4N...
s-img.mgid.com/g/8164853/492x328/-/ 8 KB
9 KB 24ms
23ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164853/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTAyLzEwMTkyNC9lOTYxYTZkMTdlOWFjNTE4Njg5MzQwZTVmMzJhZjcwNy5qcGc.webp?v=1619664862-FvqcMZsr0QAU9OoWd0aczW-ZEeuaLZfEMtv4O1SAV6I
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f59e7ae8d406307c55571fc0f090138ed57825217bc4e5f83898a325bbed9301

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 81d2c8e6-17e6-426f-952d-6cc9e1eef061
Age: 478566
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 8184
cf-request-id: 09bd25955800001fe64da83000000001
Last-Modified: Mon, 08 Feb 2021 10:20:50 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753eceff801fe6-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDIvMTAxOTI0LzZhY2MwZWM3MWNiNDAyMDM4ZDU5YTlkMGE3MzE5MzAyLnBuZw.webp
s-img.mgid.com/g/8193514/492x328/0x351x1081x720/ 18 KB
19 KB 27ms
27ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193514/492x328/0x351x1081x720/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDIvMTAxOTI0LzZhY2MwZWM3MWNiNDAyMDM4ZDU5YTlkMGE3MzE5MzAyLnBuZw.webp?v=1619664862-075rdON-E2SeFhNAtUsIDXkNK9Oc4lOJ_3lSkjaWiWU
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0da3a3869363d9926622d73c6aae93fdc53edfd65915bdcc811702c3f6907ea

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 6c2f3b55-33b1-4f7b-9f8e-268d941129ca
Age: 480604
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 18782
cf-request-id: 09bd2595580000c7619b23e000000001
Last-Modified: Wed, 10 Feb 2021 07:15:57 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecef883c761-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC9hY2JhYmRlMmRjNTkzODFkMzAyYzhkMmM4ODEyOWE2Ny5qcGc.webp
s-img.mgid.com/g/8164889/492x328/0x124x565x376/ 18 KB
18 KB 21ms
21ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164889/492x328/0x124x565x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC9hY2JhYmRlMmRjNTkzODFkMzAyYzhkMmM4ODEyOWE2Ny5qcGc.webp?v=1619664862-OP-2VLDau7GQ8mYVvdtnHYhjAZIinBjyyic4c-WYKFY
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9147e56702cac804cff4b646db96efe455be370caeba029965acd0f375d00da1

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 6944668c-217d-4fdb-9afb-4c51a4138d68
Age: 508967
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 18200
cf-request-id: 09bd259562000000ba67ae5000000001
Last-Modified: Mon, 08 Feb 2021 10:20:16 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecf0d1700ba-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTgtMTItMTUvMTAxOTI0LzBhMjAzZTJkY2RhYjY4MTJhZGFjNjU0MTUyNjUzZjFhLmpwZz90PTE1NDQ5Mzc4OTE5NjE.webp
s-img.mgid.com/g/8193535/492x328/0x43x1003x668/ 11 KB
12 KB 24ms
24ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193535/492x328/0x43x1003x668/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTgtMTItMTUvMTAxOTI0LzBhMjAzZTJkY2RhYjY4MTJhZGFjNjU0MTUyNjUzZjFhLmpwZz90PTE1NDQ5Mzc4OTE5NjE.webp?v=1619664862-igLSEm1ijJbbQ0ejCoXPN4XoAojWdwLfhyzc3-EFoms
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5e5f8d32022c3946a1d9b047f843d4329e61a8c50ab0791bb18f5be78e37139

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: e11556ee-e40e-4c7b-9b13-19afbc809c73
Age: 491127
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 11604
cf-request-id: 09bd25956500001ed6df100000000001
Last-Modified: Wed, 10 Feb 2021 07:16:01 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecf0d791ed6-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0LzlmYTIzMDQ1MzdhMzUwMmEwZjcxM2U5MTVmMjlkNmE1LnBuZw.webp
s-img.mgid.com/g/8164914/492x328/0x267x552x368/ 11 KB
11 KB 21ms
21ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164914/492x328/0x267x552x368/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0LzlmYTIzMDQ1MzdhMzUwMmEwZjcxM2U5MTVmMjlkNmE1LnBuZw.webp?v=1619664862-otV8okuLKFNRNsblIB8CbXt3yHe7lS1_Z2cq_LzmeKw
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a7925cc7b40a9ac25b0c24578d98ad8548e5bf82cb7da9e91b1dbe59a53d0fa

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: a4e8e6c7-11a0-4fde-a766-694e16d732bb
Age: 73906
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 10752
cf-request-id: 09bd25956700004c3e6d00f000000001
Last-Modified: Mon, 08 Feb 2021 10:20:18 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecf0cc54c3e-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTEvMTAxOTI0L2E0YThhNzhlNzBiMGMxMDNlZjMzYTU1OTNmMzIwZTUwLmpwZw.webp
s-img.mgid.com/g/8164857/492x328/0x89x1080x720/ 8 KB
9 KB 22ms
22ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8164857/492x328/0x89x1080x720/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTEvMTAxOTI0L2E0YThhNzhlNzBiMGMxMDNlZjMzYTU1OTNmMzIwZTUwLmpwZw.webp?v=1619664862-oUkCxvrYmChJeim-bh00owAAeysTVpZXK74DBGbz4DQ
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfa81932a2ad47de588692d49c7f3999458e34703c82fcd66d78e1f51a582445

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: 939f44d7-b7e2-4e32-89c0-a9f09df59f3d
Age: 503841
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 8092
cf-request-id: 09bd25956a00000c5d5f3b2000000001
Last-Modified: Fri, 16 Apr 2021 17:53:12 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecf0ec80c5d-AMS

GET
H/1.1 200
OK aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTEvMTAxOTI0LzczMjI1OWY5OWJmNWI0MTEyYWQzNTNiMWRjMGFhYmViLmpwZw.webp
s-img.mgid.com/g/8193490/492x328/0x0x1080x720/ 17 KB
17 KB 22ms
21ms Image
image/webp 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s-img.mgid.com/g/8193490/492x328/0x0x1080x720/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTEvMTAxOTI0LzczMjI1OWY5OWJmNWI0MTEyYWQzNTNiMWRjMGFhYmViLmpwZw.webp?v=1619664862-vNNxVIau2dasQOoLrcoFohg5c6HGynB8xOOsMegmfAo
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 959ca5f75c57707cd6e6c0553cf7d92c9c817b34fe9917c3b43c077ea706d1d8

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
CF-Cache-Status: HIT
X-Mg-Request-UUID: df7c623c-032f-4485-a2d1-40f3034dea6d
Age: 493395
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 17108
cf-request-id: 09bd25957000001fe6003a5000000001
Last-Modified: Mon, 12 Apr 2021 16:19:38 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: immutable, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 64753ecf1fa01fe6-AMS

GET
H/1.1

200
OK

Cookie set request.php Show response
ad.ad-srv.net/ Frame 829A
Redirect Chain

https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D23449...
https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D23449...

4 KB
3 KB

107ms
54ms

Document
text/html

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Requested by: Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 617843bf45dd6adeb94d3def181cb8041262ee9a98cff26055fd5a2de5c975d5

Request headers

Host: ad.ad-srv.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: u8x7eovwf3h6_uid=5f376131c5ee4f72
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 29 Apr 2021 03:54:22 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: u8x7eovwf3h6_uid=5f376131c5ee4f72; expires=Wed, 28-Jul-2021 02:54:22 GMT; Max-Age=7776000; path=/; domain=.ad-srv.net; secure; SameSite=None
X-NEORY-SubId: 47935800015636201319921011579003
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2156
Connection: close
Content-Type: text/html; charset=utf-8

Redirect headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 29 Apr 2021 03:54:22 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: u8x7eovwf3h6_uid=5f376131c5ee4f72; expires=Wed, 28-Jul-2021 02:54:22 GMT; Max-Age=7776000; path=/; domain=.ad-srv.net; secure; SameSite=None
Location: request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 28FD 49 B
330 B 111ms
42ms Image
image/gif 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=7299460739826766153&node_id=2630&exch_id=4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:16 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x76, zrh-bidder-x144
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 29 Apr 2021 02:54:15 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 28FD 43 B
359 B 84ms
33ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=7299460739826766153&v3=746345&v4=5637254&v5=7515751&mt_nsync=1&no_attr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3660 495c301 master cdg-pixel-x6 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: MT3 3660 495c301 master cdg-pixel-x6
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 29 Apr 2021 02:55:42 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 28FD 49 B
330 B 104ms
35ms Image
image/gif 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=7299460739826766153&st=5637254&time=1619664862&nodeid=2630
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=3154263325&adf=2134521068&pi=t.ma~as.7369695346&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=748x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862065&bpp=18&bdt=216&idt=74&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5699289229776&frm=20&pv=2&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=167&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=rLhiyvHHvb&p=http%3A//xn--mgbg7b3bdcu.net&dtd=87
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:16 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x65, zrh-bidder-x144
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 29 Apr 2021 02:54:15 GMT

GET
DATA 200
OK truncated
/ Frame 28FD 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d902366976ae937d3ef2670455b05bc6d71b453a2f066619510a811007d3bd9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 89E3 2 KB
1 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:52:28 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 89E3 116 KB
35 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 89E3 13 KB
5 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:18:14 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/ Frame 4CA1 78 KB
20 KB 14ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f69847c4cd262e01258965b0be99eb426892b4423aa65cf1656697bc0a14623

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17023595765794078720/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Mon, 26 Apr 2021 14:53:36 GMT
expires: Tue, 26 Apr 2022 14:53:36 GMT
last-modified: Mon, 26 Apr 2021 09:45:37 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 20802
age: 216046
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 89E3 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cbsku3h-KYOSaC8ucgQeu-b7YDpWeqL5i_fCawscNmujS4LIBEAEgmLGFJmCVAqAB9cOE4wHIAQmpAtmuLAM7WLQ-qAMByAMCqgTkAU_QFDvkhbJzEIzBeM0M9VyL_g1d_8olsSa2zcVLuOy3OMa0tUDJ67ep4xpj6rEu4DkNKzssc8AxAAPhDRKwwQoFOKTCVftwTnWpYHQZ1oi0tKAezGIOTnHNihE-UezDNS9svWOUO0NGUfRrgHLqS42sVZ4morHETQVaW1V8zl2x51LRbGVxzvxSo7y5cQ6urzxq-YDHK-qbdathhE2XvRdOFSJR8bXreb7bg-0wk43tBqbKg8iGqHhocJwIHdkFQpIAEf_QJVttkgvzbK11lO9vsbCIFO_7dPQLnqGxQ86WBskoVMAElOanuOQDkgUECAQYAZIFBAgFGASgBl2AB_O7-5wCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEOOiBtIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi03MTAzNzgxMTMzOTk1NjQ1&sigh=EqartppYcWk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Apr 2021 02:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2501 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmLGmS8Q3WmvaFbedJkBtq73qWoCa48W6SpkdJvJPrtW5jllzmSWqgQ61Y-z5g
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 29 Apr 2021 02:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1503
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ Frame 5321 3 KB
674 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 02:09:23 GMT
server: ESF
date: Thu, 29 Apr 2021 02:54:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
DATA 200
OK truncated
/ Frame 89E3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dcbc69c77addcdf5b3074b6a3faf148a501dadcc93a05a2211efac8e561b18e6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 5321 1 KB
909 B 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:51:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:51:36 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/ Frame 5321 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0fad38c04932f3e71581d5ca798b326778fc0e54e3823de3b0f9eddbef0892e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:37:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7028
x-xss-protection: 0
server: cafe
etag: 12352184217982932987
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:37:37 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 5321 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:52:28 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5321 116 KB
35 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame 5321 13 KB
5 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:18:14 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 5321 0
0 16ms
13ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRKm2VIZVKmthdcq3pcmY7papZGGQURx4PpKRUJAIeE58ESzTGVpVYVvDW9C_WMm5rUB-KQfZ_NkS-iC1O0KjMD5BiGfg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 95e6c1f88e21b7366c50a3f905bff199.js Show response
www.gstatic.com/mysidia/ Frame 5321 25 KB
10 KB 9ms
5ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/95e6c1f88e21b7366c50a3f905bff199.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

173fd00f452c8209f6cebea57cb9a5ab26ab6802ede684468faff558efffd53e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 13:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 12:42:48 GMT
server: sffe
age: 566693
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10548
x-xss-protection: 0
expires: Wed, 21 Jul 2021 13:29:29 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10570631492547592716/ Frame 5321 23 KB
23 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10570631492547592716/downsize_200k_v1?w=600&h=314

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7404093e4ecd80ec2a5dc8f5dc9a658bb6ecbcf4b16f36683b4aa7de093f12c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 10:52:10 GMT
x-content-type-options: nosniff
age: 57732
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23861
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 15:13:08 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Apr 2022 10:52:10 GMT

GET
DATA 200
OK truncated
/ Frame 5321 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5321 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CBJEF3h-KYJysEqr5-gbI-rfwCbu5jKNhxe69sNALv-EeEAEgmLGFJmCVAqABma2v2APIAQmpAtmuLAM7WLQ-qAMByAPLBKoE1QFP0KPkfz-Y-BhtJ9xu3AIRo43esDH8b6XF5q8hxPhEpVNYNYsLHnfZTK1zeZv-A0AFC-CPr5CReIUsTUeP7o7bpB3Pe7FHuiKx2xatlTTV6HrzIuhikpEU4t_sI9Q7PcE7NLF8U-C4nnpavgs1ZQXkUliYmTNw-0igHja23VbkqU_bqlVk2GVnANTCzk8M7uEYnIIGayaYyWuouCfrgfYdm3NMcypLpr6V8laI7smGCjYlTuKeroed_SDSJHxmN1G7-fZYdaguj4xfrvRcqPQvVmeUY9bABPWDsez5ApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeG8t0lqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEIqIF9IICQiA4YAQEAEYH4AKAcgLAbgTiCfYEw2IFAqyFxoKGAgAEhRwdWItNzEwMzc4MTEzMzk5NTY0NQ&sigh=uT65V7nhZhM&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Apr 2021 02:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 css
fonts.googleapis.com/ Frame 4CA1 4 KB
617 B 24ms
22ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:regular,500

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 02:18:34 GMT
server: ESF
date: Thu, 29 Apr 2021 02:54:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4CA1 16 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 17:09:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35097
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 29 Apr 2021 17:09:25 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4CA1 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 23:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13401
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 29 Apr 2021 23:11:01 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 990F 1 KB
749 B 19ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Apr 2021 03:14:09 GMT
expires: Thu, 29 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 85213
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5321 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: faa5a61083c6ee65a9b5b72bd221babf657454ae2de73c216093d0716785d0ca

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 5321 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 4940
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:32:02 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 5321 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:31:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 4971
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:31:31 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2501
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
13ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=90&slotname=7369695346&adk=2369147527&adf=119329734&pi=t.ma~as.7369695346&w=1024&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=2&psa=0&format=1024x90&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=2&wgl=1&dt=1619664862083&bpp=2&bdt=233&idt=76&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=748x90&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=288&ady=2608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=MJwoqKV7mM&p=http%3A//xn--mgbg7b3bdcu.net&dtd=78

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmLGmS8Q3WmvaFbedJkBtq73qWoCa48W6SpkdJvJPrtW5jllzmSWqgQ61Y-z5g
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Apr 2021 02:54:22 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 29-Apr-2021 03:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Apr 2021 02:54:22 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 4CA1 15 KB
15 KB 19ms
17ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 4250
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:43:32 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 4CA1 16 KB
16 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 00:12:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 182531
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
expires: Wed, 27 Apr 2022 00:12:11 GMT

GET
H/1.1 200
OK viewability Show response
ad3.ad-srv.net/ Frame 829A 0
150 B 92ms
27ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad3.ad-srv.net/viewability?s=47935800015636201319921011579003&a=a0fa2162&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

Cookie set request.php Show response
ad.ad-srv.net/ Frame 7A48
Redirect Chain

https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpq...
https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpq...

4 KB
2 KB

107ms
55ms

Document
text/html

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 58cb5febe0f0fb7f3cabc9d26978c66df40b6c33540c8c928b0dd4062bbdafe4

Request headers

Host: ad.ad-srv.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: u8x7eovwf3h6_uid=5f376131c5ee4f72; v0rur7gqspb3_uid=51d77f9889a408ff
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 29 Apr 2021 03:54:22 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: v0rur7gqspb3_uid=51d77f9889a408ff; expires=Wed, 28-Jul-2021 02:54:22 GMT; Max-Age=7776000; path=/; domain=.ad-srv.net; secure; SameSite=None
X-NEORY-SubId: 59283500015636301649445011579003
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1390
Connection: close
Content-Type: text/html; charset=utf-8

Redirect headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 29 Apr 2021 03:54:22 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: v0rur7gqspb3_uid=51d77f9889a408ff; expires=Wed, 28-Jul-2021 02:54:22 GMT; Max-Age=7776000; path=/; domain=.ad-srv.net; secure; SameSite=None
Location: request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 829A 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame 829A 851 B
1 KB 89ms
21ms Script
application/javascript 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7299460739826766153%26mt_id%3D7515751%26mt_adid%3D234495%26mt_sid%3D5637254%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_cid%3Dcad9608a-1fde-4e01-b711-6422da992507%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC9MuW3h-KYMOMC4vZgQfUwo2wD7fCntVc29nS9cULwI23ARABIABglQKCARdjYS1wdWItNzEwMzc4MTEzMzk5NTY0NaAB4OqZ7APIAQmoAwGqBM0BT9Cf0zFpQod3XBDPSbZ2S0Gvlslyi0dyankjGl5VSYwa_BRnCcjLqCxyOsWajnf5tabqqwL4kh0HqrVoBlG6egdh3zSGDT1rPyIFl1t1OKKGmoGq3a-A8-qN6Y-ZMLy-H1xM1gpZaybpyLJeTRH7SHJLvsDbVUQ48ax6AO3bQFq0sUQPM_ZfUnmUKIvHYNZalW-0o60HdZA5_z_eLXCQrJfL-PQPQ37gEhiEqd-W_CquQgR27uGSxBMPGgIvv-ajxROJWdW8hy6BmsOZxIAGg_7i2OeCwPE-oAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_1_vBaJ7EfMWsyeq-STXfoxAejLeA%2526client%253Dca-pub-7103781133995645%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.kaspersky.de%2F%26redirect%3D&subid=5637254_7299460739826766153&random=7299460739826766153&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:adx&extVar[]=MM_DOM_RTB:xn--mgbg7b3bdcu.net&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7103781133995645%26output%3Dhtml%26h%3D90%26slotname%3D7369695346%26adk%3D3154263325%26adf%3D2134521068%26pi%3Dt.ma~as.7369695346%26w%3D748%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1619664862%26rafmt%3D2%26psa%3D0%26format%3D748x90%26url%3Dhttp%253A%252F%252Fxn--mgbg7b3bdcu.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D2%26wgl%3D1%26dt%3D1619664862065%26bpp%3D18%26bdt%3D216%26idt%3D74%26shv%3Dr20210426%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5699289229776%26frm%3D20%26pv%3D2%26ga_vid%3D421693466.1619664862%26ga_sid%3D1619664862%26ga_hid%3D2083578810%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D554%26ady%3D167%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31060828%26oid%3D2%26pvsid%3D1428278581336266%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3Do%257Co%257CeE%257C%26abl%3DNS%26pfx%3D0%26fu%3D128%26bc%3D23%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26xpc%3DrLhiyvHHvb%26p%3Dhttp%253A%2F%2Fxn--mgbg7b3bdcu.net%26dtd%3D87&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttp%3A%2F%2Fxn--mgbg7b3bdcu.net&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:22 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 dpixel
cms.quantserve.com/ Frame 990F 35 B
463 B 26ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGnh1xVxunGJxAfbh0uKrhI&google_cver=1&google_push=AQvitUIgPbRNhnOAIMpAOwEvhbjotwfl8x4subxpBo_hSUuqSpW_4E1W69hDrrLOc7jmXtAxj-YoWoxKXOZOMCCT4FYvn-NefDQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 990F
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEK-v_yhcLQF4YT8IAj2sXgQ&google_cver=1&google_push=AQvitUJY1B58_ECUV7jCjB61CfwiCygVBnlSRX89_ZiIxy-zvliGh_K6i5oDUqDK7Tjx0G3nx-ZnLe8qjsnZLTmSBi0oDfCnnw
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJY1B58_ECUV7jCjB61CfwiCygVBnlSRX89_ZiIxy-zvliGh_K6i5oDUqDK7Tjx0G3nx-ZnLe8qjsnZLTmSBi0oDfCnnw&google_hm=Q0FFU0VLLXZfeWhjTFFGNFl...

170 B
188 B

63ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJY1B58_ECUV7jCjB61CfwiCygVBnlSRX89_ZiIxy-zvliGh_K6i5oDUqDK7Tjx0G3nx-ZnLe8qjsnZLTmSBi0oDfCnnw&google_hm=Q0FFU0VLLXZfeWhjTFFGNFlUOElBajJzWGdR

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJY1B58_ECUV7jCjB61CfwiCygVBnlSRX89_ZiIxy-zvliGh_K6i5oDUqDK7Tjx0G3nx-ZnLe8qjsnZLTmSBi0oDfCnnw&google_hm=Q0FFU0VLLXZfeWhjTFFGNFlUOElBajJzWGdR
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 990F 43 B
324 B 58ms
21ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEJflObYZmFUXM4GvFgIVmKo&google_push=AQvitUIOtPLL29fhncTh71T2p9VVBWi-Xy-pNM_BQ6rtJj5INhQDjRvLm4xWkHUoQf9WkRaAG2ApfnaPfhNbKIBfnu1X7-IhSsk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=4042754873&adf=3817302893&pi=t.aa~a.3805137957~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0&nras=2&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=OvcvGDdlxG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=17
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 990F
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEPvpiq_J-cIkPpOo2dSkyVM&google_cver=1&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs
https://rtb.openx.net/sync/dds?google_gid=CAESEPvpiq_J-cIkPpOo2dSkyVM&google_cver=1&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs&google_hm=x2TFuJmCw6ohvkTPy_tM2A==

170 B
188 B

64ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs&google_hm=x2TFuJmCw6ohvkTPy_tM2A==

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPsgLqkrrWOMIxvDetF2Xt9K_ESgxJaUvSR03hVMP2aTE4zEL8FS3bNNLyUoisLUY6eEsQ4_DK1aHT5r-yTMJW9mYWNPs&google_hm=x2TFuJmCw6ohvkTPy_tM2A==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: htla7le48i88bvjubqd6h4m0sr1qg2b2

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 990F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULLtx6YSHss61e2TQmNq94VAa6ZjDQrLKaECDtUSzM341DwEPpenTiwbbSuptg4duWZOcz5axmoBmhxVUai09IqyqXpxGQ

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULLtx6YSHss61e2TQmNq94VAa6ZjDQrLKaECDtUSzM341DwEPpenTiwbbSuptg4duWZOcz5axmoBmhxVUai09IqyqXpxGQ
Date: Thu, 29 Apr 2021 02:54:22 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 990F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDGcVXV8jBmD8DfTPBB40xI&google_cver=1&google_push=AQvitUIve4uqM30Ai4ISn93jFHIJUyuz-qTvXa4AMZqd_2NwsVSPeXXIcacVDVEu_MtXKgLKALr...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySEEtTy1MWU4=&google_push=AQvitUIve4uqM30Ai4ISn93jFHIJUyuz-qTvXa4AMZqd_2NwsVSPeXXIcacVDVEu_MtXKgLKALrh_2r6qK38foMbh1p7rZnJCkE

170 B
188 B

62ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySEEtTy1MWU4=&google_push=AQvitUIve4uqM30Ai4ISn93jFHIJUyuz-qTvXa4AMZqd_2NwsVSPeXXIcacVDVEu_MtXKgLKALrh_2r6qK38foMbh1p7rZnJCkE

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySEEtTy1MWU4=&google_push=AQvitUIve4uqM30Ai4ISn93jFHIJUyuz-qTvXa4AMZqd_2NwsVSPeXXIcacVDVEu_MtXKgLKALrh_2r6qK38foMbh1p7rZnJCkE
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 990F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUKKfkpbmBznRdlJ9lWAZkwwvrdO0lsv0dBN7h5n9HgR_eWlOF1rk9Z-XbqS1mjT3O7TQibN_ERdic5GEAgZUa...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUKKfkpbmBznRdlJ9lWAZkwwvrdO0lsv0dBN7h5n9HgR_eWlOF1rk9Z-XbqS1mjT3O7TQibN_ERdic5GEAgZUarWwhNPeA&google_cver=1&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUKKfkpbmBznRdlJ9lWAZkwwvrdO0lsv0dBN7h5n9HgR_eWlOF1rk9Z-XbqS1mjT3O7TQibN_ERdic5GEAgZUarWwhNPeA&google_cver=1&google_gid=CAESEBSFbOiAQ768jRmNr3kqbrQ
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 458
Expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 990F 0
236 B 88ms
30ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I0dH4cUhJKcDaheBj8UC77Y8L7IARObIscAzd8F8p0tMFPMACo6xX2aO4jUrO0EcZtWY2y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js Show response
pagead2.googlesyndication.com/bg/ Frame E9BC 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

903464b17d96c387bfc4d0a5032201b780d3b4c2f80c6920cf39036acd4dee01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 18:31:12 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 30190
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5651
x-xss-protection: 0
expires: Thu, 28 Apr 2022 18:31:12 GMT

GET
H3-29 200 logo-image_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/ Frame 4CA1 19 KB
19 KB 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/logo-image_2.png

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c46ffac94f706a339bdaeb317eae487927f92eee049536b8b78f4bd363d45542

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 216046
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18959
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 09:45:37 GMT
server: sffe
date: Mon, 26 Apr 2021 14:53:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Apr 2022 14:53:36 GMT

GET
H3-29 200 product-image_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/ Frame 4CA1 68 KB
68 KB 8ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/product-image_1.png

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d635819a861c623171075887a8818d26c20aa290737e3070abf7c027a583b93c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 216046
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69752
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 09:45:37 GMT
server: sffe
date: Mon, 26 Apr 2021 14:53:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Apr 2022 14:53:36 GMT

GET
DATA 200
OK truncated
/ Frame 4CA1 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 product-image_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/ Frame 4CA1 68 KB
68 KB 6ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/product-image_1.png

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d635819a861c623171075887a8818d26c20aa290737e3070abf7c027a583b93c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 216046
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69752
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 09:45:37 GMT
server: sffe
date: Mon, 26 Apr 2021 14:53:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Apr 2022 14:53:36 GMT

GET
H3-29 200 logo-image_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/ Frame 4CA1 19 KB
19 KB 8ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17023595765794078720/logo-image_2.png

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c46ffac94f706a339bdaeb317eae487927f92eee049536b8b78f4bd363d45542

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 216046
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18959
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 09:45:37 GMT
server: sffe
date: Mon, 26 Apr 2021 14:53:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Apr 2022 14:53:36 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame DAE1 3 KB
578 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.2185563714~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=417&idt=1&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280%2C748x280&nras=4&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4728&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=t6q5tJcs3n&p=http%3A//xn--mgbg7b3bdcu.net&dtd=23

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 02:14:09 GMT
server: ESF
date: Thu, 29 Apr 2021 02:54:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame DAE1 1 KB
909 B 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:51:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:51:36 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/ Frame DAE1 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0fad38c04932f3e71581d5ca798b326778fc0e54e3823de3b0f9eddbef0892e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:37:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7028
x-xss-protection: 0
server: cafe
etag: 12352184217982932987
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:37:37 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame DAE1 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:52:28 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DAE1 116 KB
35 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame DAE1 13 KB
5 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:18:14 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame DAE1 0
0 14ms
14ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSbw0fJiVtoV2GSwuhs9VLZK1rQq8Vk4AyYR8U4Ju9e6gOPGYDIbNiCLmSsCG0lFkw70U81HZDi0--fIQpbhH3G4QdwUg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.2185563714~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=417&idt=1&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280%2C748x280&nras=4&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4728&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=t6q5tJcs3n&p=http%3A//xn--mgbg7b3bdcu.net&dtd=23
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 95e6c1f88e21b7366c50a3f905bff199.js Show response
www.gstatic.com/mysidia/ Frame DAE1 25 KB
10 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/95e6c1f88e21b7366c50a3f905bff199.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

173fd00f452c8209f6cebea57cb9a5ab26ab6802ede684468faff558efffd53e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 13:01:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 00:12:13 GMT
server: sffe
age: 49956
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10548
x-xss-protection: 0
expires: Tue, 27 Jul 2021 13:01:46 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame DAE1 0
0 17ms
16ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0QSW3h-KYKHkEoWQ7gOB0qbADrnO649int-nnd0M2Ky2lYsDEAEgmLGFJmCVAqAB5Ob51wPIAQmpAotlN3R-WbQ-qAMByAPLBKoE2gFP0C6qX9qAJWt1O8K9HSMn5K-mzwnRrhztE7exJAYDIAHjkIkKjfTOgOvrBkQVung7lMrwbhOHM_-YYJXahsKjLqm5h9A4fE2zjk72XZpr_B_f6ZfSm97wbRcOp9-jJCeqXDXJAuzM4XxfwQC7Xek6etBh1sDhNO17RVrNGmO4PYThB6J1Cyi1IiSVGDWt7GEXIIoEDZKvEYEpJri2k6za5VkDkBeNAQJ-HckLA-Wsp4RODQzUewRAiBfPrM48alSNqt_l5hixBSkPpSI9y1HLyxRL1dP9nhCDzsAE3YT_uZQDkgUECAQYAZIFBAgFGASgBi6AB4SZhiioB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQx5EX0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTDYgUAbIXGgoYCAASFHB1Yi03MTAzNzgxMTMzOTk1NjQ1&sigh=KY8bO2YscYo&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=3809598800&adf=4061442901&pi=t.aa~a.2185563714~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=1200x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=417&idt=1&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280%2C748x280&nras=4&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4728&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=t6q5tJcs3n&p=http%3A//xn--mgbg7b3bdcu.net&dtd=23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Apr 2021 02:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/655848276901069315/ Frame DAE1 31 KB
31 KB 12ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/655848276901069315/downsize_200k_v1?w=600&h=314

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f003a17eb48bee52660096c98a630bb1d36d5ae56ca995b196687044cd050318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 07:11:07 GMT
x-content-type-options: nosniff
age: 502995
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31849
x-xss-protection: 0
last-modified: Tue, 25 Aug 2020 14:08:01 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Apr 2022 07:11:07 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14376455096780872051/ Frame DAE1 4 KB
4 KB 11ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14376455096780872051/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcd52f15cbf4f2a39961dca3b69c71cec35244e70ad9089407dbaf0b94d0424e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 05:14:55 GMT
x-content-type-options: nosniff
age: 77967
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4217
x-xss-protection: 0
last-modified: Tue, 25 Aug 2020 14:08:01 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Apr 2022 05:14:55 GMT

GET
DATA 200
OK truncated
/ Frame DAE1 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d5ac3848ce0cc5bac0133c7c40f23e55abfa34550f05aa343aeb375fdacc14c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3B2C 1 KB
749 B 9ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Apr 2021 03:14:09 GMT
expires: Thu, 29 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 85213
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DAE1 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0425297f3f05b5070e80812c4e033ecc3aa3a2b3fd23db71cb210524eab400e0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame DAE1 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 4940
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:32:02 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame DAE1 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:31:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 4971
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:31:31 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame A8DB 3 KB
578 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=774654709&adf=2742576309&pi=t.aa~a.262088325~rp.4&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=748x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280&nras=3&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=2103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=NZ3I63OpKG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=20

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 02:12:02 GMT
server: ESF
date: Thu, 29 Apr 2021 02:54:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame A8DB 1 KB
909 B 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:51:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:51:36 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/ Frame A8DB 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0fad38c04932f3e71581d5ca798b326778fc0e54e3823de3b0f9eddbef0892e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:37:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7028
x-xss-protection: 0
server: cafe
etag: 12352184217982932987
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:37:37 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame A8DB 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:52:28 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A8DB 116 KB
35 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/ Frame A8DB 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210426/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 May 2021 02:18:14 GMT

GET
H3-29 200 95e6c1f88e21b7366c50a3f905bff199.js Show response
www.gstatic.com/mysidia/ Frame A8DB 25 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/95e6c1f88e21b7366c50a3f905bff199.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

173fd00f452c8209f6cebea57cb9a5ab26ab6802ede684468faff558efffd53e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 13:01:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 00:12:13 GMT
server: sffe
age: 49956
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10548
x-xss-protection: 0
expires: Tue, 27 Jul 2021 13:01:46 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame A8DB 0
0 19ms
17ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcTTc3h-KYPDAEvi9x_APg_6kqAbnz-ahYoWWlMf0DJHSrevIGBABIJixhSZglQKgAcSVtOsDyAEJqQKLZTd0flm0PqgDAcgDywSqBNABT9AESDsT_HKaDVgZtt5-ijOl1HRoh1c4doC7AZo9-MDmls5OUcWMDnjZ514d5yV53b50GKkZdOgdeHluZ6r4QrWENvR16D1lba-Q7VBS9w24_L_3uS0eL0-nU6C4uo37S69dIwx-RW1vjl4vVtWzaZZHo_iiN752dcWInz2MzdVis5pT8KPc0VSHYuIQ_RuoKDbuUx_uPK0YiRoPHKdgXQg2X-lB1kNfpjMM_24elK0yMyeT9veRu50Jx3PYycQHkz-d16EXUXakvsUMbGn06cAEnb2z7rADkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB6TqyxSoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQmZoY0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTDYgUAZgWAbIXGgoYCAASFHB1Yi03MTAzNzgxMTMzOTk1NjQ1&sigh=QGjPG88KWf4&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=774654709&adf=2742576309&pi=t.aa~a.262088325~rp.4&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=748x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280&nras=3&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=2103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=NZ3I63OpKG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=20
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Apr 2021 02:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12741811028854893543/ Frame A8DB 10 KB
10 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12741811028854893543/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74861dbeea4f1af236322a6fed52e0acd691bde6a443eaa2c48b39f246435783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 00:58:26 GMT
x-content-type-options: nosniff
age: 179756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9875
x-xss-protection: 0
last-modified: Tue, 19 Jan 2021 13:09:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Apr 2022 00:58:26 GMT

GET
DATA 200
OK truncated
/ Frame A8DB 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF3vZLUTFwHHPb31F4OFOys&google_cver=1&google_push=AQvitUKqaprc_RoOHMUmeKpBsRbbLj0nPlF7eCqD3cVxdwuuh7I94eUeXQ...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKqaprc_RoOHMUmeKpBsRbbLj0nPlF7eCqD3cVxdwuuh7I94eUeXQFfGxvGQVJSASpDlrJ5vpvKr60x-Ypv73srGATO620h8w&google_hm=pkZ2...

170 B
188 B

32ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKqaprc_RoOHMUmeKpBsRbbLj0nPlF7eCqD3cVxdwuuh7I94eUeXQFfGxvGQVJSASpDlrJ5vpvKr60x-Ypv73srGATO620h8w&google_hm=pkZ2rAt_gd7M_urjx_noPw

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUKqaprc_RoOHMUmeKpBsRbbLj0nPlF7eCqD3cVxdwuuh7I94eUeXQFfGxvGQVJSASpDlrJ5vpvKr60x-Ypv73srGATO620h8w&google_hm=pkZ2rAt_gd7M_urjx_noPw
pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUJERmNOq2bqlHS6Ljsa5gmCeNSM5BWBLWBuV_d_3Cwv3gsIZYOkuJCq8TBV3ew0DZ539_4_bgLwNmr9_lkWAmO2sb691kX1&google_gid=CAESEJD5WHvtKnuY37x7CUPlGeU&goo...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCN6_qIQGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BUXZpdFVKRVJtTk9xMmJxbEhTNkxqc2E1Z21DZU5TTTVCV0JMV0J1Vl9kXzNDd3YzZ3NJWllPa3VKQ3E4VEJWM2V3MERaNTM5XzRfYmdMd05tcjlfbG...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWGh6bDRVVThGUldFUXJpNHl4Y1pmTzV0Z3l3YjhLR05XQldXb2dxbXFTNA==&google_push

170 B
188 B

31ms
30ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWGh6bDRVVThGUldFUXJpNHl4Y1pmTzV0Z3l3YjhLR05XQldXb2dxbXFTNA==&google_push

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 29 Apr 2021 02:54:22 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWGh6bDRVVThGUldFUXJpNHl4Y1pmTzV0Z3l3YjhLR05XQldXb2dxbXFTNA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKH7tdV...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKH7tdV...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MjkwMjU0MjM2OTk4NzE2NTMyNTY1NA%3D%3D&google_push=AQvitUKH7tdVlV9-WKrdotUJs-CV1ccMmYZ1Ak5qMTCQN5KeaOjsxp21oDxSn1hK_sxOZL...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MjkwMjU0MjM2OTk4NzE2NTMyNTY1NA%3D%3D&google_push=AQvitUKH7tdVlV9-WKrdotUJs-CV1ccMmYZ1Ak5qMTCQN5KeaOjsxp21oDxSn1hK_sxOZLu3I9Tf0se0HYWXl3LuQff6_9ajDQ50Pw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MjkwMjU0MjM2OTk4NzE2NTMyNTY1NA%3D%3D&google_push=AQvitUKH7tdVlV9-WKrdotUJs-CV1ccMmYZ1Ak5qMTCQN5KeaOjsxp21oDxSn1hK_sxOZLu3I9Tf0se0HYWXl3LuQff6_9ajDQ50Pw
Pragma: no-cache
Date: Thu, 29 Apr 2021 02:54:23 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKYnk8xEeLEQJ65JRF-2aSQ&google_cver=1&google_push=AQvitUJrDJBjRKyy665V0zHlMfsDsK28isrVCS-hDyPcfHXLrhxSPo4UR5NCnkYm-YAXWKoeeHebqiiUcgyQRZBhv0F9-cHQmaPw
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJrDJBjRKyy665V0zHlMfsDsK28isrVCS-hDyPcfHXLrhxSPo4UR5NCnkYm-YAXWKoeeHebqiiUcgyQRZBhv0F9-cHQmaPw&google_hm=x2TFuJmCw6ohvkTPy_tM2A==

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJrDJBjRKyy665V0zHlMfsDsK28isrVCS-hDyPcfHXLrhxSPo4UR5NCnkYm-YAXWKoeeHebqiiUcgyQRZBhv0F9-cHQmaPw&google_hm=x2TFuJmCw6ohvkTPy_tM2A==

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJrDJBjRKyy665V0zHlMfsDsK28isrVCS-hDyPcfHXLrhxSPo4UR5NCnkYm-YAXWKoeeHebqiiUcgyQRZBhv0F9-cHQmaPw&google_hm=x2TFuJmCw6ohvkTPy_tM2A==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: jnh8o50f547famevtf7adv15epmp4ivf

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

37ms
36ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULe2x_9T_eeVYV4OjZSlI1ZYtqcl88avBoz1wv4Gk7ewo8CE-CR10l3EVkjXWG-2kvkycC7ntUC_sndZ1tDCZ3k9StL4rPSVA

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULe2x_9T_eeVYV4OjZSlI1ZYtqcl88avBoz1wv4Gk7ewo8CE-CR10l3EVkjXWG-2kvkycC7ntUC_sndZ1tDCZ3k9StL4rPSVA
Date: Thu, 29 Apr 2021 02:54:21 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHjc3Swokbs8MncZ_CqtysE&google_cver=1&google_push=AQvitUKxDgCL9bv4t5tlAGL1d0CmCgeo7Gxhdn07NyTPXn-FVDc3B8A-Q4yL1dN61jSH1F5vgRa...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySzMtMjYtMVFIRw==&google_push=AQvitUKxDgCL9bv4t5tlAGL1d0CmCgeo7Gxhdn07NyTPXn-FVDc3B8A-Q4yL1dN61jSH1F5vgRaG5z8dIaHHlL4cgFdpuwrplSVr

170 B
188 B

32ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySzMtMjYtMVFIRw==&google_push=AQvitUKxDgCL9bv4t5tlAGL1d0CmCgeo7Gxhdn07NyTPXn-FVDc3B8A-Q4yL1dN61jSH1F5vgRaG5z8dIaHHlL4cgFdpuwrplSVr

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4ySzMtMjYtMVFIRw==&google_push=AQvitUKxDgCL9bv4t5tlAGL1d0CmCgeo7Gxhdn07NyTPXn-FVDc3B8A-Q4yL1dN61jSH1F5vgRaG5z8dIaHHlL4cgFdpuwrplSVr
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3B2C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDxHTeuWy35tC2cN0fKH7RQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_gid=CAESEDxHTeuWy35tC2cN0fKH7RQ&google_push=AQvitUIWmFGyMQ1NN5hCss3HV1C44fYxZ7WncrVZUd1VPvMixhG...

170 B
188 B

33ms
33ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_gid=CAESEDxHTeuWy35tC2cN0fKH7RQ&google_push=AQvitUIWmFGyMQ1NN5hCss3HV1C44fYxZ7WncrVZUd1VPvMixhGs3qz-pBRJH3mCl3Z_zlTltQ9ndkyVbVd0XNz91LFE8lmG7G3X1w&google_cver=1

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_gid=CAESEDxHTeuWy35tC2cN0fKH7RQ&google_push=AQvitUIWmFGyMQ1NN5hCss3HV1C44fYxZ7WncrVZUd1VPvMixhGs3qz-pBRJH3mCl3Z_zlTltQ9ndkyVbVd0XNz91LFE8lmG7G3X1w&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 462
Expires: Thu, 29 Apr 2021 02:54:22 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 3B2C 0
12 B 30ms
29ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LMtKq4wfH2jAuxSRvqmtlffb18ZzOXQgUtW1Sw3FiJb5XNMmaWib96EqJwP8kSXXboj_2a

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:22 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js Show response
pagead2.googlesyndication.com/bg/ Frame 93AA 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

903464b17d96c387bfc4d0a5032201b780d3b4c2f80c6920cf39036acd4dee01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 18:31:12 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 30190
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5651
x-xss-protection: 0
expires: Thu, 28 Apr 2022 18:31:12 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5660 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Apr 2021 03:14:09 GMT
expires: Thu, 29 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 85213
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A8DB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33f4e5f69e0e4e6911818cf1bdd08d8ece49f3b2fb5c6d1e63bebea29967c6cb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame A8DB 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 4940
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:32:02 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame A8DB 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 01:31:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 4971
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 29 Apr 2022 01:31:31 GMT

GET
H2

200

kl_kis_728x90px.gif
media.kaspersky.com/de/affiliates/ Frame 7A48
Redirect Chain

https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=0&pref1=59283500015636301649445011579003
https://media.kaspersky.com/de/affiliates/kl_kis_728x90px.gif

26 KB
26 KB

148ms
87ms

Image
image/gif

185.85.15.23
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/kl_kis_728x90px.gif

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.85.15.23 , Russian Federation, ASN200107 (KL-EXT, RU),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

c9197eb66582a6ba6de2d288af7a6e06eee8e7abff50dadca9313cb03970b965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 23 Sep 2019 13:27:24 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "175229a31272d51:0"
x-frame-options: SAMEORIGIN
content-type: image/gif
x-xss-protection: 1; mode=block
x-server: fr1/MSK8
accept-ranges: bytes
content-length: 26711
date: Thu, 29 Apr 2021 02:54:22 GMT

Redirect headers

Date: Thu, 29 Apr 2021 02:54:23 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/kl_kis_728x90px.gif
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad3.ad-srv.net/ Frame 7A48 0
150 B 79ms
27ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad3.ad-srv.net/viewability?s=59283500015636301649445011579003&a=7069f673&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Cookie set cshow.php Show response
www.awin1.com/ Frame F46A 43 B
704 B 73ms
27ms Document
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=1&pref1=59283500015636301649445011579003

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Host: www.awin1.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad.ad-srv.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.ad-srv.net/

Response headers

Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Content-Type: image/gif
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Content-Length: 43
Date: Thu, 29 Apr 2021 02:54:23 GMT
Connection: keep-alive
Set-Cookie: awpv14098=559379|1619664863|33ab30b0-a896-11eb-9a52-692d096f23ab;domain=.awin1.com;path=/;expires=Thursday, 06-May-2021 02:54:23 UTC;Secure;SameSite=None AWSESS=379082:2519508;domain=.awin1.com;path=/;Secure;SameSite=None
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

GET
DATA 200
OK truncated
/ Frame 7A48 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame 7A48 851 B
1 KB 88ms
21ms Script
application/javascript 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=0c36b3b10840DR9jp4iqh5MYMy7tQMl87a4CoT-QpXkSs5aaW27KMYYhot8uTHsKdTpqZbTwWBSi0Mtcxkz1eVgWbisryb2_jk_hy4r0ZgI_q9q3VSJ4DmVCVyyqgD-X3AosbfMGETIPUbhDzRNlpqbvNGGRRkcBWYGzDYKcTwxAIPlD0N4Dhx1D7MnCQrh0c04CBKPs6IjNXlTZG7RZgFYnA2z0-tUfE92qr7whHj3tEyP2CVsSnqfBTB4BVkVLKfi0R95webaA15Ec4X-FE-6X6H_WdFXk00WUOuQE6ofUi54Mtc-KpEwEWmFHXGn1aJpVV7RV2tkOdWMIBwzm05EX1eock9KyGBISwYhZbJGI59r5NIDtqXXCuz7jnJPIAQbBPUv2A8F0ZbNePZrHDPEMSfuvHv5qYIVnC37wu9TBk2nwYXgl26jm--Esa20QgbDxdK8qD2g99l2ct89LUMV_FUDt-AztJRnIstNTxhjOwHxVx5PXdtsNdDE5xzlJ1TmdcRyH5M-pm9g_P9sNYdJaNPHJTWlmLH2XhymWLL0ZgvCqSDvx3GvDBKyc1ubX8a-XtpaBR0Pe-tqBbzuyxVa6MrXYSGjGMMLao2rK6I0gxVsmTtkarxhkXqsO_kbzalnnYTNspBIqutmvzgT2B3ySpAhX2799y_ZnqzMsiWsfTY6Mw7fkQpe_Og53R76diYcgd7s73InginccgU4ta_-s1K5BoqitqV0u9_MxcmzyJUwfqOunCSKzHxr_Ag2zp2xVv-d_BxNqg2JDcCYiHXRquyoqOEo-xZTLM_DNm2Xh9HITNr&subid=47935800015636201319921011579003&redirectClick=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fpvq2cpwli0uohci%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 02:54:23 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5660
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEF96shKLfd5O8cw8QhcpSP4&google_cver=1&google_push=AQvitUJKpyODB5gLIoWqemhUNIWAYBE7tcyaMR8bDWmuE7ADZE31DIkMFJ...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJKpyODB5gLIoWqemhUNIWAYBE7tcyaMR8bDWmuE7ADZE31DIkMFJlBatU7ySy5F5gVM0z0UkTPuFFKaco-cZGphPqr6fc_&google_hm=pkZ2rA...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJKpyODB5gLIoWqemhUNIWAYBE7tcyaMR8bDWmuE7ADZE31DIkMFJlBatU7ySy5F5gVM0z0UkTPuFFKaco-cZGphPqr6fc_&google_hm=pkZ2rAt_gd7M_urjx_noPw

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJKpyODB5gLIoWqemhUNIWAYBE7tcyaMR8bDWmuE7ADZE31DIkMFJlBatU7ySy5F5gVM0z0UkTPuFFKaco-cZGphPqr6fc_&google_hm=pkZ2rAt_gd7M_urjx_noPw
pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5660
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitULMtIX4Ru9FLyn63Bj1OMk0IJbnmAsfjebDSMz...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUlvZjN3QUFCTXR4OGw4Rw&google_push=AQvitULMtIX4Ru9FLyn63Bj1OMk0IJbnmAsfjebDSMzfR1lCkcAXFt_zFO-6VUGOVUwL7mrpJmZU_t5Wyka4UI7r0fQ8ZW8rJVtV

170 B
188 B

32ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUlvZjN3QUFCTXR4OGw4Rw&google_push=AQvitULMtIX4Ru9FLyn63Bj1OMk0IJbnmAsfjebDSMzfR1lCkcAXFt_zFO-6VUGOVUwL7mrpJmZU_t5Wyka4UI7r0fQ8ZW8rJVtV

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUlvZjN3QUFCTXR4OGw4Rw&google_push=AQvitULMtIX4Ru9FLyn63Bj1OMk0IJbnmAsfjebDSMzfR1lCkcAXFt_zFO-6VUGOVUwL7mrpJmZU_t5Wyka4UI7r0fQ8ZW8rJVtV
Date: Thu, 29 Apr 2021 02:54:23 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5660
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJHq_FtDwH8aDr9q3qF6Qew&google_cver=1&google_push=AQvitULWcOHqgR8HMLJH2F59thb0AogxXBPoV6smHtJOpN1B6tcJaOPi3pKpVHGGHAfRzcgAfmvYfs5OJoH-h7hQHAELXNa6BDE
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULWcOHqgR8HMLJH2F59thb0AogxXBPoV6smHtJOpN1B6tcJaOPi3pKpVHGGHAfRzcgAfmvYfs5OJoH-h7hQHAELXNa6BDE&google_hm=Q0FFU0VKSHFfRnREd0g4YU...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULWcOHqgR8HMLJH2F59thb0AogxXBPoV6smHtJOpN1B6tcJaOPi3pKpVHGGHAfRzcgAfmvYfs5OJoH-h7hQHAELXNa6BDE&google_hm=Q0FFU0VKSHFfRnREd0g4YURyOXEzcUY2UWV3

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 02:54:22 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULWcOHqgR8HMLJH2F59thb0AogxXBPoV6smHtJOpN1B6tcJaOPi3pKpVHGGHAfRzcgAfmvYfs5OJoH-h7hQHAELXNa6BDE&google_hm=Q0FFU0VKSHFfRnREd0g4YURyOXEzcUY2UWV3
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5660
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJBnkqZuUtxjq9JWfhiv4-BLWbRQbbcWJvrWe0DFTQWsC5PW407oirO5tVABzCqpKnX416fVoIdaOkSdkR9AHDGCWW9Wnq5

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=97mbf1e7SCqLPOhlTlVBbg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJBnkqZuUtxjq9JWfhiv4-BLWbRQbbcWJvrWe0DFTQWsC5PW407oirO5tVABzCqpKnX416fVoIdaOkSdkR9AHDGCWW9Wnq5
Date: Thu, 29 Apr 2021 02:54:22 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5660
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBuor7xF1XWbADIcI4CtL2Q&google_cver=1&google_push=AQvitUIlKuCBjPQZVNzuK93ClatyWEzooAA8zX4IxAMEXrzKnM-waXZlg0GUZDHAPumqFEvnPrN...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4yTjQtNS00VUxW&google_push=AQvitUIlKuCBjPQZVNzuK93ClatyWEzooAA8zX4IxAMEXrzKnM-waXZlg0GUZDHAPumqFEvnPrN5O9kO12ZvEyn-0bTr4nbm_O8

170 B
188 B

33ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4yTjQtNS00VUxW&google_push=AQvitUIlKuCBjPQZVNzuK93ClatyWEzooAA8zX4IxAMEXrzKnM-waXZlg0GUZDHAPumqFEvnPrN5O9kO12ZvEyn-0bTr4nbm_O8

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S08yQU4yTjQtNS00VUxW&google_push=AQvitUIlKuCBjPQZVNzuK93ClatyWEzooAA8zX4IxAMEXrzKnM-waXZlg0GUZDHAPumqFEvnPrN5O9kO12ZvEyn-0bTr4nbm_O8
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5660
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBSnp4AJE0Jc2rXgprxPXw8&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUJwLwh7Zz03-QofooNkOf0N5aibZkW_QiFtYLxKYGo9TjgbEhhueqF-iWalnwvWQ2QNnmWdW_fRfa4UiN3OnD...

170 B
188 B

33ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUJwLwh7Zz03-QofooNkOf0N5aibZkW_QiFtYLxKYGo9TjgbEhhueqF-iWalnwvWQ2QNnmWdW_fRfa4UiN3OnDVt4pvVYutS&google_cver=1&google_gid=CAESEBSnp4AJE0Jc2rXgprxPXw8

Requested by

Host: xn--mgbg7b3bdcu.net
URL: http://xn--mgbg7b3bdcu.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 02:54:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YIof3r6OXEBTjpPQos9IdwAABJ8AAAIB&google_push=AQvitUJwLwh7Zz03-QofooNkOf0N5aibZkW_QiFtYLxKYGo9TjgbEhhueqF-iWalnwvWQ2QNnmWdW_fRfa4UiN3OnDVt4pvVYutS&google_cver=1&google_gid=CAESEBSnp4AJE0Jc2rXgprxPXw8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Thu, 29 Apr 2021 02:54:23 GMT

GET
H2 200 trk
ag.innovid.com/ Frame 5660 43 B
296 B 65ms
21ms Image
image/gif 2a05:d01c:1d8:8100:8b5:c204:7431:3191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEHCbhC7uU47-pkUpilzSZHg&google_cver=1&google_push=AQvitUIPMjo6Adz7QA2XUDPwaLPhOmIPfWCF--DRLMprEXq1GSLyRcUavagZ_ph4cD4nvo35pi_JZ1i-QqhuGCFdHBTn6Imw9229
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7103781133995645&output=html&h=280&adk=774654709&adf=2742576309&pi=t.aa~a.262088325~rp.4&w=748&fwrn=4&fwrnh=100&lmt=1619664862&rafmt=1&to=qs&pwprc=7428816843&psa=0&format=748x280&url=http%3A%2F%2Fxn--mgbg7b3bdcu.net%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1619664862266&bpp=1&bdt=416&idt=-M&shv=r20210426&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dde0990c0bb213d64-22596aa2f6c70034%3AT%3D1619664862%3ART%3D1619664862%3AS%3DALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ&prev_fmts=748x90%2C1024x90%2C0x0%2C1200x280&nras=3&correlator=5699289229776&frm=20&pv=1&ga_vid=421693466.1619664862&ga_sid=1619664862&ga_hid=2083578810&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=554&ady=2103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060828&oid=2&pvsid=1428278581336266&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=NZ3I63OpKG&p=http%3A//xn--mgbg7b3bdcu.net&dtd=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:8b5:c204:7431:3191 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5660 0
12 B 30ms
29ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jz1cIvvGLHUTON_VKVoMjrwX_u9V8lH3kc8oSxgLo_P-ndzVY6emV5NhYVA5wx9bmK6YNq

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:23 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js Show response
pagead2.googlesyndication.com/bg/ Frame 982B 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

903464b17d96c387bfc4d0a5032201b780d3b4c2f80c6920cf39036acd4dee01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 18:31:12 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 30191
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5651
x-xss-protection: 0
expires: Thu, 28 Apr 2022 18:31:12 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 9 KB
7 KB 30ms
17ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210426&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97723ae610eb7f89c880c5ab0f96327f4fdedaa1c5d09b41a61aa30ab6a197cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Apr 2021 02:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6958
x-xss-protection: 0

GET
H/1.1 200
OK event.json
recs.engageya.com/rec-api/ 0
90 B 27ms
26ms Image
text/plain 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://recs.engageya.com/rec-api/event.json?irid=e59c7cad-92d4-4804-8401-2fa1e3c71d87&webid=211048&wid=160114&spid=0&tpids=824079231:4&tti=1196&ucc=NL
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:23 GMT
content-length: 0
server: nginx

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 8F04 0
150 B 67ms
24ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=xn--mgbg7b3bdcu.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=xn--mgbg7b3bdcu.net
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 2899
date: Thu, 29 Apr 2021 02:54:22 GMT
content-length: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 29 Apr 2021 02:54:23 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame F577 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 28 Apr 2021 23:28:37 GMT
expires: Thu, 28 Apr 2022 23:28:37 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12346
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6CBB 783 B
533 B 16ms
15ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd9ca6c0e9474b1596ba13d97b37e229d240a0a2ee97a4fda0a5b29d2663b66a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G+xQ0iGVHbkXfB53x0ydKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://xn--mgbg7b3bdcu.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://xn--mgbg7b3bdcu.net/

Response headers

expires: Thu, 29 Apr 2021 02:54:23 GMT
date: Thu, 29 Apr 2021 02:54:23 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-G+xQ0iGVHbkXfB53x0ydKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js Show response
pagead2.googlesyndication.com/bg/ Frame F577 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kDRksX2Ww4e_xNClAyIBt4DTtML4DGkgzzkDas1N7gE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

903464b17d96c387bfc4d0a5032201b780d3b4c2f80c6920cf39036acd4dee01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 18:31:12 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 30191
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5651
x-xss-protection: 0
expires: Thu, 28 Apr 2022 18:31:12 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
14ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210426&jk=1428278581336266&bg=!vb6lvvrNAAZLnZBaS507ACkAdvg8Wrpm_AFuuCh1nghttZ4tG-SGEefX6FdzwSrgYSjL6cX-0hASGwIAAAA_UgAAAAtoAQcKAEpg3sd81JxK6yHHoMVC3ZCnRueIMU7qPXGGixqtzcSLL-DEALErN315OmVmYP7ioq2LCWKJvHeEx2mMhbD0wExnWVCTd0z7qUiLLZkCHhMBj7OLAYYBtRViF4m8Cc-0mGGylPgxKaFv4LlKInqWCK84JFZPWQwQSlQU3laJytqcMB0AwTKLu8ZGHvpuvPayybEPA6Ijq-_Lf5PGVDRaYSD11Cv-TZJRe0NF2MPIwgrzlKvZoJSYzIrznTxMcM121lL7PFkj8-Hk0NG_SSwCYbaCsna5VmSemCobHuSAXrdFslbaqJjesjVrhA6FOIap8x_YO4CHlfayRW9ceq689s8cBd5nDe8UiIiwRfHE4e3cMAS-LGL3FlogU6q3jWCHr5ECphX5CrzbaOU-ZKJTrlIM94RpYZn1r6ANkAPxSAeba2Pv59ToAjh15b5UvFeIRj-_ORZ7q99sIpb05QiT38AflfVX5et9z3wOjrADOeylgL0p5w8NFYnEsjL-rBE9N7yXJtEK49LHxCMjzCipDDlUT9LUWzeYWpQ8m9AiY-mENabFwnM3Fvnp9Ikv3rae2rBC0yFxY0UiwDveHHXEWgjYv_i-VEprC1LOwtF8J20QXk8x6MSyq4gJ7wpVl0acrUNhWavX3PKN_mBjP-RGSiYXSMYYm9ZFUBdNdSr2dLy8IGw58VI1M3Eu_XsQofdxULZaeEOiwzPD7HOjz4ZwOG_669OJlNwa4daYwQrxqeIedzG3BoDms3ut5KRasKkCia8Ro_klrUR8sg-IkGZ9HJIKGn7lp4vOIoHF7i9YbubiTDX8Hd4PW4iKyxSb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://xn--mgbg7b3bdcu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Apr 2021 02:54:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 379082:2519508
.xn--mgbg7b3bdcu.net/	1970-01-20 11:25:36	Name: _ga Value: GA1.2.421693466.1619664862
.ad-srv.net/	1970-01-19 20:04:00	Name: u8x7eovwf3h6_uid Value: 5f376131c5ee4f72
.doubleclick.net/	1970-01-20 03:16:00	Name: IDE Value: AHWqTUlOBxuUXZoFB6-AT7My1RWkttX1D9ThFpU1zq75EdTBv7JSTEfinO_ANoFGxbM
.doubleclick.net/	1970-01-19 17:54:28	Name: DSID Value: NO_DATA
.awin1.com/	1970-01-19 18:04:29	Name: awpv14098 Value: 559379\|1619664863\|33ab30b0-a896-11eb-9a52-692d096f23ab
.ad-srv.net/	1970-01-19 20:04:00	Name: v0rur7gqspb3_uid Value: 51d77f9889a408ff
.xn--mgbg7b3bdcu.net/	1970-01-20 03:16:00	Name: __gads Value: ID=de0990c0bb213d64-22596aa2f6c70034:T=1619664862:RT=1619664862:S=ALNI_Mb4AKa3Ox3fe_d-g13f3K_7BUKMWQ
xn--mgbg7b3bdcu.net/	1970-01-19 17:57:17	Name: qa_key Value: spelmexwylpsf3q08jsezisd2sdnhd0c
.xn--mgbg7b3bdcu.net/	1970-01-19 17:54:24	Name: _gat_gtag_UA_118003504_2 Value: 1
.xn--mgbg7b3bdcu.net/	1970-01-19 17:55:51	Name: _gid Value: GA1.2.943849679.1619664862
xn--mgbg7b3bdcu.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: ce5e790037ca2e18d032549a51f8f682

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.ad-srv.net
ad3.ad-srv.net
adservice.google.com
adservice.google.de
ag.innovid.com
bidder.criteo.com
cdn.contentspread.net
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
g792337340.co
googleads.g.doubleclick.net
gum.criteo.com
id.rlcdn.com
image6.pubmatic.com
images9.engageya.com
media.kaspersky.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.mathtag.com
pixel.rubiconproject.com
recs.engageya.com
rtb.openx.net
s-img.mgid.com
ssum-sec.casalemedia.com
static.criteo.net
stats.g.doubleclick.net
tags.mathtag.com
tpc.googlesyndication.com
widget.engageya.com
widget.postquare.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
xn--mgbg7b3bdcu.net
104.111.239.217
104.19.134.78
138.201.63.117
142.250.185.98
172.217.18.98
178.250.2.131
185.29.133.58
185.64.190.78
185.85.15.23
2.18.233.201
2.18.234.21
2001:4860:4802:36::15
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:801::2003
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2004
2a00:1450:4001:811::2004
2a00:1450:4001:811::200e
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:400c:c0a::9a
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:6c00:28b::3b8d
2a02:26f0:6c00:290::3b8f
2a02:26f0:6c00:2a0::3b8f
2a05:d01c:1d8:8100:8b5:c204:7431:3191
34.98.67.61
35.186.253.211
35.244.174.68
52.28.108.245
54.149.211.134
63.33.127.66
69.173.144.139
85.114.131.233
92.205.13.122
95.142.20.17
029949f470a38199283264cc9827e27d31875c0a91bfa5bc27de509d610affd1
02e4551debbf743ff34d013ba7b0a5440fa88958b9c406105a55612721cba16c
02f4e744bf2d5c62fdf46c942adb8eaeba1cb799c8cbd08c8b3406e3cdf2bb6c
0425297f3f05b5070e80812c4e033ecc3aa3a2b3fd23db71cb210524eab400e0
075c15c5e5b127cfd89b352a4f8e8d615d0abcc80977022ba45ad2032d26f535
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c520384d05689f51e9846895c1f3572c39bc954504d2eed090432c4b08d6d3f
0cbb945ebe2c56e7ce22121d094201a07a38196ddf6d424eac5f0e2bdfacdbde
0cf263a6b7d7b1515ff043483a7c8e3d465466acbbbc6ffcfce78dac396a0d6a
0e242d5baa05b1a00ba6f0e18896dd6604635d501a84f2cb81ec9b35786e37fb
120034900f89db02074d3494748eafd00f7125e94b982f5037eb26b7b6941de0
173fd00f452c8209f6cebea57cb9a5ab26ab6802ede684468faff558efffd53e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1d902366976ae937d3ef2670455b05bc6d71b453a2f066619510a811007d3bd9
1f1c7364ef5f163cddba63301931db5e1eff87ecc1cd2e9704c10c6f92417b54
202984635510749607871fe7743cbdb4908318e86e94822ddc7f8e0920bf80d7
258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da
26322ccb7eda19ff491445b26525a8a30814c6357ddcfa766098a79d3dc10a61
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
32288afbbd582a50540b8ff709114b8ecc273d16be5364e4e5e0ad9f8904630a
33f4e5f69e0e4e6911818cf1bdd08d8ece49f3b2fb5c6d1e63bebea29967c6cb
3617a9959b658629c312c83ba9f437a070060c8e896284218515d6925b449ca0
3d245ce697efb53e117a0ab996a98ca8c677df99b925cea13b428127c0acfc6d
439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c
45741efb5a359d94a28eb92a45ce54db6aa63ad7c12254f19988944165365948
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4aa98956ea3e7c391521fc4a083c57b14526552f8086b8d4b8445cf36b834c4d
4c78d7f75ef039efd8381a69f1acb0ffc5e1a41804f748d9d2199ac085ad1ab9
4d5ac3848ce0cc5bac0133c7c40f23e55abfa34550f05aa343aeb375fdacc14c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
58cb5febe0f0fb7f3cabc9d26978c66df40b6c33540c8c928b0dd4062bbdafe4
59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5b4c355e64440c8b4e77d178a5a70549a4f9c5f85bcb9a0775452b8fc5508df0
5d6908b64e810e421319da0bf6ecf5941b0a050e499056ace7ca8f8af806107b
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f69847c4cd262e01258965b0be99eb426892b4423aa65cf1656697bc0a14623
617843bf45dd6adeb94d3def181cb8041262ee9a98cff26055fd5a2de5c975d5
67d60e82e0290b540551880e0317d1950a2b317c4858d2214a11342f9b036785
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6a1d8020c1cc51f7fd4a5287ba822984c7fe1afabf48559c7d9b01a5f793ee07
6a7925cc7b40a9ac25b0c24578d98ad8548e5bf82cb7da9e91b1dbe59a53d0fa
70988066b7d67b6de494fe2d21e973083158411a0e4a272f0dff37ef9ae0d5ed
714e4b742a1ddc3565cfb472ac59b37a1bc03dd471e5d51a13647bfced2dbf5c
719d5393f1679427b525e07fafe1da265704ed22d1733c2bb32222e3f799920e
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
73991db92a15dad0a560144a65fdaf8621ea00714a0fbcc0034c5af6ba0448f4
74861dbeea4f1af236322a6fed52e0acd691bde6a443eaa2c48b39f246435783
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8882124ecc46145f8dd2c4723888f2510a0ef0fc2ad527786b21b7ea6801361a
89e8c9f38453550ebee24fafe934daad8cc913a3e55b941db1b72a97b49554ac
8bd9ef7089736394c9757075d85b927bd3d14e6790cc39a4a65224e47674899d
903464b17d96c387bfc4d0a5032201b780d3b4c2f80c6920cf39036acd4dee01
9147e56702cac804cff4b646db96efe455be370caeba029965acd0f375d00da1
959ca5f75c57707cd6e6c0553cf7d92c9c817b34fe9917c3b43c077ea706d1d8
97723ae610eb7f89c880c5ab0f96327f4fdedaa1c5d09b41a61aa30ab6a197cb
9890b523125c63685ab6e157e022072740363afb75a023b694cec0b986a25481
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a01d8b7ca6b54b65249b97435040a6202bed90eb499171362fe6b08600791a41
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a99e457aff5e7b529954833cd8a465c5a59abe35acec8180b5f4b45c6fdf8e39
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
af2d1eefa16495893f5cfbed9041d42ba3851f52c117931ae5196f81a5777f7b
af3bf9a23a0c8be21382fb5d8ff05b10f402679d6374c4410772ac0dfc76ce93
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b161e93529afd591967447b7bc2d3a45db033bf483ced61e550864a12cbd42b9
b39b55f8696f4865e79b1ba6e61c5d287c670c2697af851e416983a45c990063
b4732cf5a10c079b3240d1b05f4e517003a06d2bad56056bd2ef7755ca83af53
b4ef3a11367a47a75f7cb4ed6e944472d190c86813cd2ffdb04a32358dc4e799
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3
b813b0dc2bc80e9bfd7a8e0c604ae81d21e375e3a01f6e183804f9d3e97f0f17
b8c3f71afbeeed7e2dd4c4f436a8f1b75b8cc09a9849ef2f842016500d0f4788
ba2c3f3d797cb7e748d90b7f71d225a3021818b504162c9fea41706477e986b4
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c46ffac94f706a339bdaeb317eae487927f92eee049536b8b78f4bd363d45542
c47f634d796769edc25c5e834a7cae43d2448ce1722a2eabb0a875a586477301
c5cdf964af96880050ef7bc9d9a9a68f190b86a387afac401c4922fb1e68198f
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c7404093e4ecd80ec2a5dc8f5dc9a658bb6ecbcf4b16f36683b4aa7de093f12c
c76a6cc9369273b7e5f07285be49006b00775eefeefd725334e4235c4c29c9cf
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d
c9197eb66582a6ba6de2d288af7a6e06eee8e7abff50dadca9313cb03970b965
ca24e2680f2545b64cfd196089e9e5ac5a3b6c9eec852492210239bb07402904
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf10a3f6fdcb1babbab751e304b4cffca3ccbc67ec9090fe0a529e07211a1b08
d2670f2fe3b29d8d3ff053b91b09b393dcc783bc3e42baeb54606072695755a8
d5e5f8d32022c3946a1d9b047f843d4329e61a8c50ab0791bb18f5be78e37139
d635819a861c623171075887a8818d26c20aa290737e3070abf7c027a583b93c
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
dac38b4b5c070b298e1d24f9118905724a535dc9d82aae8b06f496462b3ba9ae
dcbc69c77addcdf5b3074b6a3faf148a501dadcc93a05a2211efac8e561b18e6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfa81932a2ad47de588692d49c7f3999458e34703c82fcd66d78e1f51a582445
e008cb52a651c7b98f9f0f4c10b962fc69a37be69bb24f14bac03159bdb1c15f
e0fad38c04932f3e71581d5ca798b326778fc0e54e3823de3b0f9eddbef0892e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5d13a315184e4cc69d5c495682f8e5539478b0f7331165dc63e9aa4f224add0
ea200b901c3de7db8ef78a2c4d9dcf57511eafd76f2cc475b10bada5dcf69225
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f003a17eb48bee52660096c98a630bb1d36d5ae56ca995b196687044cd050318
f0ad466a3d91ec9a1782a0b6b229125e0621e67600d875e99e71d8dd7e198328
f0da3a3869363d9926622d73c6aae93fdc53edfd65915bdcc811702c3f6907ea
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f59e7ae8d406307c55571fc0f090138ed57825217bc4e5f83898a325bbed9301
faa5a61083c6ee65a9b5b72bd221babf657454ae2de73c216093d0716785d0ca
fbe28a1b807c1e7e6c98e4c5900817dc26fe9ee04cd549d97c9cdb057003ab78
fcd52f15cbf4f2a39961dca3b69c71cec35244e70ad9089407dbaf0b94d0424e
fd9ca6c0e9474b1596ba13d97b37e229d240a0a2ee97a4fda0a5b29d2663b66a
ff8c6a4c5ee5623df035054980bd6967516764fcaa6ef582c5c78e25bc2f90a1

xn--mgbg7b3bdcu.net Open in urlscan Pro Puny معلومات.net IDN 92.205.13.122 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

186 Requests

73 %HTTPS

54 %IPv6

33 Domains

44 Subdomains

39 IPs

8 Countries

1819 kBTransfer

3467 kBSize

12 Cookies

27 Outgoing links

Redirected requests

186 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

xn--mgbg7b3bdcu.net Open in urlscan Pro Puny
معلومات.net IDN
92.205.13.122 Public Scan

Screenshot
Live screenshot

Full Image

186
Requests

73 %
HTTPS

54 %
IPv6

33
Domains

44
Subdomains

39
IPs

8
Countries

1819 kB
Transfer

3467 kB
Size

12
Cookies

186 HTTP transactions
11 data transactions